diff --git a/.doctrees/environment.pickle b/.doctrees/environment.pickle
index 19b00c900..70f25f207 100644
Binary files a/.doctrees/environment.pickle and b/.doctrees/environment.pickle differ
diff --git a/.doctrees/fn_algosec/README.doctree b/.doctrees/fn_algosec/README.doctree
new file mode 100644
index 000000000..f90e67be9
Binary files /dev/null and b/.doctrees/fn_algosec/README.doctree differ
diff --git a/.doctrees/fn_pa_panorama/README.doctree b/.doctrees/fn_pa_panorama/README.doctree
index fa9c49f58..9b61895a8 100644
Binary files a/.doctrees/fn_pa_panorama/README.doctree and b/.doctrees/fn_pa_panorama/README.doctree differ
diff --git a/.doctrees/fn_sep/README.doctree b/.doctrees/fn_sep/README.doctree
index 20970abe6..41709748f 100644
Binary files a/.doctrees/fn_sep/README.doctree and b/.doctrees/fn_sep/README.doctree differ
diff --git a/.doctrees/fn_soar_utils/README.doctree b/.doctrees/fn_soar_utils/README.doctree
index 0fa4c20d9..bc1d97cba 100644
Binary files a/.doctrees/fn_soar_utils/README.doctree and b/.doctrees/fn_soar_utils/README.doctree differ
diff --git a/.doctrees/fn_sumo_logic/README.doctree b/.doctrees/fn_sumo_logic/README.doctree
new file mode 100644
index 000000000..b69221626
Binary files /dev/null and b/.doctrees/fn_sumo_logic/README.doctree differ
diff --git a/.doctrees/fn_urlhaus/README.doctree b/.doctrees/fn_urlhaus/README.doctree
index 8e30a7043..021325e68 100644
Binary files a/.doctrees/fn_urlhaus/README.doctree and b/.doctrees/fn_urlhaus/README.doctree differ
diff --git a/.doctrees/fn_whois_rdap/README.doctree b/.doctrees/fn_whois_rdap/README.doctree
index f367572e6..a4e7f852f 100644
Binary files a/.doctrees/fn_whois_rdap/README.doctree and b/.doctrees/fn_whois_rdap/README.doctree differ
diff --git a/.doctrees/index.doctree b/.doctrees/index.doctree
index 71a10d574..d1e40dd35 100644
Binary files a/.doctrees/index.doctree and b/.doctrees/index.doctree differ
diff --git a/.environments/README.html b/.environments/README.html
index 60deeabbc..2984fdbdb 100644
--- a/.environments/README.html
+++ b/.environments/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/.helper-scripts/mirror-containers/README.html b/.helper-scripts/mirror-containers/README.html
index 10bc76899..8a629adf0 100644
--- a/.helper-scripts/mirror-containers/README.html
+++ b/.helper-scripts/mirror-containers/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/.helper-scripts/soar-python-search-utility/README.html b/.helper-scripts/soar-python-search-utility/README.html
index 94a065be5..6dcf06ac9 100644
--- a/.helper-scripts/soar-python-search-utility/README.html
+++ b/.helper-scripts/soar-python-search-utility/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/.scripts/refresh_all_apps/README.html b/.scripts/refresh_all_apps/README.html
index 9b66baefc..89b5f0586 100644
--- a/.scripts/refresh_all_apps/README.html
+++ b/.scripts/refresh_all_apps/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/_images/custom_layouts.png b/_images/custom_layouts.png
index d072bcad5..ea13787ca 100644
Binary files a/_images/custom_layouts.png and b/_images/custom_layouts.png differ
diff --git a/_images/custom_layouts1.png b/_images/custom_layouts1.png
index bc316b784..d072bcad5 100644
Binary files a/_images/custom_layouts1.png and b/_images/custom_layouts1.png differ
diff --git a/_images/custom_layouts10.png b/_images/custom_layouts10.png
index 4859a30e0..23dc5eade 100644
Binary files a/_images/custom_layouts10.png and b/_images/custom_layouts10.png differ
diff --git a/_images/custom_layouts11.png b/_images/custom_layouts11.png
index 98fe73ed8..4859a30e0 100644
Binary files a/_images/custom_layouts11.png and b/_images/custom_layouts11.png differ
diff --git a/_images/custom_layouts12.png b/_images/custom_layouts12.png
index ae9f0cac9..98fe73ed8 100644
Binary files a/_images/custom_layouts12.png and b/_images/custom_layouts12.png differ
diff --git a/_images/custom_layouts13.png b/_images/custom_layouts13.png
index 39b149157..ae9f0cac9 100644
Binary files a/_images/custom_layouts13.png and b/_images/custom_layouts13.png differ
diff --git a/_images/custom_layouts14.png b/_images/custom_layouts14.png
index 6a3a36d3d..39b149157 100644
Binary files a/_images/custom_layouts14.png and b/_images/custom_layouts14.png differ
diff --git a/_images/custom_layouts15.png b/_images/custom_layouts15.png
index ea1a5baae..6a3a36d3d 100644
Binary files a/_images/custom_layouts15.png and b/_images/custom_layouts15.png differ
diff --git a/_images/custom_layouts16.png b/_images/custom_layouts16.png
index 11cd00a92..ea1a5baae 100644
Binary files a/_images/custom_layouts16.png and b/_images/custom_layouts16.png differ
diff --git a/_images/custom_layouts17.png b/_images/custom_layouts17.png
index 1e337a828..11cd00a92 100644
Binary files a/_images/custom_layouts17.png and b/_images/custom_layouts17.png differ
diff --git a/_images/custom_layouts18.png b/_images/custom_layouts18.png
index 3bb563445..1e337a828 100644
Binary files a/_images/custom_layouts18.png and b/_images/custom_layouts18.png differ
diff --git a/_images/custom_layouts19.png b/_images/custom_layouts19.png
index b68a59891..3bb563445 100644
Binary files a/_images/custom_layouts19.png and b/_images/custom_layouts19.png differ
diff --git a/_images/custom_layouts2.png b/_images/custom_layouts2.png
index 8e577e03d..bc316b784 100644
Binary files a/_images/custom_layouts2.png and b/_images/custom_layouts2.png differ
diff --git a/_images/custom_layouts20.png b/_images/custom_layouts20.png
index 8ca853eab..b68a59891 100644
Binary files a/_images/custom_layouts20.png and b/_images/custom_layouts20.png differ
diff --git a/_images/custom_layouts21.png b/_images/custom_layouts21.png
index 85dee9af0..8ca853eab 100644
Binary files a/_images/custom_layouts21.png and b/_images/custom_layouts21.png differ
diff --git a/_images/custom_layouts210.png b/_images/custom_layouts210.png
new file mode 100644
index 000000000..bd91653b0
Binary files /dev/null and b/_images/custom_layouts210.png differ
diff --git a/_images/custom_layouts22.png b/_images/custom_layouts22.png
index f9fc0c127..85dee9af0 100644
Binary files a/_images/custom_layouts22.png and b/_images/custom_layouts22.png differ
diff --git a/_images/custom_layouts23.png b/_images/custom_layouts23.png
index 59deb8814..f9fc0c127 100644
Binary files a/_images/custom_layouts23.png and b/_images/custom_layouts23.png differ
diff --git a/_images/custom_layouts24.png b/_images/custom_layouts24.png
index aabc7aae6..59deb8814 100644
Binary files a/_images/custom_layouts24.png and b/_images/custom_layouts24.png differ
diff --git a/_images/custom_layouts25.png b/_images/custom_layouts25.png
index 2436a1696..aabc7aae6 100644
Binary files a/_images/custom_layouts25.png and b/_images/custom_layouts25.png differ
diff --git a/_images/custom_layouts26.png b/_images/custom_layouts26.png
index df841b726..2436a1696 100644
Binary files a/_images/custom_layouts26.png and b/_images/custom_layouts26.png differ
diff --git a/_images/custom_layouts27.png b/_images/custom_layouts27.png
index 3722e3ff7..df841b726 100644
Binary files a/_images/custom_layouts27.png and b/_images/custom_layouts27.png differ
diff --git a/_images/custom_layouts28.png b/_images/custom_layouts28.png
index 3243f3c8c..3722e3ff7 100644
Binary files a/_images/custom_layouts28.png and b/_images/custom_layouts28.png differ
diff --git a/_images/custom_layouts29.png b/_images/custom_layouts29.png
index dfc7086a8..3243f3c8c 100644
Binary files a/_images/custom_layouts29.png and b/_images/custom_layouts29.png differ
diff --git a/_images/custom_layouts3.png b/_images/custom_layouts3.png
index 3cad3441e..8e577e03d 100644
Binary files a/_images/custom_layouts3.png and b/_images/custom_layouts3.png differ
diff --git a/_images/custom_layouts30.png b/_images/custom_layouts30.png
index 4769a4800..dfc7086a8 100644
Binary files a/_images/custom_layouts30.png and b/_images/custom_layouts30.png differ
diff --git a/_images/custom_layouts31.png b/_images/custom_layouts31.png
index bbe9323da..48eaec720 100644
Binary files a/_images/custom_layouts31.png and b/_images/custom_layouts31.png differ
diff --git a/_images/custom_layouts32.png b/_images/custom_layouts32.png
index 4d7617944..4769a4800 100644
Binary files a/_images/custom_layouts32.png and b/_images/custom_layouts32.png differ
diff --git a/_images/custom_layouts33.png b/_images/custom_layouts33.png
index 6089a5b1c..bbe9323da 100644
Binary files a/_images/custom_layouts33.png and b/_images/custom_layouts33.png differ
diff --git a/_images/custom_layouts34.png b/_images/custom_layouts34.png
new file mode 100644
index 000000000..4d7617944
Binary files /dev/null and b/_images/custom_layouts34.png differ
diff --git a/_images/custom_layouts35.png b/_images/custom_layouts35.png
new file mode 100644
index 000000000..6089a5b1c
Binary files /dev/null and b/_images/custom_layouts35.png differ
diff --git a/_images/custom_layouts4.png b/_images/custom_layouts4.png
index e373c0beb..3cad3441e 100644
Binary files a/_images/custom_layouts4.png and b/_images/custom_layouts4.png differ
diff --git a/_images/custom_layouts5.png b/_images/custom_layouts5.png
index 71e24c93b..e373c0beb 100644
Binary files a/_images/custom_layouts5.png and b/_images/custom_layouts5.png differ
diff --git a/_images/custom_layouts6.png b/_images/custom_layouts6.png
index 61052bce1..71e24c93b 100644
Binary files a/_images/custom_layouts6.png and b/_images/custom_layouts6.png differ
diff --git a/_images/custom_layouts7.png b/_images/custom_layouts7.png
index 3059cf954..61052bce1 100644
Binary files a/_images/custom_layouts7.png and b/_images/custom_layouts7.png differ
diff --git a/_images/custom_layouts8.png b/_images/custom_layouts8.png
index 29b449962..3059cf954 100644
Binary files a/_images/custom_layouts8.png and b/_images/custom_layouts8.png differ
diff --git a/_images/custom_layouts9.png b/_images/custom_layouts9.png
index 23dc5eade..29b449962 100644
Binary files a/_images/custom_layouts9.png and b/_images/custom_layouts9.png differ
diff --git a/_images/dt-connectivity-to-internet-algosec.png b/_images/dt-connectivity-to-internet-algosec.png
new file mode 100644
index 000000000..02b9fab23
Binary files /dev/null and b/_images/dt-connectivity-to-internet-algosec.png differ
diff --git a/_images/dt-isolation-change-requests-algosec.png b/_images/dt-isolation-change-requests-algosec.png
new file mode 100644
index 000000000..06f60e11a
Binary files /dev/null and b/_images/dt-isolation-change-requests-algosec.png differ
diff --git a/_images/dt-signals.png b/_images/dt-signals.png
new file mode 100644
index 000000000..8f8381d2e
Binary files /dev/null and b/_images/dt-signals.png differ
diff --git a/_images/fn-algosec-traffic-change-request-details.png b/_images/fn-algosec-traffic-change-request-details.png
new file mode 100644
index 000000000..ad60bc8d9
Binary files /dev/null and b/_images/fn-algosec-traffic-change-request-details.png differ
diff --git a/_images/fn-algosec-traffic-change-request.png b/_images/fn-algosec-traffic-change-request.png
new file mode 100644
index 000000000..6270a5dff
Binary files /dev/null and b/_images/fn-algosec-traffic-change-request.png differ
diff --git a/_images/fn-algosec-traffic-simulation-query.png b/_images/fn-algosec-traffic-simulation-query.png
new file mode 100644
index 000000000..41d8b81e6
Binary files /dev/null and b/_images/fn-algosec-traffic-simulation-query.png differ
diff --git a/_images/fn-panorama-commit.png b/_images/fn-panorama-commit.png
new file mode 100644
index 000000000..e54a0d510
Binary files /dev/null and b/_images/fn-panorama-commit.png differ
diff --git a/_images/fn-panorama-permission1.png b/_images/fn-panorama-permission1.png
index 5d35ef322..b369e31dc 100644
Binary files a/_images/fn-panorama-permission1.png and b/_images/fn-panorama-permission1.png differ
diff --git a/_images/fn-sep-scan-endpoints.png b/_images/fn-sep-scan-endpoints.png
deleted file mode 100644
index 4f1efb925..000000000
Binary files a/_images/fn-sep-scan-endpoints.png and /dev/null differ
diff --git a/_images/fn-sumo-logic-access-id-key-dialog.png b/_images/fn-sumo-logic-access-id-key-dialog.png
new file mode 100644
index 000000000..bf3f83c81
Binary files /dev/null and b/_images/fn-sumo-logic-access-id-key-dialog.png differ
diff --git a/_images/fn-sumo-logic-access-id-key.png b/_images/fn-sumo-logic-access-id-key.png
new file mode 100644
index 000000000..9889b0151
Binary files /dev/null and b/_images/fn-sumo-logic-access-id-key.png differ
diff --git a/_images/fn-sumo-logic-add-comment-to-insight.png b/_images/fn-sumo-logic-add-comment-to-insight.png
new file mode 100644
index 000000000..214206b12
Binary files /dev/null and b/_images/fn-sumo-logic-add-comment-to-insight.png differ
diff --git a/_images/fn-sumo-logic-add-tag-to-insight.png b/_images/fn-sumo-logic-add-tag-to-insight.png
new file mode 100644
index 000000000..0cb59620a
Binary files /dev/null and b/_images/fn-sumo-logic-add-tag-to-insight.png differ
diff --git a/_images/fn-sumo-logic-create-access-key.png b/_images/fn-sumo-logic-create-access-key.png
new file mode 100644
index 000000000..a790ea988
Binary files /dev/null and b/_images/fn-sumo-logic-create-access-key.png differ
diff --git a/_images/fn-sumo-logic-get-entity.png b/_images/fn-sumo-logic-get-entity.png
new file mode 100644
index 000000000..c50d22c97
Binary files /dev/null and b/_images/fn-sumo-logic-get-entity.png differ
diff --git a/_images/fn-sumo-logic-get-entity2.png b/_images/fn-sumo-logic-get-entity2.png
new file mode 100644
index 000000000..4741245db
Binary files /dev/null and b/_images/fn-sumo-logic-get-entity2.png differ
diff --git a/_images/fn-sumo-logic-get-insight-by-id.png b/_images/fn-sumo-logic-get-insight-by-id.png
new file mode 100644
index 000000000..a87be49d8
Binary files /dev/null and b/_images/fn-sumo-logic-get-insight-by-id.png differ
diff --git a/_images/fn-sumo-logic-get-insights-comments.png b/_images/fn-sumo-logic-get-insights-comments.png
new file mode 100644
index 000000000..639bec7a9
Binary files /dev/null and b/_images/fn-sumo-logic-get-insights-comments.png differ
diff --git a/_images/fn-sumo-logic-get-signal-by-id.png b/_images/fn-sumo-logic-get-signal-by-id.png
new file mode 100644
index 000000000..992f79ba1
Binary files /dev/null and b/_images/fn-sumo-logic-get-signal-by-id.png differ
diff --git a/_images/fn-sumo-logic-update-insight-status-2.png b/_images/fn-sumo-logic-update-insight-status-2.png
new file mode 100644
index 000000000..d2fe01b6a
Binary files /dev/null and b/_images/fn-sumo-logic-update-insight-status-2.png differ
diff --git a/_images/fn-sumo-logic-update-insight-status.png b/_images/fn-sumo-logic-update-insight-status.png
new file mode 100644
index 000000000..a3468bfb2
Binary files /dev/null and b/_images/fn-sumo-logic-update-insight-status.png differ
diff --git a/_images/main1.png b/_images/main1.png
index 67d31507c..7aff9ad80 100644
Binary files a/_images/main1.png and b/_images/main1.png differ
diff --git a/_images/main10.png b/_images/main10.png
index 77bde18c3..670ac2f7c 100644
Binary files a/_images/main10.png and b/_images/main10.png differ
diff --git a/_images/main11.png b/_images/main11.png
index 3914273af..77bde18c3 100644
Binary files a/_images/main11.png and b/_images/main11.png differ
diff --git a/_images/main12.png b/_images/main12.png
index 764aa38b6..3914273af 100644
Binary files a/_images/main12.png and b/_images/main12.png differ
diff --git a/_images/main13.png b/_images/main13.png
index dc29d4fb3..764aa38b6 100644
Binary files a/_images/main13.png and b/_images/main13.png differ
diff --git a/_images/main14.png b/_images/main14.png
index 5125bd3aa..dc29d4fb3 100644
Binary files a/_images/main14.png and b/_images/main14.png differ
diff --git a/_images/main15.png b/_images/main15.png
index 25899d5b8..5125bd3aa 100644
Binary files a/_images/main15.png and b/_images/main15.png differ
diff --git a/_images/main16.png b/_images/main16.png
index 52411178d..25899d5b8 100644
Binary files a/_images/main16.png and b/_images/main16.png differ
diff --git a/_images/main17.png b/_images/main17.png
index 904d34371..52411178d 100644
Binary files a/_images/main17.png and b/_images/main17.png differ
diff --git a/_images/main18.png b/_images/main18.png
index 455905489..904d34371 100644
Binary files a/_images/main18.png and b/_images/main18.png differ
diff --git a/_images/main19.png b/_images/main19.png
index 8949857a9..455905489 100644
Binary files a/_images/main19.png and b/_images/main19.png differ
diff --git a/_images/main2.png b/_images/main2.png
index a59b67558..67d31507c 100644
Binary files a/_images/main2.png and b/_images/main2.png differ
diff --git a/_images/main20.png b/_images/main20.png
index 10f541501..8949857a9 100644
Binary files a/_images/main20.png and b/_images/main20.png differ
diff --git a/_images/main21.png b/_images/main21.png
index 6e02056d1..10f541501 100644
Binary files a/_images/main21.png and b/_images/main21.png differ
diff --git a/_images/main22.png b/_images/main22.png
index 4609eb692..6e02056d1 100644
Binary files a/_images/main22.png and b/_images/main22.png differ
diff --git a/_images/main23.png b/_images/main23.png
index b9f15d08d..4609eb692 100644
Binary files a/_images/main23.png and b/_images/main23.png differ
diff --git a/_images/main24.png b/_images/main24.png
index 87bf4eb4d..b9f15d08d 100644
Binary files a/_images/main24.png and b/_images/main24.png differ
diff --git a/_images/main25.png b/_images/main25.png
index 98c413e94..87bf4eb4d 100644
Binary files a/_images/main25.png and b/_images/main25.png differ
diff --git a/_images/main26.png b/_images/main26.png
index 78ea15b4d..98c413e94 100644
Binary files a/_images/main26.png and b/_images/main26.png differ
diff --git a/_images/main27.png b/_images/main27.png
index 4f7cad087..78ea15b4d 100644
Binary files a/_images/main27.png and b/_images/main27.png differ
diff --git a/_images/main28.png b/_images/main28.png
index a6f46c1f1..4f7cad087 100644
Binary files a/_images/main28.png and b/_images/main28.png differ
diff --git a/_images/main29.png b/_images/main29.png
index ee7f97646..a6f46c1f1 100644
Binary files a/_images/main29.png and b/_images/main29.png differ
diff --git a/_images/main3.png b/_images/main3.png
index bd5bd8da5..a59b67558 100644
Binary files a/_images/main3.png and b/_images/main3.png differ
diff --git a/_images/main30.png b/_images/main30.png
index ccc636e53..ee7f97646 100644
Binary files a/_images/main30.png and b/_images/main30.png differ
diff --git a/_images/main31.png b/_images/main31.png
index c2df79f41..ccc636e53 100644
Binary files a/_images/main31.png and b/_images/main31.png differ
diff --git a/_images/main32.png b/_images/main32.png
index 401efce3d..c2df79f41 100644
Binary files a/_images/main32.png and b/_images/main32.png differ
diff --git a/_images/main33.png b/_images/main33.png
index 8e9f621af..401efce3d 100644
Binary files a/_images/main33.png and b/_images/main33.png differ
diff --git a/_images/main34.png b/_images/main34.png
index b2e36fcdc..8e9f621af 100644
Binary files a/_images/main34.png and b/_images/main34.png differ
diff --git a/_images/main35.png b/_images/main35.png
index f41a22a97..b2e36fcdc 100644
Binary files a/_images/main35.png and b/_images/main35.png differ
diff --git a/_images/main36.png b/_images/main36.png
index 7820ee661..f41a22a97 100644
Binary files a/_images/main36.png and b/_images/main36.png differ
diff --git a/_images/main37.png b/_images/main37.png
index 0adb10d2b..7820ee661 100644
Binary files a/_images/main37.png and b/_images/main37.png differ
diff --git a/_images/main38.png b/_images/main38.png
index 12e360c8d..0adb10d2b 100644
Binary files a/_images/main38.png and b/_images/main38.png differ
diff --git a/_images/main39.png b/_images/main39.png
index 50340c355..12e360c8d 100644
Binary files a/_images/main39.png and b/_images/main39.png differ
diff --git a/_images/main4.png b/_images/main4.png
index f1b33f473..bd5bd8da5 100644
Binary files a/_images/main4.png and b/_images/main4.png differ
diff --git a/_images/main40.png b/_images/main40.png
index 2a25f4d47..50340c355 100644
Binary files a/_images/main40.png and b/_images/main40.png differ
diff --git a/_images/main41.png b/_images/main41.png
index 2e6c205b9..2a25f4d47 100644
Binary files a/_images/main41.png and b/_images/main41.png differ
diff --git a/_images/main42.png b/_images/main42.png
index 2d87303e6..2e6c205b9 100644
Binary files a/_images/main42.png and b/_images/main42.png differ
diff --git a/_images/main43.png b/_images/main43.png
index d1d0c1862..2d87303e6 100644
Binary files a/_images/main43.png and b/_images/main43.png differ
diff --git a/_images/main44.png b/_images/main44.png
index a0ab05a8b..d1d0c1862 100644
Binary files a/_images/main44.png and b/_images/main44.png differ
diff --git a/_images/main45.png b/_images/main45.png
index 647b6025a..a0ab05a8b 100644
Binary files a/_images/main45.png and b/_images/main45.png differ
diff --git a/_images/main46.png b/_images/main46.png
index f611f8628..647b6025a 100644
Binary files a/_images/main46.png and b/_images/main46.png differ
diff --git a/_images/main47.png b/_images/main47.png
index fcd0d6aa5..f611f8628 100644
Binary files a/_images/main47.png and b/_images/main47.png differ
diff --git a/_images/main48.png b/_images/main48.png
index 2a7fdec59..fcd0d6aa5 100644
Binary files a/_images/main48.png and b/_images/main48.png differ
diff --git a/_images/main49.png b/_images/main49.png
index fe197d4ae..2a7fdec59 100644
Binary files a/_images/main49.png and b/_images/main49.png differ
diff --git a/_images/main5.png b/_images/main5.png
index 3f96f1f7b..f1b33f473 100644
Binary files a/_images/main5.png and b/_images/main5.png differ
diff --git a/_images/main50.png b/_images/main50.png
index 95e992d25..fe197d4ae 100644
Binary files a/_images/main50.png and b/_images/main50.png differ
diff --git a/_images/main51.png b/_images/main51.png
index e9a1227b3..95e992d25 100644
Binary files a/_images/main51.png and b/_images/main51.png differ
diff --git a/_images/main52.png b/_images/main52.png
index d69b9e4cb..e9a1227b3 100644
Binary files a/_images/main52.png and b/_images/main52.png differ
diff --git a/_images/main53.png b/_images/main53.png
index d0d140bbc..d69b9e4cb 100644
Binary files a/_images/main53.png and b/_images/main53.png differ
diff --git a/_images/main54.png b/_images/main54.png
index 2e48235e9..d0d140bbc 100644
Binary files a/_images/main54.png and b/_images/main54.png differ
diff --git a/_images/main55.png b/_images/main55.png
index c21e3ac0f..2e48235e9 100644
Binary files a/_images/main55.png and b/_images/main55.png differ
diff --git a/_images/main56.png b/_images/main56.png
index db9d5b8af..c21e3ac0f 100644
Binary files a/_images/main56.png and b/_images/main56.png differ
diff --git a/_images/main57.png b/_images/main57.png
index b3cdf1a4a..db9d5b8af 100644
Binary files a/_images/main57.png and b/_images/main57.png differ
diff --git a/_images/main58.png b/_images/main58.png
index b9f36d9e4..b3cdf1a4a 100644
Binary files a/_images/main58.png and b/_images/main58.png differ
diff --git a/_images/main59.png b/_images/main59.png
index 6af068145..b9f36d9e4 100644
Binary files a/_images/main59.png and b/_images/main59.png differ
diff --git a/_images/main6.png b/_images/main6.png
index 6529fa165..3f96f1f7b 100644
Binary files a/_images/main6.png and b/_images/main6.png differ
diff --git a/_images/main60.png b/_images/main60.png
index c3ea22084..6af068145 100644
Binary files a/_images/main60.png and b/_images/main60.png differ
diff --git a/_images/main61.png b/_images/main61.png
index b104a3926..c3ea22084 100644
Binary files a/_images/main61.png and b/_images/main61.png differ
diff --git a/_images/main62.png b/_images/main62.png
index c3f560861..b104a3926 100644
Binary files a/_images/main62.png and b/_images/main62.png differ
diff --git a/_images/main63.png b/_images/main63.png
index e5721721d..c3f560861 100644
Binary files a/_images/main63.png and b/_images/main63.png differ
diff --git a/_images/main64.png b/_images/main64.png
index 60d1bc8f1..e5721721d 100644
Binary files a/_images/main64.png and b/_images/main64.png differ
diff --git a/_images/main65.png b/_images/main65.png
index 55d78c5a2..60d1bc8f1 100644
Binary files a/_images/main65.png and b/_images/main65.png differ
diff --git a/_images/main66.png b/_images/main66.png
index d46193010..55d78c5a2 100644
Binary files a/_images/main66.png and b/_images/main66.png differ
diff --git a/_images/main67.png b/_images/main67.png
index 57f952260..e9cf8be5b 100644
Binary files a/_images/main67.png and b/_images/main67.png differ
diff --git a/_images/main68.png b/_images/main68.png
index 7d33118a7..d46193010 100644
Binary files a/_images/main68.png and b/_images/main68.png differ
diff --git a/_images/main69.png b/_images/main69.png
index 1d91272ea..57f952260 100644
Binary files a/_images/main69.png and b/_images/main69.png differ
diff --git a/_images/main7.png b/_images/main7.png
index a1bd5239b..6529fa165 100644
Binary files a/_images/main7.png and b/_images/main7.png differ
diff --git a/_images/main70.png b/_images/main70.png
index 22b85388c..7d33118a7 100644
Binary files a/_images/main70.png and b/_images/main70.png differ
diff --git a/_images/main71.png b/_images/main71.png
index 740533a7c..1d91272ea 100644
Binary files a/_images/main71.png and b/_images/main71.png differ
diff --git a/_images/main72.png b/_images/main72.png
index f3d434780..22b85388c 100644
Binary files a/_images/main72.png and b/_images/main72.png differ
diff --git a/_images/main73.png b/_images/main73.png
index 6d47325c4..740533a7c 100644
Binary files a/_images/main73.png and b/_images/main73.png differ
diff --git a/_images/main74.png b/_images/main74.png
index e578364d4..f3d434780 100644
Binary files a/_images/main74.png and b/_images/main74.png differ
diff --git a/_images/main75.png b/_images/main75.png
index fa1cf6eca..6d47325c4 100644
Binary files a/_images/main75.png and b/_images/main75.png differ
diff --git a/_images/main76.png b/_images/main76.png
index 1d25e5f37..e578364d4 100644
Binary files a/_images/main76.png and b/_images/main76.png differ
diff --git a/_images/main77.png b/_images/main77.png
index 959a9fbce..fa1cf6eca 100644
Binary files a/_images/main77.png and b/_images/main77.png differ
diff --git a/_images/main78.png b/_images/main78.png
index 05202e680..1d25e5f37 100644
Binary files a/_images/main78.png and b/_images/main78.png differ
diff --git a/_images/main79.png b/_images/main79.png
index e33eb3a13..959a9fbce 100644
Binary files a/_images/main79.png and b/_images/main79.png differ
diff --git a/_images/main8.png b/_images/main8.png
index 9f693e85e..a1bd5239b 100644
Binary files a/_images/main8.png and b/_images/main8.png differ
diff --git a/_images/main80.png b/_images/main80.png
index ca7b1862f..05202e680 100644
Binary files a/_images/main80.png and b/_images/main80.png differ
diff --git a/_images/main81.png b/_images/main81.png
index 9e1d0d43b..e33eb3a13 100644
Binary files a/_images/main81.png and b/_images/main81.png differ
diff --git a/_images/main82.png b/_images/main82.png
index 116920209..ca7b1862f 100644
Binary files a/_images/main82.png and b/_images/main82.png differ
diff --git a/_images/main83.png b/_images/main83.png
index 64f7ff233..9e1d0d43b 100644
Binary files a/_images/main83.png and b/_images/main83.png differ
diff --git a/_images/main84.png b/_images/main84.png
new file mode 100644
index 000000000..116920209
Binary files /dev/null and b/_images/main84.png differ
diff --git a/_images/main85.png b/_images/main85.png
new file mode 100644
index 000000000..64f7ff233
Binary files /dev/null and b/_images/main85.png differ
diff --git a/_images/main9.png b/_images/main9.png
index 670ac2f7c..9f693e85e 100644
Binary files a/_images/main9.png and b/_images/main9.png differ
diff --git a/_images/wf-sep-initiate-eoc-scan-for-artifact.png b/_images/wf-sep-initiate-eoc-scan-for-artifact.png
deleted file mode 100644
index bed167f8f..000000000
Binary files a/_images/wf-sep-initiate-eoc-scan-for-artifact.png and /dev/null differ
diff --git a/_images/workflows.png b/_images/workflows.png
deleted file mode 100644
index 5876e0072..000000000
Binary files a/_images/workflows.png and /dev/null differ
diff --git a/_sources/fn_algosec/README.md.txt b/_sources/fn_algosec/README.md.txt
new file mode 100644
index 000000000..16c5d786a
--- /dev/null
+++ b/_sources/fn_algosec/README.md.txt
@@ -0,0 +1,654 @@
+# IBM SOAR integration for AlgoSec
+
+
+## Table of Contents
+- [Release Notes](#release-notes)
+- [Overview](#overview)
+  - [Key Features](#key-features)
+- [Requirements](#requirements)
+  - [SOAR platform](#soar-platform)
+  - [Cloud Pak for Security](#cloud-pak-for-security)
+  - [Proxy Server](#proxy-server)
+  - [Python Environment](#python-environment)
+- [Installation](#installation)
+  - [Install](#install)
+  - [App Configuration](#app-configuration)
+- [Function - AlgoSec: Traffic Change Request](#function---algosec-traffic-change-request)
+- [Function - AlgoSec: Traffic Change Request Details](#function---algosec-traffic-change-request-details)
+- [Function - AlgoSec: Traffic Simulation Query](#function---algosec-traffic-simulation-query)
+  - [Custom Layouts](#custom-layouts)
+- [Data Table - Connectivity to Internet (AlgoSec)](#data-table---connectivity-to-internet-algosec)
+- [Data Table - Isolation Change Requests (AlgoSec)](#data-table---isolation-change-requests-algosec)
+- [Playbooks](#playbooks)
+- [Troubleshooting & Support](#troubleshooting--support)
+
+---
+
+## Release Notes
+| Version | Date | Notes |
+| ------- | ---- | ----- |
+| 1.0.0 | 02/2019 | Initial Release |
+| 2.0.0 | 08/2024 | Integration rewritten with latest AlgoSec REST API. Apphost compatible. Converted to playbooks. |
+
+---
+
+## Overview
+<!--
+  Provide a high-level description of the function itself and its remote software or application.
+  The text below is parsed from the "description" and "long_description" attributes in the setup.py file
+-->
+**IBM SOAR integration for AlgoSec**
+
+ ![screenshot: main](./doc/screenshots/main.png)
+
+This integration allows one to make a traffic change request, get the details of a traffic change request, or a traffic simulation query.
+
+### Key Features
+<!--
+  List the Key Features of the Integration
+-->
+* Make traffic change requests
+* Get the details of a traffic change request
+* Make a traffic simulation query
+
+---
+
+## Requirements
+This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRadar SOAR for IBM Cloud Pak for Security.
+
+### SOAR platform
+The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.
+
+If deploying to a SOAR platform with an App Host, the requirements are:
+* SOAR platform >= `51.0.0.0.9340`.
+* The app is in a container-based format (available from the AppExchange as a `zip` file).
+
+If deploying to a SOAR platform with an integration server, the requirements are:
+* SOAR platform >= `51.0.0.0.9340`.
+* The app is in the older integration format (available from the AppExchange as a `zip` file which contains a `tar.gz` file).
+* Integration server is running `resilient-circuits>=51.0.0`.
+* If using an API key account, make sure the account provides the following minimum permissions:
+  | Name | Permissions |
+  | ---- | ----------- |
+  | Org Data | Read |
+  | Function | Read |
+
+The following SOAR platform guides provide additional information:
+* _Edge Gateway Deployment Guide_ or _App Host Deployment Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings.
+* _Integration Server Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings.
+* _System Administrator Guide_: provides the procedure to install, configure and deploy apps.
+
+The above guides are available on the IBM Documentation website at [ibm.biz/soar-docs](https://ibm.biz/soar-docs). On this web page, select your SOAR platform version. On the follow-on page, you can find the _Edge Gateway Deployment Guide_, _App Host Deployment Guide_, or _Integration Server Guide_ by expanding **Apps** in the Table of Contents pane. The System Administrator Guide is available by expanding **System Administrator**.
+
+### Cloud Pak for Security
+If you are deploying to IBM Cloud Pak for Security, the requirements are:
+* IBM Cloud Pak for Security >= `1.10.15`.
+* Cloud Pak is configured with an Edge Gateway.
+* The app is in a container-based format (available from the AppExchange as a `zip` file).
+
+The following Cloud Pak guides provide additional information:
+* _Edge Gateway Deployment Guide_ or _App Host Deployment Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings. From the Table of Contents, select Case Management and Orchestration & Automation > **Orchestration and Automation Apps**.
+* _System Administrator Guide_: provides information to install, configure, and deploy apps. From the IBM Cloud Pak for Security IBM Documentation table of contents, select Case Management and Orchestration & Automation > **System administrator**.
+
+These guides are available on the IBM Documentation website at [ibm.biz/cp4s-docs](https://ibm.biz/cp4s-docs). From this web page, select your IBM Cloud Pak for Security version. From the version-specific IBM Documentation page, select Case Management and Orchestration & Automation.
+
+### Proxy Server
+The app **does** support a proxy server.
+
+### Python Environment
+Python 3.9, 3.11, and 3.12 are officially supported. When deployed as an app, the app runs on Python 3.11.
+Additional package dependencies may exist for each of these packages:
+* resilient-circuits>=51.0.0
+
+---
+
+## Installation
+
+### Install
+* To install or uninstall an App or Integration on the _SOAR platform_, see the documentation at [ibm.biz/soar-docs](https://ibm.biz/soar-docs).
+* To install or uninstall an App on _IBM Cloud Pak for Security_, see the documentation at [ibm.biz/cp4s-docs](https://ibm.biz/cp4s-docs) and follow the instructions above to navigate to Orchestration and Automation.
+
+### App Configuration
+The following table provides the settings you need to configure the app. These settings are made in the app.config file. See the documentation discussed in the Requirements section for the procedure.
+
+| Config | Required | Example | Description |
+| ------ | :------: | ------- | ----------- |
+| **password** | Yes | `algosec` | *The password for the AlgoSec login.* |
+| **server_ip** | Yes | `local.algosec.com` | *The address of the AlgoSec server. Either an IP address or fully qualified domain name* |
+| **username** | Yes | `admin` | *The username for the AlgoSec login.* |
+| **verify** | No | `true` | *True to connect with SSL.* |
+| **https_proxy** | No | `` | *Https proxy to use when connecting to the AlgoSec server.* |
+
+---
+
+## Function - AlgoSec: Traffic Change Request
+Create a traffic change request with AlgoSec's FireFlow
+
+ ![screenshot: fn-algosec-traffic-change-request ](./doc/screenshots/fn-algosec-traffic-change-request.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `algosec_application` | `text` | No | `any` | Application(s) for the rule. Multiple values are separated by commas (,). If empty, the query runs on application: 'any' |
+| `algosec_destination` | `text` | No | `8.8.8.8` | Destination(s) IP address for the query. Multiple values are separated by commas (,). |
+| `algosec_service` | `text` | No | `*` | Service(s) for the query. Multiple values are separated by commas (,). |
+| `algosec_source` | `text` | Yes | `1.1.1.1` | Source to use. Either a single source or a comma separated list of sources |
+| `algosec_traffic_change_action` | `select` | Yes | `Drop` | Action: Allow or Drop |
+| `algosec_traffic_change_request_description` | `text` | No | `Traffic Change Request initiated by the IBM SOAR Integration.` | The description of the traffic change request |
+| `algosec_traffic_change_request_devices` | `text` | No | `-` | Comma separated list of devices |
+| `algosec_traffic_change_request_subject` | `text` | No | `IBM SOAR Traffic Change Request` | Subject of the traffic change request |
+| `algosec_traffic_change_template` | `text` | Yes | `-` | Name of template to use |
+| `algosec_user` | `text` | No | `any` | User(s) who created the rule. Multiple values are separated by commas (,). If empty, the query runs on user: 'any' |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "data": {
+      "changeRequestId": 11,
+      "redirectUrl": "https://1.2.3.4/FireFlow/Ticket/Display.html?id=11"
+    },
+    "messages": [],
+    "status": "Success"
+  },
+  "inputs": {
+    "algosec_destination": "any, 1.1.1.1",
+    "algosec_service": "any",
+    "algosec_source": "1.1.1.1, any",
+    "algosec_traffic_change_action": "Drop",
+    "algosec_traffic_change_request_description": "Isolation Request initiated by the IBM SOAR Integration.",
+    "algosec_traffic_change_request_subject": "IBM SOAR Isolation Request for 1.1.1.1",
+    "algosec_traffic_change_template": "Basic Change Traffic Request"
+  },
+  "metrics": {
+    "execution_time_ms": 9129,
+    "host": "local",
+    "package": "fn-algosec",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-02 09:26:21",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.algosec_source = f"{artifact.value}, any"
+inputs.algosec_traffic_change_action = "Drop"
+inputs.algosec_destination = f"any, {artifact.value}"
+inputs.algosec_service = "any"
+inputs.algosec_traffic_change_request_description = "Isolation Request initiated by the IBM SOAR Integration."
+inputs.algosec_traffic_change_request_subject = f"IBM SOAR Isolation Request for {artifact.value}"
+inputs.algosec_traffic_change_template = "Basic Change Traffic Request"
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+from json import dumps
+# Results from the traffic change request call
+change_request = playbook.functions.results.isolate_host_results
+request_data = change_request.get("content", {}).get("data", {})
+# Results from getting the traffic change request details
+request_details = playbook.functions.results.change_request_details
+details_data = request_details.get("content", {}).get("data", {})
+
+if change_request.get("success"):
+  # Add Row
+  row = incident.addRow("algosec_isolation_requests")
+  row['traffic_change_request_id'] = request_data.get("changeRequestId")
+  row['hostname'] = artifact.value
+  row['traffic_change_request_url'] = request_data.get("redirectUrl")
+  row['traffic_change_request_body'] = dumps(details_data.get("fields", {}), indent=4)
+  row['traffic_change_request_original_traffic'] = dumps(details_data.get("originalTraffic", {}), indent=4)
+  row['traffic_change_request_planned_traffic'] = dumps(details_data.get("plannedTraffic", {}), indent=4)
+else:
+  incident.addNote(f"Isolate Host from Network on host {artifact.value} failed with reason: {change_request.get('reason', '')}")
+```
+
+</p>
+</details>
+
+---
+## Function - AlgoSec: Traffic Change Request Details
+Returns full details about a specified change request, including custom fields configured for the template.
+
+ ![screenshot: fn-algosec-traffic-change-request-details ](./doc/screenshots/fn-algosec-traffic-change-request-details.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `algosec_change_request_id` | `number` | Yes | `3` | The ID of the change request you want to return data for. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "data": {
+      "fields": [
+        {
+          "name": "Owner",
+          "values": [
+            "admin\u003cadmin@example.com\u003e"
+          ]
+        },
+        {
+          "name": "Workflow",
+          "values": [
+            "Basic"
+          ]
+        },
+        {
+          "name": "Creator",
+          "values": [
+            "admin\u003cadmin@example.com\u003e"
+          ]
+        },
+        {
+          "name": "Subject",
+          "values": [
+            "IBM SOAR Isolation Request for 1.1.1.1"
+          ]
+        },
+        {
+          "name": "Ticket Template Name",
+          "values": [
+            "Basic Change Traffic Request"
+          ]
+        },
+        {
+          "name": "Change Request Description",
+          "values": [
+            "Isolation Request initiated by the IBM SOAR Integration."
+          ]
+        },
+        {
+          "name": "LastUpdated",
+          "values": [
+            "2024-08-02 09:26:26"
+          ]
+        },
+        {
+          "name": "Requestor",
+          "values": [
+            "admin\u003cadmin@example.com\u003e"
+          ]
+        },
+        {
+          "name": "Form Type",
+          "values": [
+            "Traffic Change"
+          ]
+        },
+        {
+          "name": "status",
+          "values": [
+            "open"
+          ]
+        }
+      ],
+      "id": 11,
+      "originalTraffic": [
+        {
+          "action": "Drop",
+          "application": {
+            "items": [
+              {
+                "value": "any"
+              }
+            ]
+          },
+          "destination": {
+            "items": [
+              {
+                "value": "any"
+              },
+              {
+                "value": "1.1.1.1"
+              }
+            ]
+          },
+          "fields": [
+            {
+              "name": "Requested URL Category",
+              "values": [
+                "any"
+              ]
+            }
+          ],
+          "service": {
+            "items": [
+              {
+                "value": "any"
+              }
+            ]
+          },
+          "source": {
+            "items": [
+              {
+                "value": "1.1.1.1"
+              },
+              {
+                "value": "any"
+              }
+            ]
+          },
+          "user": {
+            "items": [
+              {
+                "value": "any"
+              }
+            ]
+          }
+        }
+      ],
+      "plannedTraffic": [
+        {
+          "action": "Drop",
+          "application": {
+            "items": [
+              {
+                "value": "any"
+              }
+            ]
+          },
+          "destination": {
+            "items": [
+              {
+                "value": "any"
+              },
+              {
+                "value": "1.1.1.1"
+              }
+            ]
+          },
+          "fields": [
+            {
+              "name": "Change URL Category",
+              "values": [
+                "any"
+              ]
+            }
+          ],
+          "service": {
+            "items": [
+              {
+                "value": "*"
+              }
+            ]
+          },
+          "source": {
+            "items": [
+              {
+                "value": "1.1.1.1"
+              },
+              {
+                "value": "any"
+              }
+            ]
+          },
+          "user": {
+            "items": [
+              {
+                "value": "any"
+              }
+            ]
+          }
+        }
+      ]
+    },
+    "messages": [],
+    "status": "Success"
+  },
+  "inputs": {
+    "algosec_change_request_id": 11
+  },
+  "metrics": {
+    "execution_time_ms": 8305,
+    "host": "local",
+    "package": "fn-algosec",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-02 09:26:31",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+data = playbook.functions.results.isolate_host_results.get("content", {}).get("data", {})
+inputs.algosec_change_request_id = data.get("changeRequestId")
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+from json import dumps
+# Results from the traffic change request call
+change_request = playbook.functions.results.isolate_host_results
+request_data = change_request.get("content", {}).get("data", {})
+# Results from getting the traffic change request details
+request_details = playbook.functions.results.change_request_details
+details_data = request_details.get("content", {}).get("data", {})
+
+if change_request.get("success"):
+  # Add Row
+  row = incident.addRow("algosec_isolation_requests")
+  row['traffic_change_request_id'] = request_data.get("changeRequestId")
+  row['hostname'] = artifact.value
+  row['traffic_change_request_url'] = request_data.get("redirectUrl")
+  row['traffic_change_request_body'] = dumps(details_data.get("fields", {}), indent=4)
+  row['traffic_change_request_original_traffic'] = dumps(details_data.get("originalTraffic", {}), indent=4)
+  row['traffic_change_request_planned_traffic'] = dumps(details_data.get("plannedTraffic", {}), indent=4)
+else:
+  incident.addNote(f"Isolate Host from Network on host {artifact.value} failed with reason: {change_request.get('reason', '')}")
+```
+
+</p>
+</details>
+
+---
+## Function - AlgoSec: Traffic Simulation Query
+Performs a batch Traffic Simulation Query on a single device or group of devices.
+
+ ![screenshot: fn-algosec-traffic-simulation-query ](./doc/screenshots/fn-algosec-traffic-simulation-query.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `algosec_application` | `text` | No | `any` | Application(s) for the rule. Multiple values are separated by commas (,). If empty, the query runs on application: 'any' |
+| `algosec_destination` | `text` | No | `8.8.8.8` | Destination(s) IP address for the query. Multiple values are separated by commas (,). |
+| `algosec_includedevicespaths` | `boolean` | No | `-` | true: Includes devices paths section in response (devicesInPath). |
+| `algosec_includeruleszones` | `boolean` | No | `-` | true: Includes source/destination zones of rule of zone-based devices in response (sourceZone, destinationZone). |
+| `algosec_query_target` | `text` | No | `ALL_FIREWALLS` | Name of a device or group the query will run on. If empty, the query runs on the entire network and all permitted devices for the user. |
+| `algosec_service` | `text` | No | `*` | Service(s) for the query. Multiple values are separated by commas (,). |
+| `algosec_source` | `text` | Yes | `1.1.1.1` | Source to use |
+| `algosec_user` | `text` | No | `any` | User(s) who created the rule. Multiple values are separated by commas (,). If empty, the query runs on user: 'any' |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "queryResult": [
+      {
+        "finalResult": "Not routed",
+        "fipResult": "Unreachable",
+        "queryDescription": "1.2.3.5=\u003e8.8.8.8:any:any:any",
+        "queryHTMLPath": "https://aglosec/fa/query/results/#/work/ALL_FIREWALLS_query-1722608134438/"
+      }
+    ],
+    "queryUIResult": "https://aglosec/fa/query/results/#/work/ALL_FIREWALLS_query-1722608134438/"
+  },
+  "inputs": {
+    "algosec_destination": "8.8.8.8",
+    "algosec_service": "any",
+    "algosec_source": "1.2.3.5"
+  },
+  "metrics": {
+    "execution_time_ms": 9827,
+    "host": "local",
+    "package": "fn-algosec",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-02 09:59:19",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.algosec_source = artifact.value
+inputs.algosec_destination = "8.8.8.8"
+inputs.algosec_service = "any"
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+results = playbook.functions.results.inet_check_output
+content = results.get("content", {})
+
+# Processing if the function is a success
+if results.get("success"):
+  for queryResult in content.get("queryResult", []):
+    # Add Row
+    row = incident.addRow("algosec_internet_connectivity_queries")
+    row.artifact_ip = artifact.value
+    row.query_description = queryResult.get("queryDescription")
+    row.traffic_simulation_fip_results = queryResult.get("fipResult")
+    row.traffic_simulation_final_results = queryResult.get("finalResult")
+    row.query_html_path = queryResult.get("queryHTMLPath")
+```
+
+</p>
+</details>
+
+---
+
+## Playbooks
+| Playbook Name | Description | Activation Type | Object | Status | Condition | 
+| ------------- | ----------- | --------------- | ------ | ------ | --------- | 
+| AlgoSec: Check Host Internet Connectivity - Example (PB) | Check internet connection for a given "IP Address" artifact using AlgoSec FireFlow. The connectivity query results are updated in the incident's Data Table called "AlgoSec Internet Connection" | Manual | artifact | `enabled` | `artifact.type in ['IP Address', 'DNS Name', 'Network CIDR Range']` |
+| AlgoSec: Isolate from Network - Example (PB) | Isolate an "IP Address" artifact using AlgoSec FireFlow. The FireFlow isolation request details are updated in the incident's Data Table called "AlgoSec Isolation Requests". | Manual | artifact | `enabled` | `artifact.type in ['IP Address', 'DNS Name', 'Network CIDR Range']` |
+
+---
+
+## Custom Layouts
+<!--
+  Use this section to provide guidance on where the user should add any custom fields and data tables.
+  You may wish to recommend a new incident tab.
+  You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
+-->
+* Import the Data Tables and Custom Fields like the screenshot below:
+
+  ![screenshot: custom_layouts](./doc/screenshots/custom_layouts.png)
+
+
+## Data Table - Connectivity to Internet (AlgoSec)
+
+ ![screenshot: dt-connectivity-to-internet-algosec](./doc/screenshots/dt-connectivity-to-internet-algosec.png)
+
+#### API Name:
+algosec_internet_connectivity_queries
+
+#### Columns:
+| Column Name | API Access Name | Type | Tooltip |
+| ----------- | --------------- | ---- | ------- |
+| Artifact IP | `artifact_ip` | `text` | The given address |
+| Final Results | `traffic_simulation_final_results` | `select` | One of the following: allowed, blocked, partially allowed, not routed |
+| FIP Results | `traffic_simulation_fip_results` | `select` | One of the following: Unreachable, SameZone, Routed, PartiallyRouted, NotExecuted, Unknown |
+| Query Description | `query_description` | `text` | Description of query. |
+| Traffic Simulation Query HTML Path | `query_html_path` | `textarea` | URL to the results in the UI. |
+
+---
+## Data Table - Isolation Change Requests (AlgoSec)
+
+ ![screenshot: dt-isolation-change-requests-algosec](./doc/screenshots/dt-isolation-change-requests-algosec.png)
+
+#### API Name:
+algosec_isolation_requests
+
+#### Columns:
+| Column Name | API Access Name | Type | Tooltip |
+| ----------- | --------------- | ---- | ------- |
+| Artifact IP | `hostname` | `text` | - |
+| Original Traffic | `traffic_change_request_original_traffic` | `textarea` | The original traffic |
+| Planned Traffic | `traffic_change_request_planned_traffic` | `textarea` | The planned traffic |
+| Redirect URL | `traffic_change_request_url` | `textarea` | The redirect URL for the traffic change request. |
+| Request Body | `traffic_change_request_body` | `textarea` | The request body of the traffic change request. |
+| Traffic Change Request ID | `traffic_change_request_id` | `number` | The ID of the traffic change request. |
+
+---
+
+
+## Troubleshooting & Support
+Refer to the documentation listed in the Requirements section for troubleshooting information.
+
+### For Support
+This is an IBM supported app. Please search [ibm.com/mysupport](https://ibm.com/mysupport) for assistance.
diff --git a/_sources/fn_pa_panorama/README.md.txt b/_sources/fn_pa_panorama/README.md.txt
index f643dfcf9..22dfa2c1d 100644
--- a/_sources/fn_pa_panorama/README.md.txt
+++ b/_sources/fn_pa_panorama/README.md.txt
@@ -14,6 +14,7 @@
   - [Install](#install)
   - [Panorama API permissions](#panorama-api-permissions)
   - [App Configuration](#app-configuration)
+- [Function - Panorama Commit](#function---panorama-commit)
 - [Function - Panorama Create Address](#function---panorama-create-address)
 - [Function - Panorama Edit Address Group](#function---panorama-edit-address-group)
 - [Function - Panorama Edit Users in a Group](#function---panorama-edit-users-in-a-group)
@@ -30,6 +31,7 @@
 ## Release Notes
 | Version | Date | Notes |
 | ------- | ---- | ----- |
+| 1.5.0 | 08/2024 | Add function to commit changes. Update example playbooks to auto commit. |
 | 1.4.0 | 02/2024 | Add ability to use location=device-group |
 | 1.3.0 | 04/2023 | Convert from rules/workflows to playbooks and update Panorama api version to v9.1 |
 | 1.2.0 | 10/2022 | Multi-tenancy support added |
@@ -65,6 +67,7 @@ This integration contains Functions to interact with address groups, addresses,
 * Get addresses from Panorama and PanOS
 * Get users from Panorama
 * Create a new address in Panorama and PanOS
+* Commit changes to Panorama and PanOS
 
 ---
 
@@ -75,13 +78,13 @@ This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRa
 The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.
 
 If deploying to a SOAR platform with an App Host, the requirements are:
-* SOAR platform >= `49.0.0`.
+* SOAR platform >= `51.0.0`.
 * The app is in a container-based format (available from the AppExchange as a `zip` file).
 
 If deploying to a SOAR platform with an integration server, the requirements are:
-* SOAR platform >= `49.0.0`.
+* SOAR platform >= `51.0.0`.
 * The app is in the older integration format (available from the AppExchange as a `zip` file which contains a `tar.gz` file).
-* Integration server is running `resilient_circuits>=49.0.0`.
+* Integration server is running `resilient_circuits>=51.0.0`.
 * If using an API key account, make sure the account provides the following minimum permissions:
   | Name | Permissions |
   | ---- | ----------- |
@@ -113,8 +116,8 @@ The app does support a proxy server.
 ### Python Environment
 Python 3.9 and Python 3.11 are supported.
 Additional package dependencies may exist for each of these packages:
-* resilient-lib>=49.0.0
-* resilient_circuits>=49.0.0
+* resilient-lib>=51.0.0
+* resilient_circuits>=51.0.0
 * xmltodict>=0.12.0
 
 ---
@@ -152,7 +155,97 @@ For enterprises with more than one Panorama instance, each instance will have it
 
 Be aware that modifications to the workflows will be needed to correctly pass this label through the `panorama_label` function input field if the Panorama server/servers in the app.config have labels.
 
-If you have existing custom workflows, see [Creating workflows when server/servers in app.config are labeled](#creating-workflows-when-serverservers-in-appconfig-are-labeled) for more information about changing them to reference the `panorama_label` function input field.
+If you have existing custom playbooks, see [Creating playbooks when server/servers in app.config are labeled](#creating-playbooks-when-serverservers-in-appconfig-are-labeled) for more information about changing them to reference the `panorama_label` function input field.
+
+---
+
+## Function - Panorama Commit
+Commit changes that have been made on the Panorama server
+
+ ![screenshot: fn-panorama-commit ](./doc/screenshots/fn-panorama-commit.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `panorama_label` | `text` | No | `-` | Label of the server to use |
+| `panorama_location` | `select` | Yes | `-` | The location of the entry |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "@code": "19",
+    "@status": "success",
+    "result": {
+      "job": "8",
+      "msg": {
+        "line": "Commit job enqueued with jobid 8"
+      }
+    }
+  },
+  "inputs": {
+    "panorama_label": "panOS",
+    "panorama_location": "vsys"
+  },
+  "metrics": {
+    "execution_time_ms": 1245,
+    "host": "local",
+    "package": "fn-pa-panorama",
+    "package_version": "1.5.0",
+    "timestamp": "2024-08-09 09:01:22",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+if getattr(playbook.inputs, "panorama_label", None):
+  inputs.panorama_label = getattr(playbook.inputs, "panorama_label", None)
+inputs.panorama_location = "vsys"
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+note = ""
+results = playbook.functions.results.commit_output
+edit_addresses = playbook.functions.results.edit_addresses_results
+if edit_addresses.get("success"):
+  note += f"Panorama IP Address: {artifact.value} was unblocked.\n"
+else:
+  note += f"Panorama Unblock IP address failed with reason: {edit_addresses.get('reason')}\n"
+
+if results.get("success"):
+  note += str(results.get("content", {}).get("result", {}).get("msg", {}).get("line"))
+
+incident.addNote(note)
+```
+
+</p>
+</details>
 
 ---
 
diff --git a/_sources/fn_sep/README.md.txt b/_sources/fn_sep/README.md.txt
index 9c228c6e1..b4d0962f1 100644
--- a/_sources/fn_sep/README.md.txt
+++ b/_sources/fn_sep/README.md.txt
@@ -1,25 +1,6 @@
-<!--
-  This README.md is generated by running:
-  "resilient-sdk docgen -p fn_sep"
-
-  It is best edited using a Text Editor with a Markdown Previewer. VS Code
-  is a good example. Checkout https://guides.github.com/features/mastering-markdown/
-  for tips on writing with Markdown
-
-  All fields followed by "::CHANGE_ME::"" should be manually edited
-
-  If you make manual edits and run docgen again, a .bak file will be created
-
-  Store any screenshots in the "doc/screenshots" directory and reference them like:
-  ![screenshot: screenshot_1](./screenshots/screenshot_1.png)
-
-  NOTE: If your app is available in the container-format only, there is no need to mention the integration server in this readme.
--->
-
 # Symantec Endpoint Protection
 
 ## Table of Contents
-
 - [Release Notes](#release-notes)
 - [Overview](#overview)
   - [Key Features](#key-features)
@@ -35,61 +16,62 @@
   - [Custom Layouts](#custom-layouts)
 - [Function - SEP - Add Fingerprint List](#function---sep---add-fingerprint-list)
 - [Function - SEP - Assign Fingerprint List to Group](#function---sep---assign-fingerprint-list-to-group)
+- [Function - SEP - Cancel a Command](#function---sep---cancel-a-command)
 - [Function - SEP - Delete Fingerprint List](#function---sep---delete-fingerprint-list)
 - [Function - SEP - Get Command Status](#function---sep---get-command-status)
 - [Function - SEP - Get Computers](#function---sep---get-computers)
+- [Function - SEP - Get Critical Events Info](#function---sep---get-critical-events-info)
 - [Function - SEP - Get Domains](#function---sep---get-domains)
+- [Function - SEP - Get Exceptions Policy](#function---sep---get-exceptions-policy)
 - [Function - SEP - Get File Content as Base64](#function---sep---get-file-content-as-base64)
 - [Function - SEP - Get Fingerprint List](#function---sep---get-fingerprint-list)
+- [Function - SEP - Get Firewall Policy](#function---sep---get-firewall-policy)
 - [Function - SEP - Get Groups](#function---sep---get-groups)
+- [Function - SEP - Get Policy Summary](#function---sep---get-policy-summary)
 - [Function - SEP - Move endpoint](#function---sep---move-endpoint)
 - [Function - SEP - Quarantine Endpoints](#function---sep---quarantine-endpoints)
 - [Function - SEP - Scan Endpoints](#function---sep---scan-endpoints)
 - [Function - SEP - Update Fingerprint List](#function---sep---update-fingerprint-list)
 - [Function - SEP - Upload File to SEPM](#function---sep---upload-file-to-sepm)
-- [Function - SEP: Cancel a Command](#function---sep-cancel-a-command)
-- [Function - SEP: Get Critical Events Info](#function---sep-get-critical-events-info)
-- [Function - SEP: Get Exceptions Policy](#function---sep-get-exceptions-policy)
-- [Function - SEP: Get Firewall Policy](#function---sep-get-firewall-policy)
-- [Function - SEP: Get Policy Summary](#function---sep-get-policy-summary)
 - [Script - scr_sep_add_artifact_from_scan_results](#script---scr_sep_add_artifact_from_scan_results)
 - [Script - scr_sep_parse_email_notification](#script---scr_sep_parse_email_notification)
+- [Data Table - Symantec SEP - Critical Events](#data-table---symantec-sep---critical-events)
 - [Data Table - Symantec SEP - Endpoint details](#data-table---symantec-sep---endpoint-details)
 - [Data Table - Symantec SEP - Endpoint status summary](#data-table---symantec-sep---endpoint-status-summary)
 - [Data Table - Symantec SEP - EOC scan results](#data-table---symantec-sep---eoc-scan-results)
 - [Data Table - Symantec SEP - Fingerprint lists](#data-table---symantec-sep---fingerprint-lists)
 - [Data Table - Symantec SEP - Groups](#data-table---symantec-sep---groups)
 - [Data Table - Symantec SEP - Non-compliant Endpoints status details](#data-table---symantec-sep---non-compliant-endpoints-status-details)
-- [Rules](#rules)
+- [Playbooks](#playbooks)
 - [Troubleshooting & Support](#troubleshooting--support)
 
 ---
 
 ## Release Notes
-
-<!--
-  Specify all changes in this release. Do not remove the release
-  notes of a previous release
--->
-
-| Date | Version | Notes |
-| ---: | :------: | :---- |
+| Version | Date | Notes |
+| ------- | ---- | ----- |
+| 06/2024 | 1.2.0 | Add support for SHA256 hashes. Convert rules/workflows to playbooks. |
 | 11/2023 | 1.1.1 | Convert Workflow/Script to Python3 |
 | 01/2023 | 1.1.0 | Five more functions added (Cancel a command, Get critical event information, Get all policy summary, Get firewall policy, Get exceptions policy) and relevant test functions implemented. Payload, ReadMe added and bug fix for patch import.|
 | 12/2022 | 1.0.2 | Bug fix for osname and selftest |
 | 11/2020 | 1.0.1 | Support added for App Host |
 | 08/2019 | 1.0.0 | Initial Release |
 
+---
+
+## 1.2.0 Changes
+In v1.2, the existing rules and workflows have been replaced with playbooks. This change is made to support the ongoing, newer capabilities of playbooks. Each playbook has the same functionality as the previous, corresponding rule/workflow.
+
+If upgrading from a previous release, you'll noticed that the previous release's rules/workflows remain in place. Both sets of rules and playbooks are active. For manual actions, playbooks will have the same name as it's corresponding rule, but with "(PB)" added at the end. For automatic actions, the playbooks will be disabled by default.
+
+You can continue to use the rules/workflows. But migrating to playbooks will provide greater functionality along with future app enhancements and bug fixes.
+
 ## Overview
 
-<!--
-  Provide a high-level description of the function itself and its remote software or application.
-  The text below is parsed from the "description" and "long_description" attributes in the setup.py file
--->
 **Symantec Endpoint Protection Integration for IBM SOAR**
 
-
  ![screenshot: main](./doc/screenshots/main.png)
+
 Integration with Symantec Endpoint Protection to facilitate manual enrichment and targeted remediation actions. Teams can investigate an attack by hunting for IOCs or suspect Endpoints across an enterprise, and quickly respond to attacks by executing endpoint remediation actions, such as deleting or blacklisting suspicious files from within the IBM SOAR platform.
 
 ### Key Features
@@ -101,13 +83,13 @@ Integration with Symantec Endpoint Protection to facilitate manual enrichment an
 •	Get groups.
 •	Get fingerprint lists.
 •	Add or delete an MD5 hash value from a fingerprint list, which can be used to blacklist files.
-•	Assign a fingerprint list to a group for system lockdown.
+•	Assign a fingerprint list to a group for system lock down.
 •	Delete a fingerprint list.
 •	Move an endpoint to a new group.
 •	Quarantine an endpoint.
 •	Cancel a command
 •	Get critical event information
-• 	Get all policy summary
+• Get all policy summary
 •	Get firewall policy
 •	Get exceptions policy
 
@@ -115,23 +97,19 @@ Integration with Symantec Endpoint Protection to facilitate manual enrichment an
 
 ## Requirements
 
-<!--
-  List any Requirements
--->
-
 This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRadar SOAR for IBM Cloud Pak for Security.
 
 ### SOAR platform
-The SOAR platform supports two app deployment mechanisms, Edge Gateway (formerly App Host) and integration server.
+The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.
 
-If deploying to a SOAR platform with an Edge Gateway, the requirements are:
-* SOAR platform >= `45.0.7899`.
+If deploying to a SOAR platform with an App Host, the requirements are:
+* SOAR platform >= `51.0.0.0.9340`.
 * The app is in a container-based format (available from the AppExchange as a `zip` file).
 
 If deploying to a SOAR platform with an integration server, the requirements are:
-* SOAR platform >= `45.0.7899`.
+* SOAR platform >= `51.0.0.0.9340`.
 * The app is in the older integration format (available from the AppExchange as a `zip` file which contains a `tar.gz` file).
-* Integration server is running `resilient_circuits>=47.1.0`.
+* Integration server is running `resilient_circuits>=51.0.0`.
 * If using an API key account, make sure the account provides the following minimum permissions:
   | Name | Permissions |
   | ---- | ----------- |
@@ -147,7 +125,7 @@ The above guides are available on the IBM Documentation website at [ibm.biz/soar
 
 ### Cloud Pak for Security
 If you are deploying to IBM Cloud Pak for Security, the requirements are:
-* IBM Cloud Pak for Security >= `1.10`.
+* IBM Cloud Pak for Security >= `1.10.15`.
 * Cloud Pak is configured with an Edge Gateway.
 * The app is in a container-based format (available from the AppExchange as a `zip` file).
 
@@ -161,12 +139,11 @@ These guides are available on the IBM Documentation website at [ibm.biz/cp4s-doc
 The app **does** support a https proxy server.
 
 ### Python Environment
-
-Python >= 3.6 is supported.
+Python 3.9, 3.11, and 3.12 are officially supported. When deployed as an app, the app runs on Python 3.11.
 Additional package dependencies may exist for each of these packages:
-* resilient_circuits>=46.0.0
-* resilient_lib>=46.0.0
 * defusedxml==0.7.1
+* resilient_circuits>=51.0.0
+* resilient_lib>=51.0.0
 
 ### Endpoint Developed With
 
@@ -184,31 +161,24 @@ This app has been implemented using:
 * To install or uninstall an App on _IBM Cloud Pak for Security_, see the documentation at [ibm.biz/cp4s-docs](https://ibm.biz/cp4s-docs) and follow the instructions above to navigate to Orchestration and Automation.
 
 ### App Configuration
-
 The following table provides the settings you need to configure the app. These settings are made in the app.config file. See the documentation discussed in the Requirements section for the procedure.
 
 | Config | Required | Example | Description |
 | ------ | :------: | ------- | ----------- |
 | **sep_host** | Yes | `<SEPM server dns name or ip address>` | *DNS name of ip address of the SEP server.* |
-| **sep_port** | Yes | `8446` | *The port on which the app is accessible * |
-| **sep_auth_path** | Yes | `/sepm/api/v1/identity/authenticate` | *Authentiaction Path for SEP api.* |
+| **sep_port** | Yes | `8446` | *The port on which the app is accessible* |
+| **sep_auth_path** | Yes | `/sepm/api/v1/identity/authenticate` | *Authentication Path for SEP api.* |
 | **sep_base_path** | Yes | `/sepm/api/v1` | *Base path for SEP api.* |
 | **sep_username** | Yes | `<username>` | *User name for SEP api access.* |
-| **sep_password** | Yes | `<password>` | *User password for SEP api access.*  |
-| **sep_domain** | Yes | `<SEP domain name>` | *User password for McAfee ESM api access.*  |
-| **sep_results_limit** | Yes | `200` | *Limit result sent to IBM SOAR, add full result as an attachment.*  |
-| **sep_scan_timeout** | Yes | `1800` | *Period of time (seconds) to wait for all endpoints to return a scan result.*  |
+| **sep_password** | Yes | `<password>` | *User password for SEP api access.* |
+| **sep_domain** | Yes | `<SEP domain name>` | *User password for McAfee ESM api access.* |
+| **sep_results_limit** | Yes | `200` | *Limit result sent to IBM SOAR, add full result as an attachment.* |
+| **sep_scan_timeout** | Yes | `1800` | *Period of time (seconds) to wait for all endpoints to return a scan result.* |
 | **https_proxy** | No | `<HTTPS_PROXY>` | *Optional settings for accessing Symantec Endpoint Protection via a https proxy* |
 | **client_auth_cert** | No | `<CLIENT_AUTH_CERT>` | *Specify path to <cert.pem> file if client certs are needed to authenticate* |
 | **client_auth_key** | No | `<CLIENT_AUTH_KEY>` | *Specify path to <cert_private_key.pem> file if client certs are needed to authenticate* |
 
-
 ### Custom Layouts
-<!--
-  Use this section to provide guidance on where the user should add any custom fields and data tables.
-  You may wish to recommend a new incident tab.
-  You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
--->
 * To use the functions, create new Incident tabs e.g. Symantec SEP - Threats, Symantec SEP - Blacklists and Symantec SEP - Status. Drag the SEP data tables on to the layouts and click Save as shown in the screenshots below:
   ![screenshot: custom_layouts_1](./doc/screenshots/custom_layouts_1.png)
   ![screenshot: custom_layouts_2](./doc/screenshots/custom_layouts_2.png)
@@ -220,6 +190,7 @@ The following table provides the settings you need to configure the app. These s
 Add an MD5 hash to a new fingerprint list.
 Note: Currently only supports MD5 hash type.
 
+ ![screenshot: fn-sep---add-fingerprint-list ](./doc/screenshots/fn-sep---add-fingerprint-list.png)
 <details><summary>Inputs:</summary>
 <p>
 
@@ -241,109 +212,84 @@ Note: Currently only supports MD5 hash type.
 ```python
 results = {
   "content": {
-    "id": "id"
+    "id": "44BB68279D984220AD60A069DCF6079F"
   },
   "inputs": {
-    "sep_description": "This is test of adding files in blacklist.",
-    "sep_domainid": "domainid",
-    "sep_fingerprintlist_name": "Test Blacklist 13",
-    "sep_hash_value": "hash_value"
+    "sep_description": "Fingerprint list \u0027Blacklist2\u0027",
+    "sep_domainid": "6E70F043092E5BB93F74FD57C083F99E",
+    "sep_fingerprintlist_name": "Blacklist2",
+    "sep_hash_value": "e4ac4548eeebdba19817b5c47322f0c95a17a9ef6af4099088d6e552f34038d9"
   },
   "metrics": {
-    "execution_time_ms": 2322,
-    "host": "host",
+    "execution_time_ms": 226915,
+    "host": "local",
     "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 06:33:51",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-15 08:34:13",
     "version": "1.0"
   },
-  "raw": "{\"id\": \"id\"}",
+  "raw": null,
   "reason": null,
   "success": true,
-  "version": "1.0"
+  "version": 2.0
 }
 ```
 
 </p>
 </details>
 
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
 ```python
-domain_content_results =  workflow.properties.get_domains_results
-content = domain_content_results.content
+content = playbook.functions.results.get_domains_results.get("content", [])
+
 for i in range(len(content)):
-  if content[i]["name"] ==  rule.properties.sep_domain_name:
-    inputs.sep_domainid = content[i]["id"]
+  if content[i].get("name") == playbook.inputs.sep_domain_name:
+    inputs.sep_domainid = content[i].get("id")
     break
+
 inputs.sep_hash_value = artifact.value
-inputs.sep_fingerprintlist_name = rule.properties.sep_fingerprintlist_name
+inputs.sep_fingerprintlist_name = playbook.inputs.sep_fingerprintlist_name
 inputs.sep_description = "Fingerprint list '{}'".format(inputs.get("sep_fingerprintlist_name"))
 ```
 
 </p>
 </details>
 
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
 ```python
-##  Symantec Endpoint Protection  - fn_sep_add_fingerprint_list script ##
-# Example result:
-"""
-Result: {'inputs': {u'sep_description': u'Hash of type Malware MD5 Hash',
-                   u'sep_fingerprintlist_name': u'Blacklist',
-                   u'sep_hash_value': u'482F9B6E0CC4C1DBBD772AAAF088CB3A',
-                   u'sep_domainid': u'A9B4B7160946C25D24B6AA458EF5557F'
-                   },
-        'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-14 12:02:37', 'package_version': '1.0.0',
-                    'host': 'myhost.ibm.com', 'version': '1.0', 'execution_time_ms': 1417
-                    },
-        'success': True,
-        'content': {u'id': u'AB29BEA5333C488694B9533E65858BF2'},
-        'raw': '{"id": "AB29BEA5333C488694B9533E65858BF2"}',
-        'reason': None,
-        'version': '1.0'
-}
-"""
+## Symantec Endpoint Protection - fn_sep_add_fingerprint_list script ##
 FN_NAME = "Add Hash to Fingerprint List"
 WF_NAME = "fn_sep_add_fingerprint_list"
-CONTENT = results.content
-INPUTS = results.inputs
-
-def main():
-    if CONTENT is not None:
-        # If we got here we assume we are successsful.
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: Successfully added MD5 hash <b>{1}</b> to new fingerprint list <b>{2}</b> for Resilient function " \
-                   "<b>{3}</b>".format(WF_NAME, artifact.value, INPUTS["sep_fingerprintlist_name"], FN_NAME)
-
-    else:
-        note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There was <b>no</b> results returned for Resilient " \
-                     "function <b>{1}</b>".format(WF_NAME, FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
+results = playbook.functions.results.add_fingerprintlist_results
+INPUTS = results.get("inputs")
+note_text = None
+hash_type = "MD5"
+if artifact.type == "Malware SHA-256 Hash":
+  hash_type = "SHA256"
+
+if results.get("success"):
+  # If we got here we assume we are successful.
+  note_text = f"Symantec SEP Integration:\nPlaybook <b>{WF_NAME}</b>:\nSuccessfully added {hash_type} hash <b>{artifact.value}</b> to new fingerprint "\
+              f"list <b>{INPUTS.get('sep_fingerprintlist_name')}</b> for SOAR function <b>{FN_NAME}</b>"
+else:
+  note_text = f"Symantec SEP Integration:\nPlaybook <b>{WF_NAME}</b>:\nFailed with reason: {results.get('reason')}"
 
-if __name__ == "__main__":
-    main()
+incident.addNote(helper.createRichText(note_text))
 ```
 
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_domainid": </summary>
-<p>
-
-Value of `sep_domainid` field can be refered from [Function - SEP - Get Domains](#function---sep---get-domains) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
-
-</p>
-</details>
-
 ---
 ## Function - SEP - Assign Fingerprint List to Group
 Assign a fingerprint list to a group for lock-down.
 
+ ![screenshot: fn-sep---assign-fingerprint-list-to-group ](./doc/screenshots/fn-sep---assign-fingerprint-list-to-group.png)
+
 <details><summary>Inputs:</summary>
 <p>
 
@@ -385,87 +331,122 @@ results = {
 </p>
 </details>
 
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
 ```python
-content = workflow.properties.get_fingerprintlist_results.content
-inputs.sep_fingerprintlist_id = content["id"]
+content = playbook.functions.results.get_fingerprintlist_results.get("content", {})
+inputs.sep_fingerprintlist_id = content.get("id")
 inputs.sep_groupid = row.group_id
 ```
 
 </p>
 </details>
 
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
 ```python
-##  Symantec Endpoint Protection  - fn_sep_assign_fingerprint_list_to_group ##
-# Example result:
-"""
-Result:{'inputs': {u'sep_fingerprintlist_id': u'E60B061FDD844EBF9778D4BD2AC3942A', u'sep_groupid': u'7E4BB119A9FE9DC526EDABFB1EE261B8'},
-        'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-28 17:53:52', 'package_version': '1.0.0', 'host': 'myhost',
-                   'version': '1.0', 'execution_time_ms': 1225},
-        'success': True,
-        'content': '',
-        'raw': '""',
-        'reason': None,
-        'version': '1.0'
- }
-"""
-#  Globals
+## Symantec Endpoint Protection - fn_sep_assign_fingerprint_list_to_group ##
+# Globals
 FN_NAME = "fn_sep_assign_fingerprint_list_to_group"
 WF_NAME = "Assign Fingerprint List to lockdown group"
-DATA_TBL_FIELDS = ["domain_name", "list_name", "list_id", "list_description", "hash_values", "hash_type", "group_ids"]
-CONTENT = results.content
-INPUTS = results.inputs
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
+results = playbook.functions.results.assign_fingerprintlist_to_group_results
+content = results.get("content", {})
+INPUTS = results.get("inputs", {})
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
 
 # Processing
+note_text = ''
+if content:
+  if isinstance(content, dict) and content.get("errorCode") and int(content.get("errorCode")) == 400:
+    # The finger print list doesn't exist.
+    note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThe fingerprint list <b>{1}</b> does not exist or is invalid " \
+                "for domain id <b>{2}</b> for SOAR function <b>{3}</b>"\
+        .format(WF_NAME, INPUTS.get("sep_fingerprintlist_name"), row.domain_id, FN_NAME)
+  else:
+    note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nSuccessfully assigned fingerprint list with id " \
+                "<b>{1}</b> to group with id <b>{2}</b> for SOAR function <b>{3}</b>"\
+        .format(WF_NAME, INPUTS.get("sep_fingerprintlist_id"), INPUTS.get("sep_groupid"), FN_NAME)
 
-def main():
-    note_text = ''
-
-    if CONTENT is not None:
-        if "errorCode" in CONTENT and int(CONTENT["errorCode"]) == 400:
-            # The finger print list doesn't exist.
-            note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: The fingerprint list <b>{1}</b> does not exist or is invalid " \
-                        "for domain id <b>{2}</b> for Resilient function <b>{3}</b>"\
-                .format( WF_NAME, INPUTS["sep_fingerprintlist_name"], row.domain_id, FN_NAME)
-        else:
-            note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: Successfully assigned fingerprint list  with id " \
-                        "<b>{1}</b> to group with id <b>{2}</b> for Resilient function <b>{3}</b>"\
-                .format(WF_NAME, INPUTS["sep_fingerprintlist_id"], INPUTS["sep_groupid"], FN_NAME)
+else:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere were <b>no</b> results returned " \
+               "with fingerprint id <b>{1}</b> and group id <b>{2}</b> for SOAR function <b>{3}</b>"\
+      .format(WF_NAME, INPUTS.get("sep_fingerprintlist_id"), INPUTS.get("sep_groupid"), FN_NAME)
 
-    else:
-        note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There were <b>no</b> results returned " \
-                     "with fingerprint id <b>{1}</b> and group id <b>{2}</b> for Resilient function <b>{3}</b>"\
-            .format(WF_NAME, INPUTS["sep_fingerprintlist_id"], INPUTS["sep_groupid"], FN_NAME)
+incident.addNote(helper.createRichText(note_text))
+```
 
-    incident.addNote(helper.createRichText(note_text))
+</p>
+</details>
 
-if __name__ == "__main__":
-    main()
+---
+## Function - SEP - Cancel a Command
+Cancels an existing command by creating a new cancel command for clients for which the command is still pending.
+
+ ![screenshot: fn-sep---cancel-a-command ](./doc/screenshots/fn-sep---cancel-a-command.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_command_id` | `text` | Yes | `-` | The command ID for which details are needed. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "commandID": "4C697374D15C433880A56800BAC25E56"
+  },
+  "inputs": {
+    "sep_command_id": "367F5DE4A7F346E4A40B3475DFD93B06"
+  },
+  "metrics": {
+    "execution_time_ms": 1322,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-17 10:59:14",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
 ```
 
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_groupid": </summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
-Value of `sep_groupid` field can be refered from [Function - SEP - Get Groups](#function---sep---get-groups) function's output. <br>
-Ex. `id` attribute from following path `content-->content-->id`.
+```python
+inputs.sep_command_id = playbook.inputs.sep_command_id
+```
 
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_fingerprintlist_id": </summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
-Value of `sep_fingerprintlist_id` field can be refered from [Function - SEP - Add Fingerprint List](#function---sep---add-fingerprint-list) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
+```python
+results = playbook.functions.results.cancel_command_results
+if results.get("success"):
+  incident.addNote(f"SEP Command {playbook.inputs.sep_command_id} was canceled.")
+else:
+  incident.addNote(f"SEP Command {playbook.inputs.sep_command_id} was not canceled. Reason: {results.get('reason')}")
+```
 
 </p>
 </details>
@@ -474,6 +455,8 @@ Ex. `id` attribute from following path `content-->id`.
 ## Function - SEP - Delete Fingerprint List
 Delete  a  fingerprint list.
 
+ ![screenshot: fn-sep---delete-fingerprint-list ](./doc/screenshots/fn-sep---delete-fingerprint-list.png)
+
 <details><summary>Inputs:</summary>
 <p>
 
@@ -513,7 +496,7 @@ results = {
 </p>
 </details>
 
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
 ```python
@@ -523,80 +506,59 @@ inputs.sep_fingerprintlist_id = row.list_id
 </p>
 </details>
 
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
 ```python
-##  Symantec Endpoint Protection  - fn_sep_delete_fingerprint_list ##
-# Example result:
-"""
-Result:{'inputs': {u'sep_fingerprintlist_id': u'E60B061FDD844EBF9778D4BD2AC3942A'},
-         'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-29 10:36:53', 'package_version': '1.0.0', 'host': 'myhost',
-                     'version': '1.0', 'execution_time_ms': 1744},
-         'success': True,
-         'content': '',
-         'raw': '""',
-         'reason': None,
-         'version': '1.0'
- }
-"""
-#  Globals
+## Symantec Endpoint Protection - fn_sep_delete_fingerprint_list ##
+# Globals
 FN_NAME = "fn_sep_delete_fingerprint_list"
 WF_NAME = "Delete Fingerprint List"
-CONTENT = results.content
-INPUTS = results.inputs
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
+results = playbook.functions.results.delete_fingerprintlist_results
+content = results.get("content", {})
+INPUTS = results.get("inputs", {})
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
 
 # Processing
+note_text = ''
+if content:
+  if "errorCode" in content and int(content.get("errorCode")) == 410:
+    # The finger print list doesn't exist.
+    note_text = "Symantec SEP Integration:\nPlaybooks <b>{0}</b>:\nThe fingerprint list <b>{1}</b> does not exist or is invalid " \
+                "for SOAR function <b>{2}</b>"\
+        .format( WF_NAME, INPUTS.get("sep_fingerprintlist_name"), FN_NAME)
+  else:
+    note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nSuccessfully deleted fingerprint list with id " \
+                "<b>{1}</b> for SOAR function <b>{2}</b>"\
+        .format(WF_NAME, INPUTS.get("sep_fingerprintlist_id"), FN_NAME)
+    row.list_description = "Fingerprint list deleted"
+    row.hash_values = "Fingerprint list deleted"
+    row.list_id = "Fingerprint list deleted"
 
-def main():
-    note_text = ''
-
-    if CONTENT is not None:
-        if "errorCode" in CONTENT and int(CONTENT["errorCode"]) == 410:
-            # The finger print list doesn't exist.
-            note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: The fingerprint list <b>{1}</b> does not exist or is invalid " \
-                        "for Resilient function <b>{2}</b>"\
-                .format( WF_NAME, INPUTS["sep_fingerprintlist_name"], FN_NAME)
-        else:
-            note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: Successfully deleted fingerprint list  with id " \
-                        "<b>{1}</b> for Resilient function <b>{2}</b>"\
-                .format(WF_NAME, INPUTS["sep_fingerprintlist_id"], FN_NAME)
-
-    else:
-        note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There were <b>no</b> results returned " \
-                     "with fingerprint id <b>{1}</b> for Resilient function <b>{2}</b>"\
-            .format(WF_NAME, INPUTS["sep_fingerprintlist_id"],  FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
+else:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere were <b>no</b> results returned " \
+               "with fingerprint id <b>{1}</b> for SOAR function <b>{2}</b>"\
+      .format(WF_NAME, INPUTS.get("sep_fingerprintlist_id"),  FN_NAME)
 
-if __name__ == "__main__":
-    main()
+incident.addNote(helper.createRichText(note_text))
 ```
 
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_fingerprintlist_id": </summary>
-<p>
-
-Value of `sep_fingerprintlist_id` field can be refered from [Function - SEP - Add Fingerprint List](#function---sep---add-fingerprint-list) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
-
-</p>
-</details>
-
 ---
 ## Function - SEP - Get Command Status
 Gets the details of a command status from a command id.
 
+ ![screenshot: fn-sep---get-command-status ](./doc/screenshots/fn-sep---get-command-status.png)
+
 <details><summary>Inputs:</summary>
 <p>
 
 | Name | Type | Required | Example | Tooltip |
 | ---- | :--: | :------: | ------- | ------- |
 | `sep_commandid` | `text` | No | `-` | Command id of SEP job. |
-| `sep_incident_id` | `number` | No | `-` | The IBM SOAR incident id. |
+| `sep_incident_id` | `number` | No | `-` | The IBM SOAR incident ID. |
 | `sep_matching_endpoint_ids` | `boolean` | No | `-` | Get list of matching endpoints. |
 | `sep_order` | `text` | No | `-` | Specifies whether the results are in ascending order (ASC) or descending order (DESC). |
 | `sep_pageindex` | `number` | No | `-` | The index page that is used for the returned results. The default page index is 1. |
@@ -618,18 +580,18 @@ results = {
   "content": {
     "content": [
       {
-        "beginTime": "2023-01-06T09:51:09Z",
-        "binaryFileId": "binaryFileId",
-        "computerId": "computerId",
-        "computerIp": "000.00.00.00",
-        "computerName": "computerName",
-        "currentLoginUserName": "Testuser",
+        "beginTime": null,
+        "binaryFileId": null,
+        "computerId": "01ECF4E8092E5BB91E4D52E45C3ABE4D",
+        "computerIp": "9.37.29.102",
+        "computerName": "WIN-N5KGH4CP3N3",
+        "currentLoginUserName": "Administrator",
         "domainName": "Default",
-        "hardwareKey": "hardwareKey",
-        "lastUpdateTime": "2023-01-06T09:51:09Z",
-        "resultInXML": "",
-        "stateId": 3,
-        "subStateDesc": "C:\\Users\\Public\\Documents\\sample.exe",
+        "hardwareKey": "8DACE2559C1C951E09CC0BF71D973BB7",
+        "lastUpdateTime": null,
+        "resultInXML": null,
+        "stateId": 0,
+        "subStateDesc": null,
         "subStateId": 0
       }
     ],
@@ -637,7 +599,7 @@ results = {
     "lastPage": true,
     "number": 0,
     "numberOfElements": 1,
-    "overall_command_state": "Completed",
+    "overall_command_state": "In progress",
     "remediate_artifact_value": "",
     "scan_artifact_value": "",
     "size": 20,
@@ -654,125 +616,107 @@ results = {
     "total_fail_remediation_count": 0,
     "total_match_count": 0,
     "total_match_ep_count": 0,
-    "total_not_completed": 0,
+    "total_not_completed": 1,
     "total_remediation_count": 0,
     "total_remediation_ep_count": 0
   },
   "inputs": {
-    "sep_commandid": "commandid",
+    "sep_commandid": "1CA9D4F37DD94CA88A9D93D09402E3D3",
+    "sep_incident_id": 2133,
     "sep_status_type": "quarantine"
   },
   "metrics": {
-    "execution_time_ms": 2060,
-    "host": "host",
+    "execution_time_ms": 765,
+    "host": "my.app.host",
     "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 13:56:03",
+    "package_version": "1.2.0",
+    "timestamp": "2024-08-21 08:40:33",
     "version": "1.0"
   },
-  "raw": "{\"content\": [{\"beginTime\": \"2023-01-06T09:51:09Z\", \"lastUpdateTime\": \"2023-01-06T09:51:09Z\", \"computerName\": \"EC2AMAZ-O9BT872\", \"computerIp\": \"172.31.37.22\", \"domainName\": \"Default\", \"currentLoginUserName\": \"Administrator\", \"stateId\": 3, \"subStateId\": 0, \"subStateDesc\": \"C:\\\\Users\\\\Public\\\\Documents\\\\sample.exe\", \"binaryFileId\": \"F1568E3BAC1F211B397E2DAC71FD6BF7\", \"resultInXML\": \"\", \"computerId\": \"CD08C63EAC1F211B1B6FD4039B293000\", \"hardwareKey\": \"E4A30FDB287F7B23F9BF22166FD54BF1\"}], \"totalPages\": 1, \"firstPage\": true, \"lastPage\": true, \"totalElements\": 1, \"size\": 20, \"number\": 0, \"sort\": [{\"direction\": \"ASC\", \"property\": \"Begintime\", \"ascending\": true}], \"numberOfElements\": 1, \"total_match_count\": 0, \"total_match_ep_count\": 0, \"total_remediation_count\": 0, \"total_fail_remediation_count\": 0, \"total_remediation_ep_count\": 0, \"total_not_completed\": 0, \"total_ep_count\": 1, \"scan_artifact_value\": \"\", \"remediate_artifact_value\": \"\", \"overall_command_state\": \"Completed\"}",
+  "raw": null,
   "reason": null,
   "success": true,
-  "version": "1.0"
+  "version": 2.0
 }
 ```
 
 </p>
 </details>
 
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
 ```python
-inputs.sep_commandid = row.quarantine_commandid
-inputs.sep_status_type = "quarantine"
+inputs.sep_incident_id = incident.id
+inputs.sep_commandid = row.remediation_commandid
+inputs.sep_status_type = "remediation"
 ```
 
 </p>
 </details>
 
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
 ```python
-##  Symantec Endpoint Protection  - fn_sep_get_command_status script ##
-# Example result:
-"""
-Result: { 'inputs': {u'sep_status_type': u'quarantine', u'sep_commandid': u'7D3670DDF5A64A99B3721BF8A375B302'},
-          'metrics': {'package': 'fn-sep', 'timestamp': '2019-04-26 15:25:55', 'package_version': '1.0.0',
-                      'host': 'myhost', 'version': '1.0', 'execution_time_ms': 1256},
-          'success': True,
-          'content': {u'sort': [{u'direction': u'ASC', u'property': u'Begintime', u'ascending': True}], 'command_state': 'Completed', u'number': 0, u'firstPage': True, ': 0, u'content': [{u'computerName': u'WIN-N5KGH4CP3N3', u'subStateId u'binaryFileId': None, u'lastUpdateTime':
-                        u'2019-04-26T11:05:27Z', u'domainName': u'Default', u'hardwareKey': u'DC7D24D6465566D2941F35BC8D17801E',
-                        u'subStateDesc': u'', u'stateId': 3, u'computerId': u'89AD1BBB0946C25D25E6C0984E971D8A', u'computerIp': u'9.70.194.94', u'beginTime': u'2019-04-26T11:05:27Z', u'currentLoginUserName': u'Administrator', u'resultInXML': u'', 'command_status_id': 3}], u'lastPage': True, u'totalPages': 1, u'numberOfElements': 1, u'totalElements': 1, u'size': 20},
-          'raw': '{"sort": [{"direction": "ASC", "property": "Begintime", "ascending": true}], "command_state": "Completed", "number": 0, "firstPage": true, "content": [{"computerName": "WIN-N5KGH4CP3N3", "subStateId": 0, "binaryFileId": null, "lastUpdateTime": "2019-04-26T11:05:27Z", "domainName": "Default", "hardwareKey": "DC7D24D6465566D2941F35BC8D17801E", "subStateDesc": "", "stateId": 3, "computerId": "89AD1BBB0946C25D25E6C0984E971D8A", "computerIp": "9.70.194.94", "beginTime": "2019-04-26T11:05:27Z", "currentLoginUserName": "Administrator", "resultInXML": "", "command_status_id": 3}], "lastPage": true, "totalPages": 1, "numberOfElements": 1, "totalElements": 1, "size": 20}', 'reason': None, 'version': '1.0'
-}
-"""
-#  Globals
+## Symantec Endpoint Protection - fn_sep_get_command_status script ##
+# Globals
 # List of fields in datatable fn_sep_get_command_status script
-DATA_TBL_FIELDS = ["quarantine_status", "quarantine_command_state", "endpoint_quarantine_status"]
+DATA_TBL_FIELDS = ["query_execution_date", "remediation_status"]
 FN_NAME = "fn_sep_get_command_status"
-WF_NAME = "Quarantine Endpoint"
-STATUS_TYPE = "quarantine"
-FINAL_STATUSES = {
-    0: "Not received",
-    1: "Received",
-    2: "In progress",
-    3: "Completed",
-    4: "Rejected",
-    5: "Canceled",
-    6: "Failed"
-}
+WF_NAME = "Get Remediation status"
+STATUS_TYPE = "remediate"
+results = playbook.functions.results.get_command_results
+REMEDIATE_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
+C_OUTER = results.get("content", {})
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
 
-C_OUTER = results.content
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
 # Processing
+remediation_command_state = C_OUTER.get("overall_command_state")
+total_remediation_count = C_OUTER.get("total_remediation_count")
+total_remediation_ep_count = C_OUTER.get("total_remediation_ep_count")
+total_fail_remediation_count = C_OUTER.get("total_fail_remediation_count")
+total_ep_count = C_OUTER.get("total_ep_count")
+att_name = C_OUTER.get("att_name")
 
-def main():
-
-    endpoint_quarantine_status = row.endpoint_quarantine_status["content"]
-    status_msg = "Un-quarantine" if endpoint_quarantine_status == "Quarantined" else "Quarantine"
-    note_text = ''
-    quarantine_command_state = C_OUTER["overall_command_state"]
-
-    if C_OUTER is not None and len(C_OUTER["content"]) > 0:
-        row.quarantine_command_state = quarantine_command_state
-        row.query_execution_date = QUERY_EXECUTION_DATE
-        computer = C_OUTER["content"][0]
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: <b>{1}</b> command status for command id <b>{2}</b> " \
-                    "for computer <b>{3}</b> was <b>{4}</b> for Resilient function <b>{5}</b>"\
-            .format(WF_NAME, status_msg, row.quarantine_commandid, row.computerName, FINAL_STATUSES[computer["stateId"]], FN_NAME)
-        if quarantine_command_state == "Completed":
-            row.quarantine_command_state = FINAL_STATUSES[computer["stateId"]]
-        else:
-            row.quarantine_command_state = quarantine_command_state
-
-    else:
-        note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There were <b>no</b> results returned for Resilient function <b>{1}</b>" \
-            .format(WF_NAME, FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
+note_text = ''
+att_note = ''
+if C_OUTER:
+  if total_remediation_count > 0:
+    att_note = "<br>Added full result as an attachment. Attachment name: <b>{0}</b>.".format(att_name)
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nRemediate artifact returned <b>{1}</b> remediated " \
+              "artifacts on <b>{2}</b> out of a total of <b>{3}</b> endpoints for artifact with type <b>{4}</b> " \
+              "and value <b>{5}</b> for SOAR function <b>{7}</b>.{6}" \
+      .format(WF_NAME, total_remediation_count, total_remediation_ep_count, total_ep_count, row.artifact_type,
+              row.artifact_value, att_note, FN_NAME)
+
+  if remediation_command_state == "Completed":
+    if total_fail_remediation_count == 0 and total_remediation_count > 0:
+      row.remediation_status = "{0} at {1}. For remediation results see note/attachment.".format(remediation_command_state, REMEDIATE_EXECUTION_DATE)
+    elif total_fail_remediation_count == 0 and total_remediation_count == 0:
+      row.remediation_status = "No match found"
+    elif total_fail_remediation_count > 0:
+      row.remediation_status = "Failed"
+  else:
+    row.remediation_status = remediation_command_state
+else:
+  row.remediation_status = remediation_command_state
+  note_text += "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nRemediate artifact returned <b>no</b> results for " \
+               "for artifact with type <b>{1}</b> and value <b>{2}</b> for SOAR function <b>{3}</b>"\
+      .format(WF_NAME, row.artifact_type, row.artifact_value, FN_NAME)
+incident.addNote(helper.createRichText(note_text))
 
-if __name__ == "__main__":
-    main()
 ```
 
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_commandid": </summary>
-<p>
-
-Value of `sep_commandid` field can be refered from the output of some of the functions like [Function - SEP - Scan Endpoints](#function---sep---scan-endpoints),  [Function - SEP - Upload File to SEPM](#function---sep---upload-file-to-sepm) etc. <br>
-Ex. `commandID/commandID_group/commandID_computer` attribute from following path `content-->commandID/commandID_group/commandID_computer`.
-
-</p>
-</details>
-
 ---
 ## Function - SEP - Get Computers
 Gets the information about the computers in a specified domain.
 
+ ![screenshot: fn-sep---get-computers ](./doc/screenshots/fn-sep---get-computers.png)
+
 <details><summary>Inputs:</summary>
 <p>
 
@@ -803,50 +747,51 @@ results = {
   "content": {
     "content": [
       {
-        "agentId": "agentId",
-        "agentTimeStamp": 1673003005980,
+        "agentId": "FC50D87A092E5BB91E4D52E4CB82C6CF",
+        "agentTimeStamp": 1724243995817,
         "agentType": "105",
-        "agentUsn": 252331,
-        "agentVersion": "14.3.9205.6000",
-        "apOnOff": 1,
+        "agentUsn": 1228250,
+        "agentVersion": "14.3.9717.7000",
+        "apOnOff": 3,
         "atpDeviceId": null,
         "atpServer": "",
         "attributeExtension": "",
-        "avDefsetRevision": "23",
-        "avDefsetSequence": "225331",
-        "avDefsetVersion": "230105023",
+        "avDefsetRevision": "21",
+        "avDefsetSequence": "236155",
+        "avDefsetVersion": "240820021",
         "avEngineOnOff": 1,
         "bashStatus": 1,
-        "biosVersion": "Xen - 0 Revision: 1.221",
+        "behavioralAnalysisDefsetVersion": "240820001",
+        "biosVersion": "INTEL  - 6040000 PhoenixBIOS 4.0 Release 6.0",
         "bwf": 2,
         "cidsBrowserFfOnOff": 1,
         "cidsBrowserIeOnOff": 1,
-        "cidsDefsetVersion": "230105073",
+        "cidsDefsetVersion": "240820081",
         "cidsDrvMulfCode": 0,
         "cidsDrvOnOff": 1,
-        "cidsEngineVersion": "17.2.10.7",
+        "cidsEngineVersion": "17.2.11.37",
         "cidsSilentMode": 0,
         "computerDescription": "",
-        "computerName": "computerName",
-        "computerTimeStamp": 1673001224119,
-        "computerUsn": 252244,
+        "computerName": "WIN-N5KGH4CP3N3",
+        "computerTimeStamp": 1724243995822,
+        "computerUsn": 1228250,
         "contentUpdate": 1,
-        "creationTime": 1670855079127,
-        "currentClientId": "currentClientId",
-        "daOnOff": 1,
+        "creationTime": 1721051528927,
+        "currentClientId": "76B1CFBD092E5BB91E4D52E426621842",
+        "daOnOff": 3,
         "deleted": 0,
         "department": "",
         "deploymentMessage": "",
         "deploymentPreVersion": "",
-        "deploymentRunningVersion": "14.3.9205.6000",
+        "deploymentRunningVersion": "14.3.9717.7000",
         "deploymentStatus": "302456832",
-        "deploymentTargetVersion": "14.3.9205.6000",
+        "deploymentTargetVersion": "14.3.9717.7000",
         "description": "",
-        "dhcpServer": "000.00.00.1",
+        "dhcpServer": "0.0.0.0",
         "diskDrive": "C:\\",
         "dnsServers": [
-          "0.0.0.0",
-          "0.0.0.0"
+          "9.42.106.2",
+          "9.42.106.3"
         ],
         "domainOrWorkgroup": "WORKGROUP",
         "edrStatus": 0,
@@ -857,54 +802,53 @@ results = {
         "encryptedDevicePassword": null,
         "fbwf": 2,
         "firewallOnOff": 1,
-        "freeDisk": 33266442240,
-        "freeMem": 2616713216,
+        "freeDisk": 57622753280,
+        "freeMem": 1404067840,
         "fullName": "",
         "gateways": [
-          "000.00.00.1",
-          "000.00.00.1",
+          "9.37.29.1",
+          "0.0.0.0",
           "0.0.0.0",
           "0.0.0.0"
         ],
         "group": {
           "domain": {
-            "id": "id",
+            "id": "6E70F043092E5BB93F74FD57C083F99E",
             "name": "Default"
           },
           "externalReferenceId": null,
           "fullPathName": null,
-          "id": "id",
-          "name": "My Company",
+          "id": "E5E684A6092E5BB90F46E84BB6F35BBC",
+          "name": "My Company\\Group1",
           "source": null
         },
         "groupUpdateProvider": false,
-        "hardwareKey": "hardwareKey",
+        "hardwareKey": "8DACE2559C1C951E09CC0BF71D973BB7",
         "homePhone": "",
-        "hypervisorVendorId": "3",
+        "hypervisorVendorId": "1",
         "idsChecksum": null,
         "idsSerialNo": "",
         "idsVersion": "",
-        "infected": 0,
+        "infected": 1,
         "installType": "0",
         "ipAddresses": [
-          "000.00.00.00",
-          "0000:0000:0000:0000:0000:0000:C3BE:E313"
+          "9.37.29.102"
         ],
         "isGrace": 0,
         "isNpvdiClient": 0,
         "jobTitle": "",
         "kernel": null,
-        "lastConnectedIpAddr": "000.00.00.00",
-        "lastDeploymentTime": 1670855163000,
-        "lastDownloadTime": 1670855103022,
+        "lastConnectedIpAddr": "9.37.29.102",
+        "lastDeploymentTime": 1721052502000,
+        "lastDownloadTime": 1721051552300,
         "lastHeuristicThreatTime": 0,
-        "lastScanTime": 1672980342000,
-        "lastServerId": "lastServerId",
-        "lastServerName": "lastServerName",
-        "lastSiteId": "lastSiteId",
+        "lastScanTime": 1724225880000,
+        "lastServerId": "477D0222092E5BB91EC14117B8C56C14",
+        "lastServerName": "c95648v1",
+        "lastSiteId": "C18D5D63092E5BB937BFAB713E75E3E9",
         "lastSiteName": "My Site",
-        "lastUpdateTime": 1673003005980,
-        "lastVirusTime": 0,
+        "lastUpdateTime": 1724243995809,
+        "lastVirusTime": 1723561216000,
         "licenseExpiry": 0,
         "licenseId": null,
         "licenseStatus": -1,
@@ -912,51 +856,49 @@ results = {
         "loginDomain": "LocalComputer",
         "logonUserName": "Administrator",
         "macAddresses": [
-          "02-00-00-00-00-80",
-          "02-00-00-00-00-80"
+          "00-50-56-B4-75-BA"
         ],
         "majorVersion": 14,
-        "memory": 4294557696,
+        "memory": 4294430720,
         "minorVersion": 3,
         "mobilePhone": "",
         "officePhone": "",
         "onlineStatus": 1,
-        "operatingSystem": "Windows Server 2019 Datacenter Edition",
+        "operatingSystem": "Windows Server 2012 Standard Edition",
         "osBitness": "x64",
         "osElamStatus": 0,
-        "osFlavorNumber": 8,
+        "osFlavorNumber": 7,
         "osFunction": "Server",
         "osLanguage": "en-US",
-        "osMajor": 10,
-        "osMinor": 0,
-        "osName": "Windows Server 2019",
-        "osServicePack": "17763",
-        "osVersion": "10.0",
-        "patternIdx": "patternIdx",
+        "osMajor": 6,
+        "osMinor": 2,
+        "osName": "Windows Server 2012",
+        "osServicePack": "9200",
+        "osVersion": "6.2",
+        "patternIdx": "B47B44938636895A503D54AEEB825207",
         "pepOnOff": 1,
-        "physicalCpus": 2,
-        "processorClock": 2300,
-        "processorType": "Intel64 Family 6 Model 79 Stepping 1",
+        "physicalCpus": 1,
+        "processorClock": 2400,
+        "processorType": "Intel64 Family 6 Model 45 Stepping 7",
         "profileChecksum": null,
-        "profileSerialNo": "AAAA-12/28/2022 14:30:24 853",
-        "profileVersion": "14.3.9205",
+        "profileSerialNo": "E5E6-08/21/2024 12:38:31 900",
+        "profileVersion": "14.3.25029",
         "pskVersion": 0,
         "ptpOnOff": 1,
-        "publicKey": "publicKey",
+        "publicKey": "BgIAAACkAABSU0ExAAgAAAEAAQDJQWPswlLrapkfkrrHE/GXPhvoJcmLbLXPs13mDC6PMI5zPm0p1FkQQMXuP3B7226OSac4j+WOqtQvTUy4poQwWn6ijUNuOmQE8AhjJGQeWbuN18jsUuu24T9S3xCcUUrGMPd5v8DIqAWZuXEZ5sjIXMhYI1hvTVmzKZNczXXw64kRvoc7/yDtC98uJfQxxWpIaa+oppPvtp8kYrdBTqwppDppJhocK+Jjs1l85Hkp7qdrNs+eZ33zMxUrlW/j8jvpOtcfIPLpqXD8FaClh7httfydwQqCeRZ2HBLVYIIZocOAuqKqGMvCpbdQAs/ypP5dH7zztwL4CunXJqMKeUy4",
         "quarantineCode": 105,
         "quarantineDesc": "Host Integrity check is disabled.\n Host Integrity policy has been disabled by the administrator.",
         "quarantineStatus": 3,
-        "readableLastScanTime": "2023-01-06 04:45:42",
-        "readableLastUpdateTime": "2023-01-06 11:03:25",
-        "readableLastVirusTime": "1970-01-01 00:00:00",
+        "readableLastScanTime": "2024-08-21 03:38:00",
+        "readableLastUpdateTime": "2024-08-21 08:39:55",
+        "readableLastVirusTime": "2024-08-13 11:00:16",
         "rebootReason": "",
         "rebootRequired": 0,
         "securityVirtualAppliance": null,
-        "serialNumber": "serialNumber1",
+        "serialNumber": "VMware-42 34 52 a5 74 32 c7 6d-a9 27 aa 84 04 d4 a1 29",
         "snacLicenseId": null,
         "subnetMasks": [
-          "000.000.000.0",
-          "64"
+          "255.255.255.0"
         ],
         "svaId": null,
         "tamperOnOff": 1,
@@ -964,27 +906,27 @@ results = {
         "tdadGlobalDataProcessingDoneTime": 0,
         "tdadOnOff": 3,
         "tdadStatusId": 127,
-        "telemetryHwid": "telemetryHwid",
-        "telemetryMid": "telemetryMid",
-        "timeZone": 0,
-        "timediffLastScanTime": 22878.328934907913,
-        "timediffLastUpdateTime": 214.34893488883972,
-        "timediffLastVirusTime": 1673003220.328935,
+        "telemetryHwid": "8E76E0DA-CE2B-2237-925B-67F7E347B878",
+        "telemetryMid": "B3EE6501-5E29-4F03-B9D8-64762C8EF84D",
+        "timeZone": 480,
+        "timediffLastScanTime": 18156.769050836563,
+        "timediffLastUpdateTime": 40.96005082130432,
+        "timediffLastVirusTime": 682820.7690508366,
         "tmpDevice": null,
-        "totalDiskSpace": 51197,
+        "totalDiskSpace": 81567,
         "tpmDevice": "0",
-        "uniqueId": "uniqueId",
-        "uuid": "uuid",
+        "uniqueId": "01ECF4E8092E5BB91E4D52E45C3ABE4D",
+        "uuid": "A5523442-3274-6DC7-A927-AA8404D4A129",
         "uwf": 2,
-        "virtualizationPlatform": "Citrix",
+        "virtualizationPlatform": "VMware",
         "vsicStatus": 3,
         "winServers": [
           "0.0.0.0",
           "0.0.0.0"
         ],
-        "worstInfectionIdx": "9999",
+        "worstInfectionIdx": "0",
         "writeFiltersStatus": null,
-        "wssStatus": 3
+        "wssStatus": 0
       }
     ],
     "firstPage": true,
@@ -1002,1568 +944,93 @@ results = {
     "totalElements": 1,
     "totalPages": 1
   },
-  "inputs": {},
+  "inputs": {
+    "sep_computername": "WIN-N5KGH4CP3N3"
+  },
   "metrics": {
-    "execution_time_ms": 2156,
-    "host": "host",
+    "execution_time_ms": 992,
+    "host": "my.app.host",
     "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 11:07:00",
+    "package_version": "1.2.0",
+    "timestamp": "2024-08-21 08:40:36",
     "version": "1.0"
   },
-  "raw": "{\"content\": [{\"group\": {\"id\": \"id\", \"name\": \"My Company\", \"fullPathName\": null, \"domain\": {\"id\": \"id\", \"name\": \"Default\"}, \"externalReferenceId\": null, \"source\": null}, \"ipAddresses\": [\"000.00.00.00\", \"FFFF:0000:0000:0000:1111:AAAA:CCCC:EEEE\"], \"macAddresses\": [\"02-00-00-00-00-80\", \"02-00-00-00-00-80\"], \"gateways\": [\"000.00.00.0\", \"000.00.00.0\", \"0.0.0.0\", \"0.0.0.0\"], \"subnetMasks\": [\"000.000.000.0\", \"64\"], \"dnsServers\": [\"0.0.0.0\", \"0.0.0.0\"], \"winServers\": [\"0.0.0.0\", \"0.0.0.0\"], \"description\": \"\", \"computerName\": \"computerName\", \"logonUserName\": \"Administrator\", \"domainOrWorkgroup\": \"WORKGROUP\", \"computerDescription\": \"\", \"processorType\": \"Intel64 Family 6 Model 79 Stepping 1\", \"processorClock\": 2300, \"physicalCpus\": 2, \"logicalCpus\": 0, \"memory\": 4294557696, \"biosVersion\": \"Xen - 0 Revision: 1.221\", \"osFunction\": \"Server\", \"osFlavorNumber\": 8, \"osName\": \"Windows Server 2019\", \"operatingSystem\": \"Windows Server 2019 Datacenter Edition\", \"osVersion\": \"10.0\", \"osMajor\": 10, \"osMinor\": 0, \"osServicePack\": \"17763\", \"osBitness\": \"x64\", \"tmpDevice\": null, \"uniqueId\": \"uniqueId\", \"hardwareKey\": \"hardwareKey\", \"uuid\": \"uuid\", \"osLanguage\": \"en-US\", \"totalDiskSpace\": 51197, \"groupUpdateProvider\": false, \"deploymentStatus\": \"302456832\", \"deploymentMessage\": \"\", \"deploymentTargetVersion\": \"14.3.9205.6000\", \"deploymentRunningVersion\": \"14.3.9205.6000\", \"deploymentPreVersion\": \"\", \"lastDeploymentTime\": 1670855163000, \"virtualizationPlatform\": \"Citrix\", \"securityVirtualAppliance\": null, \"serialNumber\": \"serialNumber\", \"installType\": \"0\", \"writeFiltersStatus\": null, \"agentVersion\": \"14.3.9205.6000\", \"atpDeviceId\": null, \"encryptedDevicePassword\": null, \"publicKey\": \"publicKey\", \"deleted\": 0, \"quarantineStatus\": 3, \"quarantineCode\": 105, \"quarantineDesc\": \"Host Integrity check is disabled.\\n Host Integrity policy has been disabled by the administrator.\", \"loginDomain\": \"LocalComputer\", \"agentId\": \"agentId\", \"agentType\": \"105\", \"profileVersion\": \"14.3.9205\", \"profileSerialNo\": \"DDDD-12/28/2022 14:30:24 853\", \"profileChecksum\": null, \"idsVersion\": \"\", \"idsSerialNo\": \"\", \"idsChecksum\": null, \"creationTime\": 1670855079127, \"onlineStatus\": 1, \"lastUpdateTime\": 1673003005980, \"lastServerId\": \"lastServerId\", \"lastServerName\": \"lastServerName\", \"lastSiteId\": \"lastSiteId\", \"lastSiteName\": \"My Site\", \"attributeExtension\": \"\", \"fullName\": \"\", \"email\": \"\", \"jobTitle\": \"\", \"department\": \"\", \"employeeNumber\": \"\", \"employeeStatus\": \"\", \"officePhone\": \"\", \"mobilePhone\": \"\", \"homePhone\": \"\", \"agentTimeStamp\": 1673003005980, \"agentUsn\": 252331, \"patternIdx\": \"patternIdx\", \"apOnOff\": 1, \"infected\": 0, \"worstInfectionIdx\": \"9999\", \"lastScanTime\": 1672980342000, \"lastVirusTime\": 0, \"contentUpdate\": 1, \"avEngineOnOff\": 1, \"avDefsetVersion\": \"230105023\", \"avDefsetSequence\": \"225331\", \"avDefsetRevision\": \"23\", \"tamperOnOff\": 1, \"majorVersion\": 14, \"minorVersion\": 3, \"rebootRequired\": 0, \"rebootReason\": \"\", \"licenseStatus\": -1, \"licenseExpiry\": 0, \"timeZone\": 0, \"firewallOnOff\": 1, \"freeMem\": 2616713216, \"freeDisk\": 33266442240, \"lastDownloadTime\": 1670855103022, \"currentClientId\": \"currentClientId\", \"licenseId\": null, \"isGrace\": 0, \"snacLicenseId\": null, \"ptpOnOff\": 1, \"lastHeuristicThreatTime\": 0, \"bashStatus\": 1, \"daOnOff\": 1, \"cidsDrvOnOff\": 1, \"cidsSilentMode\": 0, \"cidsDrvMulfCode\": 0, \"cidsBrowserIeOnOff\": 1, \"cidsBrowserFfOnOff\": 1, \"cidsEngineVersion\": \"00.0.00.0\", \"cidsDefsetVersion\": \"230105073\", \"elamOnOff\": 1, \"osElamStatus\": 0, \"tdadOnOff\": 3, \"tdadStatusId\": 127, \"tdadGlobalDataDownloadTime\": 0, \"tdadGlobalDataProcessingDoneTime\": 0, \"vsicStatus\": 3, \"isNpvdiClient\": 0, \"svaId\": null, \"lastConnectedIpAddr\": \"000.00.00.00\", \"pepOnOff\": 1, \"edrStatus\": 0, \"atpServer\": \"\", \"tpmDevice\": \"0\", \"dhcpServer\": \"000.00.00.0\", \"computerTimeStamp\": 1673001224119, \"computerUsn\": 252244, \"diskDrive\": \"C:\\\\\", \"hypervisorVendorId\": \"3\", \"kernel\": null, \"bwf\": 2, \"fbwf\": 2, \"uwf\": 2, \"telemetryMid\": \"telemetryMid\", \"telemetryHwid\": \"telemetryHwid\", \"wssStatus\": 3, \"pskVersion\": 0, \"readableLastScanTime\": \"2023-01-06 04:45:42\", \"timediffLastScanTime\": 22878.328934907913, \"readableLastUpdateTime\": \"2023-01-06 11:03:25\", \"timediffLastUpdateTime\": 214.34893488883972, \"readableLastVirusTime\": \"1970-01-01 00:00:00\", \"timediffLastVirusTime\": 1673003220.328935}], \"totalPages\": 1, \"firstPage\": true, \"lastPage\": true, \"totalElements\": 1, \"size\": 20, \"number\": 0, \"sort\": [{\"direction\": \"ASC\", \"property\": \"COMPUTER_NAME\", \"ascending\": true}], \"numberOfElements\": 1}",
+  "raw": null,
   "reason": null,
   "success": true,
-  "version": "1.0"
+  "version": 2.0
 }
 ```
 
 </p>
 </details>
 
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
 ```python
-inputs.sep_computername = row.computer_name
+inputs.sep_status = True
 ```
 
 </p>
 </details>
 
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
 ```python
-##  Symantec Endpoint Protection  - fn_sep_get_computers script ##
-# Example result:
-"""
-Result: {'inputs': {u'sep_computername': u'WIN-4OA0GKJN830'},
-         'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-23 18:40:17', 'package_version': '1.0.0',
-         'host': 'myhost', 'version': '1.0', 'execution_time_ms': 1966},
-         'success': True,
-         'content': {u'sort': [{u'direction': u'ASC', u'property': u'COMPUTER_NAME', u'ascending': True}], u'number': 0,
-                     u'firstPage': True, u'content': [{u'profileVersion': u'14.2.1031', u'elamOnOff': 1,
-                     u'avEngineOnOff': 1, u'profileChecksum': None, u'atpDeviceId': None,
-                     u'processorType': u'Intel64 Family 6 Model 15 Stepping 1', u'oslanguage': u'en-US',
-                     u'licenseId': None, u'licenseStatus': -1,
-                     u'group': {u'domain': {u'id': u'908090000946C25D330E919313D23887', u'name': u'Default'}, u'name': u'My Company\\JP_TEST_GROUP_1', u'fullPathName': None, u'externalReferenceId': None, u'source': None, u'id': u'8E20F39B0946C25D118925C2E28C2D59'},
-                     u'uuid': u'EA650B42-D10A-7F9F-A1D2-0A58C4F4CEB1',
-                     u'groupUpdateProvider': False,
-                     u'edrStatus': 2, u'freeDisk': 40542507008, u'diskDrive': u'C:\\', u'osFunction': u'Server', u'processorClock': 2394,
-                     u'mobilePhone': u'', u'jobTitle': u'', u'lastáHeuristicThreatTime': 0, u'osname': u'Windows Server 2012',
-                     u'winServers': [u'0.0.0.0', u'0.0.0.0'], u'deploymentMessage': u'', u'idsSerialNo': u'',
-                     u'employeeNumber': u'', u'snacLicenseId': None, u'lastSiteId': u'EE75B0850946C25D5287B58B5173A37C',
-                     u'uwf': 2, u'currentClientId': u'256B2B130946C25D40C83823AA2E5D4C', u'osbitness': u'x64',
-                     u'lastScanTime': 1558613245000, u'email': u'', u'securityVirtualAppliance': None,
-                     u'worstInfectionIdx': u'0', u'encryptedDevicePassword': None, u'lastServerId': u'7D6AAA6F0946C25D170B3A2D442500B6',
-                     u'kernel': None, u'lastUpdateTime': 1558632769514, u'ptpOnOff': 1, u'majorVersion': 14,
-                     u'lastConnectedIpAddr': u'9.70.194.93', u'agentVersion': u'14.2.1031.0100', u'deploymentRunningVersion': u'14.2.1031.0100',
-                     u'agentTimeStamp': 1558632769514, u'osminor': 2, u'osMajor': 6, u'deploymentTargetVersion': u'14.2.1031.0100',
-                     u'osMinor': 2, u'osFlavorNumber': 79, u'logicalCpus': 0, u'deploymentPreVersion': u'', u'hypervisorVendorId': u'0',
-                     u'fbwf': 2, u'osversion': u'6.2', u'dnsServers': [u'9.70.192.29', u'FEC0:0000:0000:FFFF:0000:0000:0000:0001'],
-                     u'vsicStatus': 3, u'deleted': 0, u'deploymentStatus': u'302456832', u'computerTimeStamp': 1558622386922, u'bwf': 2,
-                     u'totalDiskSpace': 81567, u'homePhone': u'', u'daOnOff': 1, u'computerDescription': u'', u'pepOnOff': 1,
-                     'timediffLastUpdateTime': 448.98237204551697, u'bashStatus': 1, u'agentUsn': 2545799, u'osName': u'Windows Server 2012',
-                     'readableLastUpdateTime': '2019-05-23 18:32:49', u'patternIdx': u'4A80266952462523E3E5AC3B816032AE',
-                     u'employeeStatus': u'', u'tmpDevice': None, u'rebootRequired': 0, u'subnetMasks': [u'255.255.255.0', u'64'],
-                     u'minorVersion': 2, u'osservicePack': u'', 'timediffLastVirusTime': 5638590.9823720455, u'lastSiteName': u'My Site',
-                     u'cidsEngineVersion': u'0.0.0.0', u'lastDeploymentTime': 1550585147000, u'isGrace': 0, u'computerUsn': 2544267,
-                     u'agentId': u'6E5AA5CB0946C25D40C83823BB5107E6', u'cidsBrowserFfOnOff': 1, u'domainOrWorkgroup': u'WORKGROUP',
-                     u'svaId': None, u'loginDomain': u'LocalComputer', u'lastServerName': u'WIN-4OA0GKJN830', u'contentUpdate': 1,
-                     u'writeFiltersStatus': None, u'infected': 0, 'timediffLastScanTime': 19972.982372045517, u'memory': 6441979904,
-                     u'freeMem': 3117060096, u'officePhone': u'', u'lastVirusTime': 1552994627000, u'telemetryMid': u'890E283B-41D3-4340-A397-66F6AFCAF33E',
-                     u'idsVersion': u'', u'cidsBrowserIeOnOff': 1, u'publicKey': u'BgIAAACkAABSU0ExAAgAAAEAAQDfMtYpvbC2ZOrpGFbK76tuyp2MZ7/6EGsFrqAV3ZBMfvMllksVObpPYvDSc5vCjtzthb1301VADLAspayGytsdAj5z8+LLpOnJkHNg9tIunm1lLkBTitevI6G+nNjyKd7uPn3+bxjk1LL8g1exL2C2SMPEXubdUa1N5xwmhhPHp6PSIAjY74QUcNyplfvylMS9QRWoQ70mqNy9tLLef6+qCYWTqGa7QKXS0WUJs8sJMzWfCrpeMVAmU5/s3yEu+OI+9RKgOeSfy7wRzmAWHQTofjHkYGYqwXcwwLX7AbWjdcpYo0Kaecf8e5t2ZvWyR362EaNxn0HYSjpKraY1hLK1',
-                     u'quarantineDesc': u'Host Integrity check passed\n', u'cidsDrvMulfCode': 0, u'biosVersion': u'INTEL  - 6040000 PhoenixBIOS 4.0 Release 6.0',
-                     u'rebootReason': u'', u'telemetryHwid': u'A942D8EB-32C3-E42F-FE83-723FDC431F32', 'readableLastVirusTime': '2019-03-19 11:23:47',
-                     u'cidsSilentMode': 0, u'creationTime': 1550585043812, u'macAddresses': [u'00-50-56-8B-A6-C3', u'00-50-56-8B-A6-C3'],
-                     u'idsChecksum': None, u'operatingSystem': u'Windows Server 2012 ', u'osmajor': 6, u'virtualizationPlatform': u'Unknown',
-                     u'ipAddresses': [u'9.70.194.93', u'FE80:0000:0000:0000:FC67:074E:CD22:0188'], u'physicalCpus': 1, u'osBitness': u'x64',
-                     u'cidsDefsetVersion': u'190522063', u'cidsDrvOnOff': 1, u'computerName': u'WIN-4OA0GKJN830', u'logonUserName': u'Administrator',
-                     u'licenseExpiry': 0, u'osLanguage': u'en-US', u'gateways': [u'9.70.194.1', u'9.70.194.1', u'0.0.0.0', u'0.0.0.0'],
-                     u'uniqueId': u'D31AA16E0946C25D40C83823C500518B', u'department': u'', u'isNpvdiClient': 0, u'dhcpServer': u'0.0.0.0',
-                     u'readableLastScanTime': '2019-05-23 13:07:25', u'osfunction': u'Server', u'description': u'', u'osflavorNumber': 79,
-                     u'tpmDevice': u'0', u'onlineStatus': 1, u'lastDownloadTime': 1558356063096, u'apOnOff': 1, u'timeZone': 480, u'fullName': u'',
-                     u'osVersion': u'6.2', u'attributeExtension': u'', u'atpServer': u'https://9.70.194.99:443', u'tamperOnOff': 1, u'osServicePack': u'',
-                     u'agentType': u'105', u'serialNumber': u'VMware-42 0b 65 ea 0a d1 9f 7f-a1 d2 0a 58 c4 f4 ce b1', u'osElamStatus': 0, u'installType': u'0',
-                     u'profileSerialNo': u'8E20-05/08/2019 07:00:23 015', u'hardwareKey': u'1771D79454E53469DF4B290C06C104C9', u'firewallOnOff': 1}],
-                     u'lastPage': True, u'totalPages': 1, u'numberOfElements': 1, u'totalElements': 1, u'size': 20},
-
-         'raw': '<content_as_string>'
-         'reason': None,
-         'version': '1.0'}
-"""
-#  Globals
-# List of fields in datatable fn_amp_get_computers script
-DATA_TBL_FIELDS = ["query_execution_time", "computerName", "uniqueId", "operatingSystem", "ipAddresses",
-                   "sep_description", "domain_name", "domain_id", "hardwareKey", "group_name", "group_id",
-                   "infected"]
-WF_NAME = "Get Endpoint Details"
+## Symantec Endpoint Protection - fn_sep_get_computers script ##
+# Globals
+# List of fields in datatable for "Get Endpoints status" playbook.
+DATA_TBL_FIELDS = ["query_execution_date", "non_compliant", "up_to_date", "out_of_date", "total", "disabled",
+                   "offline","hi_failed", ]
 FN_NAME = "fn_sep_get_computers"
-C_OUTER = results.content
-INPUTS = results.inputs
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
-
+WF_NAME = "Get Endpoints status"
+results = playbook.functions.results.get_computers_results
+CONTENT = results.get("content", {})
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
 
 # Processing
+note_text = ''
+new_row = incident.addRow("sep_endpoint_status_summary")
+
+if CONTENT and CONTENT.get("total"):
+  new_row.query_execution_date = QUERY_EXECUTION_DATE
+  for f in DATA_TBL_FIELDS:
+    if f == "query_execution_date":
+      continue
+    new_row[f] = CONTENT.get(f)
+
+  if CONTENT.get("non_compliant") > 0:
+    note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere were <b>{1}</b> non-compliant endpoints " \
+                "detected out of a total of <b>{2}</b> for SOAR function <b>{3}</b>"\
+        .format(WF_NAME, CONTENT.get("non_compliant"), CONTENT.get("total"), FN_NAME)
+  else:
+    note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere were <b>no</b> non-compliant endpoints " \
+                 "detected out of a total of <b>{1}</b> for SOAR function <b>{2}</b>" \
+        .format(WF_NAME, CONTENT.get("total"), FN_NAME)
+else:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere were <b>no</b> results returned for SOAR " \
+              "function <b>{1}</b>".format(WF_NAME, FN_NAME)
 
-def main():
-    note_text = ''
-    if C_OUTER is not None:
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: There were <b>{1}</b> results returned for computer name " \
-                    "<b>{2}</b> for Resilient function <b>{3}</b>" \
-            .format(WF_NAME, results.get("content", {}).get("numberOfElements"), INPUTS["sep_computername"],
-                    FN_NAME)
-
-        eps = C_OUTER["content"]
-        for i in range(len(eps)):
-            ep_osname = eps[i].get("osname", "")
-            newrow = incident.addRow("sep_endpoint_details")
-            newrow.query_execution_date = QUERY_EXECUTION_DATE
-            for f in DATA_TBL_FIELDS:
-                f_base = f.split('_')[0]
-                if f_base == "query_execution_time":
-                    continue
-                if eps[i][f_base] is not None:
-                    if isinstance(eps[i][f_base], str) or isinstance(eps[i][f_base], int) \
-                            or isinstance(eps[i][f_base], int) or len(eps[i][f_base]) == 0:
-                        if f_base == "onlineStatus":
-                            if eps[i][f_base]:
-                                newrow[f] = "Online"
-                            else:
-                                newrow[f] = "Offline"
-                        elif f_base == "infected":
-                            if eps[i][f_base]:
-                                newrow[f] = "Yes"
-                            else:
-                                newrow[f] = "No"
-                        else:
-                            newrow[f] = eps[i][f_base]
-                    else:
-                        newrow[f] = ','.join(eps[i][f_base])
-
-            if "windows" in ep_osname.lower():
-                if (eps[i]["quarantineDesc"].find("Host Integrity check passed") == -1):
-                    newrow.endpoint_quarantine_status = "Quarantined"
-                else:
-                    newrow.endpoint_quarantine_status = "Un-Quarantined"
-            else:
-                newrow.endpoint_quarantine_status = ""
-
-            group = eps[i].group
-            if group is not None:
-                newrow.group_name = group["name"]
-                newrow.group_id = group["id"]
-                domain = group["domain"]
-                if domain is not None:
-                    newrow.domain_name = domain["name"]
-                    newrow.domain_id = domain["id"]
-
-    else:
-        note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There were <b>no</b> results returned for computer " \
-                     "name <b>{1}</b> for Resilient function <b>{2}</b>" \
-            .format(WF_NAME, INPUTS["sep_computername"], FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
-
-
-if __name__ == "__main__":
-    main()
-
+incident.addNote(helper.createRichText(note_text))
 ```
 
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_domain": </summary>
-<p>
-
-Value of `sep_domain` field can be refered from [Function - SEP - Get Domains](#function---sep---get-domains) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
-
-</p>
-</details>
-
 ---
-## Function - SEP - Get Domains
-Gets a list of all accessible domains
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": [
-    {
-      "administratorCount": 1,
-      "companyName": "Tata Consultancy Services Ltd",
-      "contactInfo": null,
-      "createdTime": 1670774894004,
-      "description": null,
-      "enable": true,
-      "id": "id",
-      "name": "Default"
-    }
-  ],
-  "inputs": {},
-  "metrics": {
-    "execution_time_ms": 2032,
-    "host": "host",
-    "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 11:05:32",
-    "version": "1.0"
-  },
-  "raw": "[{\"id\": \"id\", \"name\": \"Default\", \"description\": null, \"createdTime\": 1670774894004, \"enable\": true, \"companyName\": \"Tata Consultancy Services Ltd\", \"contactInfo\": null, \"administratorCount\": 1}]",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-fn_name = "fn_sep_get_domains"
-wf_name = "Example: SEP - Add Hash to Blacklist"
-content = results.content
-domainid = None
-for i in range(len(content)):
-  if content[i]["name"] ==  rule.properties.sep_domain_name:
-    domainid = content[i]["id"]
-    break
-if domainid is not None:
-    workflow.addProperty("domid_exists", {})
-else:
-    note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: The domain name  <b>{1}</b> was not found " \
-                "for Resilient function <b>{2}</b>.".format(wf_name, rule.properties.sep_domain_name, fn_name)
-    incident.addNote(helper.createRichText(note_text))
-```
-
-</p>
-</details>
+## Function - SEP - Get Critical Events Info
+Gets information related to critical events. 'results_limit' is not currently used for this function.
 
----
-## Function - SEP - Get File Content as Base64
-Get contents of a file uploaded to SEPM server as a Base64 string for a given file ID.
+ ![screenshot: fn-sep---get-critical-events-info ](./doc/screenshots/fn-sep---get-critical-events-info.png)
 
 <details><summary>Inputs:</summary>
 <p>
 
 | Name | Type | Required | Example | Tooltip |
 | ---- | :--: | :------: | ------- | ------- |
-| `sep_file_id` | `text` | No | `-` | The file ID from which to get detailed information. |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": "TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAA+yFqcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEJAO3nqFYAAAAAAAAAAOAADgMLAQUAAAAhAABgAgAAAAAACCAAAAAQAAAAECEAAABAAAAQAAAAAgAABAAAAAAAAAAFAAAAAAAAAAAwJwAABgAAAAAAAAIAAAAAABAAACAAAAAAEAAAEAAAAAAAABAAAAAA4CMAsQEAAACQIwBWOwAAAPAjAACeAAAAAAAAAAAAAAAAAAAAAAAAAJAkAIidAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCMAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQIwDlBgAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAAAAhAAAQAAAA+CAAAAYAAAAAAAAAAAAAAAAAACAAAGAuZGF0YQAAAABgAgAAECEAAMwAAAD+IAAAAAAAAAAAAAAAAABAAADALnRscwAAAAAAEAAAAHAjAAACAAAAyiEAAAAAAAAAAAAAAAAAQAAAwC5yZGF0YQAAABAAAACAIwAAAgAAAMwhAAAAAAAAAAAAAAAAAEAAAFAuaWRhdGEAAABAAAAAkCMAADwAAADOIQAAAAAAAAAAAAAAAABAAABALmRpZGF0YQAAEAAAANAjAAAIAAAACiIAAAAAAAAAAAAAAAAAQAAAwC5lZGF0YQAAABAAAADgIwAAAgAAABIiAAAAAAAAAAAAAAAAAEAAAEAucnNyYwAAAACgAAAA8CMAAJ4AAAAUIgAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAAoAIAAJAkAACeAgAAsiIAAAAAAAAAAAAAAAAAQAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByo8WAAAACw6GAAAAOE8GAAACCs8GAAAB6chEgAAB44KEAAAB6EokcAAB5o1EcAAB5I7UcAAB4kn0cAAB78pUcAAB4Q+kYAAB64jkcAAB7EskEAAB4ssEEAAB7IjkcAAB7w2kUAAB6EGUYAAB7AnEYAAB5I70YAAB489UYAAB5MaEQAAB5oUEUAAB5s2UUAAB6MK0QAAB6gtkEAAB5sxUEAAB588kEAAB5gu0IAAB4oxkMAAB4Y+EMAAB68DEQAAB6sIEUAAB445kEAAB4Qs0EAAB7gNkQAAB6MukEAAB4I0FAAAB5EwkEAAB6MokAAAB6EqUAAAB4cjEAAAB6YSEUAAB48rEEAAB58ukEAAB7UnUEAAB4EnkEAAB70nUEAAB4YskEAAB4oskEAAB5YskEAAB5UnkEAAB60nUEAAB5kykcAAB5kaEQAAB5400AAAB4MjEAAAB5U6UAAAB70n0QAAB74pEQAAB7sgUAAAB5Mi0AAAB7saEQAAB7YSkQAAB48Z0QAAB6AgUAAAB5AY1YAAB7M81AAAB6Ui0AAAB6wtkEAAB4gDVQAAB40+1sAAB4EVVEAAB48PlIAAB4MTlIAAB5EZ1IAAB7Yg1IAAB5snFIAAB5Uq1IAAB50tFIAAB4ovlIAAB743lIAAB5M5VIAAB5IT1MAAB5oT1MAAB6IT1MAAB6oT1MAAB7IT1MAAB7oT1MAAB4IUFMAAB4oUFMAAB6oUVMAAB4YFlkAAB6MH1kAAB6sH1kAAB40KVkAAB5cKVkAAB6snkEAAB4IM0UAAB70MUUAAB6IMkUAAB4ws0EAAB7QgEAAAB7ggEAAAB7wgEAAAB5grEEAAB4knkEAAB60skEAAB4csEEAAB7ovEEAAB6kskEAAB5wv2AAAB709VAAAB6E/FsAAB7knUEAAB6sblMAAB4wXFQAAB7kYlEAAB7w8F0AAB5AAV4AAB48BF4AAB7kFV4AAB78W14AAB6Ukl4AAB60kl4AAB4Qnl4AAB4MyV4AAB6s114AAB7M114AAB5g4l4AAB6A4l4AAB7s5l4AAB7IE18AAB7IZ18AAB7Qd18AAB6E1l8AAB5IAmAAAB4MDGAAAB4AGGAAAB7cJmAAAB78JmAAAB6MK2AAAB4UrmAAAB6A71kAAB7kskEAAB6grUAAAB7UZE0AAB74yE0AAB5M5U0AAB5cC04AAB4o8kEAAB5UM1QAAB68n1QAAB6gF1UAAB6oRlUAAB6IO1UAAB7QRlUAAB4w1EsAAB78E0wAAB6UVU4AAB4U2U8AAB4EMFEAAB5AukEAAB64FlcAAB50F1cAAB5ghVcAAB7IYlgAAB6chEgAAB44KEAAAB78pUcAAB6EokcAAB5o1EcAAB5I7UcAAB4kn0cAAB4Q+kYAAB7EskEAAB4ssEEAAB7IjkcAAB7w2kUAAB6EGUYAAB7AnEYAAB5I70YAAB489UYAAB64jkcAAB5oUEUAAB5s2UUAAB6MK0QAAB6gtkEAAB5sxUEAAB588kEAAB5gu0IAAB4oxkMAAB4Y+EMAAB68DEQAAB5EwkEAAB5MaEQAAB6MokAAAB6EqUAAAB4cjEAAAB6YSEUAAB48rEEAAB58ukEAAB6sIEUAAB445kEAAB4Qs0EAAB7gNkQAAB4I0FAAAB5kykcAAB5kaEQAAB5400AAAB4MjEAAAB5U6UAAAB70n0QAAB74pEQAAB7sgUAAAB5Mi0AAAB7saEQAAB7YSkQAAB48Z0QAAB6AgUAAAB5AY1YAAB4EMFEAAB5UnkEAAB60nUEAAB7M81AAAB6Ui0AAAB4gDVQAAB4EVVEAAB6wtkEAAB40...",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-
-```python
-inputs.sep_file_id = row.file_id
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-##  Symantec Endpoint Protection  - fn_sep_get_file_content_as_base64 ##
-# Example result:
-"""
-Result: {'inputs': {u'sep_file_id': u'B9158547A9FE9DC52292A6098528F239'},
-         'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-29 16:44:07', 'package_version': '1.0.0', 'host': 'myhost',
-                     'version': '1.0', 'execution_time_ms': 1893},
-         'success': True,
-         'content': '<base64_string>',
-         'raw': '"<base64_string>"',
-         'reason': None,
-         'version': '1.0'
-}
-"""
-#  Globals
-DATA_TBL_FIELDS = []
-FN_NAME = "fn_sep_get_file_content_as_base64"
-WF_NAME = "Get  File Content as Base64 string"
-# List of fields in datatable fn_amp_get_computers script
-DATA_TBL_FIELDS = []
-CONTENT = results.content
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
-# Processing
-
-
-def main():
-    note_text = ''
-    if CONTENT is not None:
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: Returned Base64 string of size <b>{1}</b> returned " \
-                    "for Resilient function <b>{2}</b>".format(WF_NAME, len(CONTENT), FN_NAME)
-    else:
-        note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There was <b>no</b> result returned for " \
-                    "Resilient function <b>{1}</b>".format(WF_NAME, FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
-
-if __name__ == "__main__":
-    main()
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_file_id": </summary>
-<p>
-
-Value of `sep_file_id` field can be refered from [Function - SEP - Get Command Status](#function---sep---get-command-status) function's output while checking status of the returned command id after performing a file upload using the function [Function - SEP - Upload File to SEPM](#function---sep---upload-file-to-sepm). <br>
-Ex. `binaryFileId` attribute from following path `content-->content-->binaryFileId`.
-
-</p>
-</details>
-
----
-## Function - SEP - Get Fingerprint List
-Get the fingerprint list information for a specified name or id.
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_domainid` | `text` | No | `-` | The SEPM domain id. |
-| `sep_fingerprintlist_id` | `text` | No | `-` | Id of SEP fingerprint list |
-| `sep_fingerprintlist_name` | `text` | No | `-` | Name of a SEP fingerprint list. |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": {
-    "data": [
-      "data"
-    ],
-    "description": "This is test of adding files in blacklist.",
-    "groupIds": [],
-    "hashType": "MD5",
-    "id": "id",
-    "name": "Test Blacklist 13 of testing purpose",
-    "source": "WEBSERVICE"
-  },
-  "inputs": {
-    "sep_domainid": "sep_domainid",
-    "sep_fingerprintlist_id": "sep_fingerprintlist_id",
-    "sep_fingerprintlist_name": "Test blacklist updated"
-  },
-  "metrics": {
-    "execution_time_ms": 2092,
-    "host": "host",
-    "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 06:41:50",
-    "version": "1.0"
-  },
-  "raw": "{\"id\": \"id\", \"name\": \"Test Blacklist 13 of testing purpose\", \"hashType\": \"MD5\", \"source\": \"WEBSERVICE\", \"description\": \"This is test of adding files in blacklist.\", \"data\": [\"data\"], \"groupIds\": []}",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-
-```python
-domain_content_results =  workflow.properties.get_domains_results
-domain_content = domain_content_results.content
-
-for i in range(len(domain_content)):
-  if domain_content[i]["name"] ==  rule.properties.sep_domain_name:
-    inputs.sep_domainid = domain_content[i]["id"]
-    break
-
-inputs.sep_fingerprintlist_name = rule.properties.sep_fingerprintlist_name
-
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-##  Symantec Endpoint Protection  - fn_sep_get_fingerprint_list script ##
-# Example result:
-"""
-Result:{'inputs': {u'sep_fingerprintlist_name': u'Blacklist_2', u'sep_domainid': u'908090000946C25D330E919313D23887'},
-        'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-28 16:23:05', 'package_version': '1.0.0',
-                    'host': 'myhost', 'version': '1.0', 'execution_time_ms': 1153},
-        'success': True,
-        'content': {u'description': u'Hash of type Malware MD5 Hash', u'hashType': u'MD5', u'source': u'WEBSERVICE',
-                    u'groupIds': [u'7E4BB119A9FE9DC526EDABFB1EE261B8'], u'data': [u'482F9B6E0CC4C1DBBD772AAAF088CB3A'],
-                    u'id': u'E60B061FDD844EBF9778D4BD2AC3942A', u'name': u'Blacklist_2'},
-        'raw': '{"description": "Hash of type Malware MD5 Hash", "hashType": "MD5", "source": "WEBSERVICE", '
-               '"groupIds": ["7E4BB119A9FE9DC526EDABFB1EE261B8"], "data": ["482F9B6E0CC4C1DBBD772AAAF088CB3A"], '
-               '"id": "E60B061FDD844EBF9778D4BD2AC3942A", "name": "Blacklist_2"}',
-        'reason': None,
-        'version': '1.0'
- }
-"""
-#  Globals
-# List of fields in datatable fn_sep_get_fingerprint_list script
-DATA_TBL_FIELDS = ["domain_name", "list_name", "list_id", "list_description", "hash_values", "hash_type", "group_ids"]
-WF_NAME = "Add Hash to Fingerprint List"
-CONTENT = results.content
-INPUTS = results.inputs
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
-
-# Processing
-
-def main():
-    fpl_exists = hash_in_list = False
-    note_text = ''
-    if CONTENT is not None:
-        if "errorCode" in CONTENT and int(CONTENT["errorCode"]) == 410:
-            # The finger print list doesn't already exist.
-            pass
-        elif "data" in CONTENT:
-            # The finger print list exists set flag for gateway.
-            fpl_exists = True
-            workflow.addProperty("fpl_exists", {})
-        if "data" in CONTENT and artifact.value.upper() in [d.upper() for d in CONTENT["data"]]:
-            # Finger print list exists and hash in list set flag for hash in list.
-            hash_in_list = True
-            workflow.addProperty("hash_in_list", {})
-
-    if fpl_exists and hash_in_list:
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: The hash <b>{1}</b> has already been added to " \
-                    "fingerprint list <b>{2}</b> for domain id <b>{3}</b>."\
-            .format(WF_NAME, artifact.value, INPUTS["sep_fingerprintlist_name"],
-                    INPUTS["sep_domainid"])
-        incident.addNote(helper.createRichText(note_text))
-
-if __name__ == "__main__":
-    main()
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_domainid": </summary>
-<p>
-
-Value of `sep_domainid` field can be refered from [Function - SEP - Get Domains](#function---sep---get-domains) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_fingerprintlist_id": </summary>
-<p>
-
-Value of `sep_fingerprintlist_id` field can be refered from [Function - SEP - Add Fingerprint List](#function---sep---add-fingerprint-list) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
-
-</p>
-</details>
-
----
-## Function - SEP - Get Groups
-Get properties of all groups in a domain.
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_domain` | `text` | No | `-` | The SEPM domain. |
-| `sep_fullpathname` | `text` | No | `-` | The full path name of the group. |
-| `sep_mode` | `text` | No | `-` | The presentation mode for the results, as a list (default) or as a tree. |
-| `sep_order` | `text` | No | `-` | Specifies whether the results are in ascending order (ASC) or descending order (DESC). |
-| `sep_pageindex` | `number` | No | `-` | The index page that is used for the returned results. The default page index is 1. |
-| `sep_pagesize` | `number` | No | `-` | The number of results to include on each page. The default is 20. |
-| `sep_sort` | `text` | No | `-` | The column by which the results are sorted. Possible values are COMPUTER_NAME (Default value), COMPUTER_ID, COMPUTER_DOMAIN_NAME, or DOMAIN_ID. |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": {
-    "content": [
-      {
-        "created": 1670774894035,
-        "createdBy": "createdBy                                                                                                ",
-        "customIpsNumber": "",
-        "description": "",
-        "domain": {
-          "id": "id",
-          "name": "name"
-        },
-        "fullPathName": "My Company",
-        "id": "id",
-        "lastModified": 1670774894035,
-        "name": "My Company",
-        "numberOfPhysicalComputers": 1,
-        "numberOfRegisteredUsers": 1,
-        "policyDate": 1672237824853,
-        "policyInheritanceEnabled": false,
-        "policySerialNumber": "E3DD-12/28/2022 14:30:24 853"
-      },
-      {
-        "created": 1670774894035,
-        "createdBy": "createdBy                                                                                                ",
-        "customIpsNumber": "",
-        "description": "",
-        "domain": {
-          "id": "id",
-          "name": "Default"
-        },
-        "fullPathName": "My Company\\Default Group",
-        "id": "id",
-        "lastModified": 1670774894035,
-        "name": "Default Group",
-        "numberOfPhysicalComputers": 0,
-        "numberOfRegisteredUsers": 0,
-        "policyDate": 1672237824853,
-        "policyInheritanceEnabled": true,
-        "policySerialNumber": "459F-12/28/2022 14:30:24 853"
-      },
-      {
-        "created": 1670853895754,
-        "createdBy": "createdBy                                                                                                ",
-        "customIpsNumber": "",
-        "description": "",
-        "domain": {
-          "id": "id",
-          "name": "Default"
-        },
-        "fullPathName": "My Company\\Test",
-        "id": "id",
-        "lastModified": 1670853895754,
-        "name": "Test",
-        "numberOfPhysicalComputers": 0,
-        "numberOfRegisteredUsers": 0,
-        "policyDate": 1672237824853,
-        "policyInheritanceEnabled": true,
-        "policySerialNumber": "01C5-12/28/2022 14:30:24 853"
-      }
-    ],
-    "firstPage": true,
-    "lastPage": true,
-    "number": 0,
-    "numberOfElements": 3,
-    "size": 25,
-    "sort": [
-      {
-        "ascending": true,
-        "direction": "ASC",
-        "property": "NAME"
-      }
-    ],
-    "totalElements": 3,
-    "totalPages": 1
-  },
-  "inputs": {},
-  "metrics": {
-    "execution_time_ms": 2148,
-    "host": "host",
-    "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 10:17:14",
-    "version": "1.0"
-  },
-  "raw": "{\"content\": [{\"id\": \"id\", \"name\": \"My Company\", \"description\": \"\", \"fullPathName\": \"My Company\", \"numberOfPhysicalComputers\": 1, \"numberOfRegisteredUsers\": 1, \"createdBy\": \"createdBy                                                                                                \", \"created\": 1670774894035, \"lastModified\": 1670774894035, \"policySerialNumber\": \"E3DD-12/28/2022 14:30:24 853\", \"policyDate\": 1672237824853, \"customIpsNumber\": \"\", \"domain\": {\"id\": \"3CB04764AC1F211B2A79E12FEDEA41B1\", \"name\": \"Default\"}, \"policyInheritanceEnabled\": false}, {\"id\": \"459F58A0AC1F211B0743E90D2F0C32A1\", \"name\": \"Default Group\", \"description\": \"\", \"fullPathName\": \"My Company\\\\Default Group\", \"numberOfPhysicalComputers\": 0, \"numberOfRegisteredUsers\": 0, \"createdBy\": \"AF3C39A10A320801000000DBF200C60A                                                                                                \", \"created\": 1670774894035, \"lastModified\": 1670774894035, \"policySerialNumber\": \"459F-12/28/2022 14:30:24 853\", \"policyDate\": 1672237824853, \"customIpsNumber\": \"\", \"domain\": {\"id\": \"3CB04764AC1F211B2A79E12FEDEA41B1\", \"name\": \"Default\"}, \"policyInheritanceEnabled\": true}, {\"id\": \"01C53575AC1F211B53E6515D65FC81CD\", \"name\": \"Test\", \"description\": \"\", \"fullPathName\": \"My Company\\\\Test\", \"numberOfPhysicalComputers\": 0, \"numberOfRegisteredUsers\": 0, \"createdBy\": \"AF3C39A10A320801000000DBF200C60A                                                                                                \", \"created\": 1670853895754, \"lastModified\": 1670853895754, \"policySerialNumber\": \"01C5-12/28/2022 14:30:24 853\", \"policyDate\": 1672237824853, \"customIpsNumber\": \"\", \"domain\": {\"id\": \"3CB04764AC1F211B2A79E12FEDEA41B1\", \"name\": \"Default\"}, \"policyInheritanceEnabled\": true}], \"totalPages\": 1, \"firstPage\": true, \"lastPage\": true, \"totalElements\": 3, \"size\": 25, \"number\": 0, \"sort\": [{\"direction\": \"ASC\", \"property\": \"NAME\", \"ascending\": true}], \"numberOfElements\": 3}",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-
-```python
-domain_content_results =  workflow.properties.get_domains_results
-domain_content = domain_content_results.content
-
-for i in range(len(domain_content)):
-  if domain_content[i]["name"] ==  rule.properties.sep_domain_name:
-    inputs.sep_domain = domain_content[i]["id"]
-    break
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-##  Symantec Endpoint Protection  - fn_sep_get_groups script ##
-# Example result:
-"""
-Result: {
-         'content': {
-                      "sort": [
-                        {
-                          "direction": "ASC",
-                          "property": "NAME",
-                          "ascending": true
-                        }
-                      ],
-                      "number": 0,
-                      "firstPage": true,
-                      "content": [
-                        {
-                          "policyDate": 1548489611062,
-                          "domain": {
-                            "id": "908090000946C25D330E919313D23887",
-                            "name": "Default"
-                          },
-                          "numberOfRegisteredUsers": 1,
-                          "description": "",
-                          "created": 1548481072007,
-                          "policySerialNumber": "4CBD-01/26/2019 08:00:11 062",
-                          "lastModified": 1548481072007,
-                          "fullPathName": "My Company\\Default Group",
-                          "createdBy": "AF3C39A10A320801000000DBF200C60A",
-                          "numberOfPhysicalComputers": 1,
-                          "customIpsNumber": "",
-                          "id": "4CBD63EE0946C25D1011DB1872A1736A",
-                          "policyInheritanceEnabled": true,
-                          "name": "Default Group"
-                        },
-                        {
-                          "policyDate": 1548489611062,
-                          "domain": {
-                            "id": "908090000946C25D330E919313D23887",
-                            "name": "Default"
-                          },
-                          "numberOfRegisteredUsers": 1,
-                          "description": "",
-                          "created": 1548481072007,
-                          "policySerialNumber": "CAD8-01/26/2019 08:00:11 062",
-                          "lastModified": 1548481072007,
-                          "fullPathName": "My Company",
-                          "createdBy": "AF3C39A10A320801000000DBF200C60A",
-                          "number OfPhysicalComputers": 1,
-                          "customIpsNumber": "",
-                          "id": "CAD80F000946C25D6C150831060AA326",
-                          "policyInheritanceEnabled": false,
-                          "name": "My Company"
-                        }
-                      ],
-                      "lastPage": true,
-                      "totalPages": 1,
-                      "size": 25,
-                      "totalElements": 2,
-                      "numberOfElements": 2
-                     }
-
-}
-"""
-#  Globals
-# List of fields in datatable fn_amp_get_groups script
-DATA_TBL_FIELDS = ["query_execution_time", "group_name", "group_id", "group_description", "fullPathName",
-                   "numberOfPhysicalComputers","policyInheritanceEnabled"]
-FN_NAME = "fn_symc_sep_get_groups"
-WF_NAME = "Get Groups information"
-DATA_TBL_FIELDS_DOM = ["domain_name", "domain_id"]
-C_OUTER = results.content
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
-DOMAIN_NAME = rule.properties.sep_domain_name
-
-# Processing
-def main():
-    note_text = ''
-    if C_OUTER is not None:
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: There were <b>{1}</b> results returned for domain " \
-                    "<b>{2}</b> for Resilient function <b>{3}</b>"\
-            .format(WF_NAME, results["content"]["numberOfElements"], DOMAIN_NAME, FN_NAME)
-        groups = C_OUTER["content"]
-        for i in range(len(groups)):
-            newrow = incident.addRow("sep_groups")
-            newrow.query_execution_date = QUERY_EXECUTION_DATE
-            for f in DATA_TBL_FIELDS:
-                try:
-                    f_base = f.split('_')[1]
-                except:
-                    f_base = f
-                if f == "query_execution_time":
-                    continue
-                if groups[i][f_base] is not None:
-                      newrow[f] = groups[i][f_base]
-
-            domain = groups[i]["domain"]
-            if domain is not None:
-                for d in DATA_TBL_FIELDS_DOM:
-                    d_base = d.split('_')[1]
-                    newrow[d] = domain[d_base]
-
-    else:
-        note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There were <b>no</b> results returned for domain " \
-                     "<b>{1}</b>for Resilient function <b>{2}</b>".format(WF_NAME, DOMAIN_NAME, FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
-
-if __name__ == "__main__":
-    main()
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_domain": </summary>
-<p>
-
-Value of `sep_domain` field can be refered from [Function - SEP - Get Domains](#function---sep---get-domains) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
-
-</p>
-</details>
-
----
-## Function - SEP - Move endpoint
-Check for and move an endpoint to a different group.
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_groupid` | `text` | No | `-` | Group id on which to run the SEP command. |
-| `sep_hardwarekey` | `text` | No | `-` | Hardware key of SEP computer. |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": [
-    {
-      "responseCode": "200",
-      "responseMessage": "OK"
-    }
-  ],
-  "inputs": {
-    "sep_groupid": "sep_groupid",
-    "sep_hardwarekey": "sep_hardwarekey"
-  },
-  "metrics": {
-    "execution_time_ms": 1991,
-    "host": "host",
-    "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 10:40:03",
-    "version": "1.0"
-  },
-  "raw": "[{\"responseCode\": \"200\", \"responseMessage\": \"OK\"}]",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-
-```python
-content =  workflow.properties.get_groups_results.content
-full_path_name = content["content"][0]["fullPathName"]
-inputs.sep_hardwarekey = row.hardwareKey
-inputs.sep_groupid = content["content"][0]["id"]
-
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-##  Symantec Endpoint Protection  - fn_sep_move_client script ##
-# Example result:
-"""
-Result: {'inputs': {u'sep_hardwarekey': u'B791D1DF2BB8AA77D19B10E3BB395B81', u'sep_groupid': u'CC00A6170946C25D35BD115E41F2F92C'},
-         'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-29 12:17:17', 'package_version': '1.0.0', 'host': 'myhost',
-                     'version': '1.0', 'execution_time_ms': 1782},
-         'success': True,
-         'content': [{u'responseMessage': u'OK', u'responseCode': u'200'}],
-         'raw': '[{"responseMessage": "OK", "responseCode": "200"}]',
-         'reason': None,
-         'version': '1.0'
- }
-"""
-#  Globals
-# List of fields in datatable fn_amp_get_computers script
-FN_NAME = "fn_set_move_client"
-WF_NAME = "Move Endpoint"
-CONTENT = results.content
-HW_KEY = results["inputs"]["sep_hardwarekey"]
-GROUP_ID = results["inputs"]["sep_groupid"]
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
-# Processing
-
-def main():
-    note_text = ''
-    if CONTENT is not None:
-        response_msg = CONTENT[0]["responseMessage"]
-        if response_msg == "OK":
-            oldfullpath = workflow.properties.get("sep_oldpathname", None)["oldPathName"]
-            fullpathname = workflow.properties.get("sep_fullpathname", None)["fullPathName"]
-            note_text = "Symantec SEP Integration: Workflow: <b>{0}</b> : Successfully moved computer <b>{1}</b> " \
-                       "from group <b>{2}</b> to group <b>{3}</b> for Resilient function <b>{4}</b>."\
-                .format(WF_NAME, row.computerName, oldfullpath, fullpathname, FN_NAME)
-            row.group_id = GROUP_ID
-            if fullpathname is not None:
-              row.group_name = fullpathname
-        else:
-            note_text = "Symantec SEP Integration: Workflow: <b>{0}</b> : Unsuccessful move of computer <b>{1}</b> " \
-                       "to group with id <b>{2}</b>. Received response <b>{3}</b> for Resilient function <b>{4}</b>."\
-                .format(WF_NAME, row.computerName, GROUP_ID, response_msg, FN_NAME)
-    else:
-      noteText = "Symantec SEP Integration: Workflow: <b>{0}</b> : Move unsuccessful for computer with hardware id <b>{1}</b> " \
-                 "to group with id <b>{2}</b> for Resilient function <b>{3}</b>."\
-          .format(WF_NAME, HW_KEY, GROUP_ID, FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
-
-if __name__ == "__main__":
-    main()
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_groupid": </summary>
-<p>
-
-Value of `sep_groupid` field can be refered from [Function - SEP - Get Groups](#function---sep---get-groups) function's output. <br>
-Ex. `id` attribute from following path `content-->content-->id`.
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_hardwarekey": </summary>
-<p>
-
-Value of `sep_hardwarekey` field can be refered from [Function - SEP - Get Computers](#function---sep---get-computers) function's output. <br>
-Ex. `hardwareKey` attribute from following path `content-->content-->hardwareKey`.
-
-</p>
-</details>
-
----
-## Function - SEP - Quarantine Endpoints
-Quarantine/un-quarantine Symantec Endpoint Protection endpoints. The function will add or remove endpoints to or from network quarantine.
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_computer_ids` | `text` | No | `-` | The list of computer ids on which to run the SEP command. |
-| `sep_group_ids` | `text` | No | `-` | The list of groups on which to run the SEP command. |
-| `sep_undo` | `boolean` | No | `-` | Boolean value, if set to true, will undo operation. |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": {
-    "commandID_computer": "commandID_computer",
-    "commandID_group": "commandID_group"
-  },
-  "inputs": {
-    "sep_computer_ids": "sep_computer_ids",
-    "sep_group_ids": "sep_group_ids",
-    "sep_undo": true
-  },
-  "metrics": {
-    "execution_time_ms": 2090,
-    "host": "host",
-    "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 10:10:20",
-    "version": "1.0"
-  },
-  "raw": "{\"commandID_group\": \"commandID_group\", \"commandID_computer\": \"commandID_computer\"}",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-
-```python
-inputs.sep_computer_ids = row.uniqueId
-endpoint_quarantine_status = row.endpoint_quarantine_status["content"]
-
-# 2 different rules using - Quarantine or Un-quarantine  based on row value. (w rules using Workflow)
-inputs.sep_undo = True if endpoint_quarantine_status == "Quarantined" else False
-
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-##  Symantec Endpoint Protection  - fn_sep_quarantine_endpoints script ##
-# Example result:
-"""
-Result: { 'inputs': {u'sep_undo': False, u'sep_computer_ids': u'89AD1BBB0946C25D25E6C0984E971D8A'},
-         'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-14 14:42:09', 'package_version': '1.0.0',
-                     'host': 'myhost', 'version': '1.0', 'execution_time_ms': 1102
-                    }, 'success': True,
-         'content': {u'commandID_computer': u'79AD5636B73A4C0D828938AE1E5B2C13'},
-         'raw': '{"commandID_computer": "79AD5636B73A4C0D828938AE1E5B2C13"}',
-         'reason': None,
-         'version': '1.0'
-}
-
-"""
-#  Globals
-# List of fields in datatable fn_sep_quarantine_endpoints script
-DATA_TBL_FIELDS = ["quarantine_commandid"]
-fn_name = "fn_sep_quarantine_endpoints"
-wf_name = "Quarantine Endpoint"
-# Processing
-content = results.content
-inputs = results.inputs
-query_execution_date = results["metrics"]["timestamp"]
-
-if content  is not None:
-    note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: Executed with command id <b>{1}</b> for endpoint " \
-                "<b>{2}</b> for Resilient function <b>{3}</b>"\
-        .format(wf_name, content["commandID_computer"], row.computerName, fn_name)
-    row.query_execution_date = query_execution_date
-    row.quarantine_commandid = content["commandID_computer"]
-
-else:
-    note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There was <b>no</b> results returned for Resilient function <b>{1}</b>" \
-                 .format(wf_name, fn_name)
-
-incident.addNote(helper.createRichText(note_text))
-
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_group_ids": </summary>
-<p>
-
-Value of `sep_group_ids` field can be refered from [Function - SEP - Get Groups](#function---sep---get-groups) function's output. <br>
-Ex. `id` attribute from following path `content-->content-->id`.
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_computer_ids": </summary>
-<p>
-
-Value of `sep_computer_ids` field can be refered from [Function - SEP - Get Computers](#function---sep---get-computers) function's output. <br>
-Ex. `uniqueId` attribute from following path `content-->content-->uniqueId`.
-
-</p>
-</details>
-
----
-## Function - SEP - Scan Endpoints
-Initiates an Evidence of Compromise (EOC) scan  of an artifact value  against  a list of endpoints or groups. The function can also be used to complete a remediation (quarantine) scan action  for hash value (MD5, SHA1 or SHA256).
-
-The provided **SEP - Scan Endpoints** function with the **Initiate EOC Scan for Artifact** workflow initiates an Evidence of Compromise (EOC) scan of an artifact value against a list of endpoints or groups.
-
- ![screenshot: fn-sep-scan-endpoints ](./doc/screenshots/wf-sep-initiate-eoc-scan-for-artifact.png)
-
-The function can also be used to complete a remediation delete action on a SHA256 hash value in conjunction with a scan.
-
- ![screenshot: fn-sep-scan-endpoints ](./doc/screenshots/fn-sep-scan-endpoints.png)
-
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_computer_ids` | `text` | No | `-` | The list of computer ids on which to run the SEP command. |
-| `sep_description` | `text` | No | `-` | The SEP object (e.g. scan) description. |
-| `sep_file_path` | `text` | No | `-` | The file path of the suspect file. |
-| `sep_group_ids` | `text` | No | `-` | The list of groups on which to run the SEP command. |
-| `sep_md5` | `text` | No | `-` | The MD5 hash value of the suspicious file. |
-| `sep_scan_action` | `select` | No | `-` | Action to be performed during a scan. |
-| `sep_scan_type` | `select` | No | `-` | The SEP eoc scan type. Possible values are:  FULL_SCAN and QUICK_SCAN. |
-| `sep_sha1` | `text` | No | `-` | The SHA1 hash value of the suspicious file. |
-| `sep_sha256` | `text` | No | `-` | The SHA256 hash value of the suspicious file. |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": {
-    "commandID_computer": "commandID_computer",
-    "commandID_group": "commandID_group"
-  },
-  "inputs": {
-    "sep_computer_ids": "sep_computer_ids",
-    "sep_description": "demo xyz",
-    "sep_group_ids": "sep_group_ids",
-    "sep_scan_action": "remediate",
-    "sep_scan_type": "FULL_SCAN"
-  },
-  "metrics": {
-    "execution_time_ms": 2108,
-    "host": "host",
-    "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 10:04:26",
-    "version": "1.0"
-  },
-  "raw": "{\"commandID_group\": \"commandID_group\", \"commandID_computer\": \"commandID_computer\"}",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-
-```python
-GET_COMPUTERS_CONTENT = workflow.properties.get_computers_results.content
-ARTIFACT_TYPE = artifact.type
-ARTIFACT_VALUE = artifact.value
-ARTIFACT_DESCRIPTION = artifact.description
-ARTIFACT_TYPE_TO_ROW = {
-    "File Name": "file_name",
-    "File Path": "file_path",
-    "Malware MD5 Hash": "md5",
-    "Malware SHA-1 Hash": "sha1",
-    "Malware SHA-256 Hash": "sha256"
-}
-ARTIFACT_TYPES = [ v for v in sorted(ARTIFACT_TYPE_TO_ROW.values())]
-COMPUTER_IDS = []
-## Processing
-
-def get_computers():
-    global COMPUTER_IDS
-    # Get computers to run scan against from previous step.
-    if GET_COMPUTERS_CONTENT is not None and GET_COMPUTERS_CONTENT["endpoints_matching_ids"]:
-        COMPUTER_IDS = GET_COMPUTERS_CONTENT["endpoints_matching_ids"]
-
-def set_inputs(fn, fp, md5, sha1, sha256):
-    global COMPUTER_IDS
-    inputs.sep_file_path = fn if fp is None else fp
-    inputs.sep_md5 = md5
-    inputs.sep_sha1 = sha1
-    inputs.sep_sha256 = sha256
-    inputs.sep_computer_ids = ','.join(COMPUTER_IDS)
-    inputs.sep_scan_type = rule.properties.sep_scan_type
-    inputs.sep_scan_action = None
-    if ARTIFACT_DESCRIPTION is not None:
-        inputs.sep_description = "Scan eoc for {0}".format(ARTIFACT_DESCRIPTION["content"])
-    else:
-        inputs.sep_description = "Scan eoc for for suspicious hash of type {0} and value {1} in the SEP environment.".format(ARTIFACT_TYPE, ARTIFACT_VALUE)
-
-def main():
-    get_computers()
-    # Assign values to correct row based on artifact type
-    types = [None if t not in ARTIFACT_TYPE_TO_ROW[ARTIFACT_TYPE] else ARTIFACT_VALUE for t in ARTIFACT_TYPES]
-    set_inputs(*types)
-
-if __name__ == "__main__":
-    main()
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-##  Symantec Endpoint Protection  - fn_sep_upload_file_to_sepm script ##
-# Example result:
-"""
-Result: {'inputs': {u'sep_description': u'Scan to remediate file based on sha256', u'sep_computer_ids': u'D31AA16E0946C25D40C83823C500518B',
-                    u'sep_scan_action': None, u'sep_file_path': u'C:\\temp\\eicar.zip', u'sep_group_ids': u'CAD80F000946C25D6C150831060AA326',
-                    u'sep_sha256': None, u'sep_scan_type': {u'name': u'FULL_SCAN', u'id': 229}},
-         'metrics': {'package': 'fn-sep', 'timestamp': '2019-04-12 10:49:22', 'package_version': '1.0.0', 'host': 'myhost', 'version': '1.0', 'execution_time_ms': 12349},
-         'success': True, 'content': {u'commandID_computer': u'0F0CBDD7EDFF4634B23FA11F5AB81FFC', u'commandID_group': u'BB37F78894DB451B8E8921EC127667A3'},
-         'raw': '{"commandID_computer": "0F0CBDD7EDFF4634B23FA11F5AB81FFC", "commandID_group": "BB37F78894DB451B8E8921EC127667A3"}',
-         'reason': None,
-         'version': '1.0'
-}
-
-"""
-#  Globals
-# List of fields in datatable fn_sep_get_command_status script
-DATA_TBL_FIELDS = ["scan_commandID"]
-FN_NAME = "fn_sep_scan_endpoints"
-WF_NAME = "Initiate EOC Scan for Artifact"
-# Processing
-CONTENT = results.content
-INPUTS = results.inputs
-QUERY_EXECUTION_DATE = results["metrics"]["timestamp"]
-note_text = ''
-
-def main():
-    note_text = ''
-    if CONTENT  is not None:
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: Returned command id <b>{1}</b> for a <b>{2}</b> " \
-                    "scan on artifact <b>{3}</b> for Resilient function <b>{4}</b>"\
-            .format(WF_NAME, CONTENT["commandID_computer"], INPUTS["sep_scan_type"], artifact.value, FN_NAME)
-    else:
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: There was <b>no</b> command id returned for a " \
-                    "<b>{1}</b> scan on artifact <b>{2}</b> for Resilient function <b>{3}</b>"\
-            .format(WF_NAME, INPUTS["sep_scan_type"], INPUTS["sep_file_path"], artifact.value, FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
-if __name__ == "__main__":
-    main()
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_group_ids": </summary>
-<p>
-
-Value of `sep_group_ids` field can be refered from [Function - SEP - Get Groups](#function---sep---get-groups) function's output. <br>
-Ex. `id` attribute from following path `content-->content-->id`.
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_computer_ids": </summary>
-<p>
-
-Value of `sep_computer_ids` field can be refered from [Function - SEP - Get Computers](#function---sep---get-computers) function's output. <br>
-Ex. `uniqueId` attribute from following path `content-->content-->uniqueId`.
-
-</p>
-</details>
-
----
-## Function - SEP - Update Fingerprint List
-Updates an existing fingerprint list with a set of hash values.
-Note: Currently only supports MD5 hash type.
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_description` | `text` | No | `-` | The SEP object (e.g. scan) description. |
-| `sep_domainid` | `text` | No | `-` | The SEPM domain id. |
-| `sep_fingerprintlist_id` | `text` | No | `-` | Id of SEP fingerprint list |
-| `sep_fingerprintlist_name` | `text` | No | `-` | Name of a SEP fingerprint list. |
-| `sep_hash_value` | `text` | No | `-` | The hash value. Can be MD5 or SHA256 hash value. |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": {},
-  "inputs": {
-    "sep_description": "This is test of adding files in blacklist.",
-    "sep_domainid": "sep_domainid",
-    "sep_fingerprintlist_id": "sep_fingerprintlist_id",
-    "sep_fingerprintlist_name": "Test Blacklist Updated",
-    "sep_hash_value": "sep_hash_value"
-  },
-  "metrics": {
-    "execution_time_ms": 2087,
-    "host": "host",
-    "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 09:30:38",
-    "version": "1.0"
-  },
-  "raw": "{}",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-
-```python
-domain_content_results =  workflow.properties.get_domains_results
-fpl_content_results = workflow.properties.get_fingerprintlist_results
-domain_content = domain_content_results.content
-fpl_content = fpl_content_results.content
-
-for i in range(len(domain_content)):
-  if domain_content[i]["name"] ==  rule.properties.sep_domain_name:
-    inputs.sep_domainid = domain_content[i]["id"]
-    break
-
-if fpl_content["name"] ==  rule.properties.sep_fingerprintlist_name:
-    inputs.sep_fingerprintlist_id = fpl_content["id"]
-    inputs.sep_fingerprintlist_name = fpl_content["name"]
-    if fpl_content["data"] is not None:
-        inputs.sep_hash_value = artifact.value + ',' + ','.join(fpl_content["data"])
-    else:
-        inputs.sep_hash_value = artifact.value
-
-inputs.sep_description = "Fingerprint list '{}'".format(inputs.get("sep_fingerprintlist_name"))
-
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-##  Symantec Endpoint Protection  - fn_sep_update_fingerprint_list script ##
-# Example result:
-"""
-Result: {'inputs': {u'sep_description': u'Hash of type Malware MD5 Hash', u'sep_fingerprintlist_name': u'Blacklist_2',
-                   u'sep_hash_value': u'0B26E313ED4A7CA6904B0E9369E5B957,482F9B6E0CC4C1DBBD772AAAF088CB3A',
-                   u'sep_domainid': u'A9B4B7160946C25D24B6AA458EF5557F',
-                   u'sep_fingerprintlist_id': u'D132F4BA85D64E9F941906C2ECBF3F5F'
-                   },
-        'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-14 10:48:45', 'package_version': '1.0.0',
-                    'host': 'myhost.com', 'version': '1.0', 'execution_time_ms': 1131
-                    }, 'success': True,
-                    'content': '',
-                    'raw': '""',
-                    'reason': None,
-                    'version': '1.0'
-
-}
-"""
-FN_NAME = "fn_sep_update_fingerprint_list"
-WF_NAME = "Add Hash to Fingerprint List"
-CONTENT = results.content
-INPUTS = results.inputs
-
-def main():
-    if CONTENT is not None:
-        # If we got here we assume we are successsful, no status messgae is returned by api.
-        note_text = "Symantec SEP Integration: Workflow <b>{0}</b>: Successfully added MD5 hash <b>{1}</b> to fingerprint " \
-                    "list <b>{2}</b> for Resilient function <b>{3}</b>"\
-            .format(WF_NAME, artifact.value, INPUTS["sep_fingerprintlist_name"],
-                    FN_NAME)
-
-    else:
-        note_text += "Symantec SEP Integration: Workflow <b>{0}</b>: There was <b>no</b> results returned for Resilient " \
-                     "function <b>{1}</b>".format(WF_NAME, FN_NAME)
-
-    incident.addNote(helper.createRichText(note_text))
-
-if __name__ == "__main__":
-    main()
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_domainid": </summary>
-<p>
-
-Value of `sep_domainid` field can be refered from [Function - SEP - Get Domains](#function---sep---get-domains) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_fingerprintlist_id": </summary>
-<p>
-
-Value of `sep_fingerprintlist_id` field can be refered from [Function - SEP - Add Fingerprint List](#function---sep---add-fingerprint-list) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
-
-</p>
-</details>
-
----
-## Function - SEP - Upload File to SEPM
-Upload a file from an endpoint back to the SEPM server.
-Note: Only supports executable file types such as binary executable (.exe), batch (.bat), Windows installer package (.msi) etc. File source can be FILESYTEM, QUARANTINE or BOTH
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_computer_ids` | `text` | No | `-` | The list of computer ids on which to run the SEP command. |
-| `sep_file_path` | `text` | No | `-` | The file path of the suspect file. |
-| `sep_md5` | `text` | No | `-` | The MD5 hash value of the suspicious file. |
-| `sep_sha1` | `text` | No | `-` | The SHA1 hash value of the suspicious file. |
-| `sep_sha256` | `text` | No | `-` | The SHA256 hash value of the suspicious file. |
-| `sep_source` | `text` | No | `-` | The file source from where to search for the suspicious file. Possible values are: FILESYSTEM (default), QUARANTINE, or BOTH.  |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": {
-    "commandID": "commandID"
-  },
-  "inputs": {
-    "sep_computer_ids": "sep_computer_ids",
-    "sep_file_path": "C:/Users/Public/Documents/sample.exe",
-    "sep_md5": "sep_md5",
-    "sep_source": "FILESYSTEM"
-  },
-  "metrics": {
-    "execution_time_ms": 2270,
-    "host": "host",
-    "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 09:50:57",
-    "version": "1.0"
-  },
-  "raw": "{\"commandID\": \"commandID\"}",
-  "reason": null,
-  "success": true,
-  "version": "1.0"
-}
-```
-
-</p>
-</details>
-
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-
-```python
-inputs.sep_computer_ids = row.computer_id
-inputs.sep_file_path = row.file_path
-inputs.sep_source = rule.properties.sep_source
-hash_lengths  = [64, 40, 32]
-hvs = [None if h != len(row.hash_value) else row.hash_value for h in hash_lengths]
-inputs.sep_sha256 = hvs[0]
-inputs.sep_sha1 = hvs[1]
-inputs.sep_md5 = hvs[2]
-```
-
-</p>
-</details>
-
-<details><summary>Example Post-Process Script:</summary>
-<p>
-
-```python
-##  Symantec Endpoint Protection  - fn_sep_upload_file_to_sepm script ##
-# Example result:
-"""
-Result: { 'inputs': {u'sep_sha256': u'590f9895c2cbe93d47c3f7a3104fb843edfb5d5741330593d7d302a1e11e0ba5', u'sep_source': u'FILESYSTEM',
-                   u'sep_computer_ids': u'89AD1BBB0946C25D25E6C0984E971D8A', u'sep_file_path': u'C:\\temp\\New Text Document.txt',
-                   u'sep_sha1': None, u'sep_md5': None
-                   },
-         'metrics': {'package': 'fn-sep', 'timestamp': '2019-05-14 14:46:08', 'package_version': '1.0.0',
-                    'host': 'myhost', 'version': '1.0', 'execution_time_ms': 1226
-                   }, 'success': True,
-         'content': {u'commandID': u'1BFD8C9B3FD74FF4A2490FFE63314E7A'},
-         'raw': '{"commandID": "1BFD8C9B3FD74FF4A2490FFE63314E7A"}',
-         'reason': None,
-         'version': '1.0'
-}
-
-"""
-#  Globals
-# List of fields in datatable fn_sep_get_command_status script
-DATA_TBL_FIELDS = ["commandID"]
-fn_name = "fn_sep_upload_file_to_sepm"
-wf_name = "Upload file to SEPM server"
-content = results.content
-inputs = results.inputs
-# Processing
-
-if content  is not None:
-    noteText = "Symantec SEP Integration: Workflow <b>{0}</b>: Command excuted with id  <b>{1}</b> for artifact with " \
-               "type <b>{2}</b> and value <b>{3}</b> from source <b>{4}</b> for Resilient function <b>{5}</b>"\
-        .format(wf_name, content["commandID"], row.artifact_type, row.artifact_value, inputs["sep_source"], fn_name)
-    row.upload_commandid = content["commandID"]
-
-else:
-    noteText += "Symantec SEP Integration: Workflow <b>{0}</b>: There was <b>no</b> results returned for Resilient " \
-                "function <b>{1}</b>".format(wf_name, fn_name)
-
-incident.addNote(helper.createRichText(noteText))
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_computer_ids": </summary>
-<p>
-
-Value of `sep_computer_ids` field can be refered from [Function - SEP - Get Computers](#function---sep---get-computers) function's output. <br>
-Ex. `uniqueId` attribute from following path `content-->content-->uniqueId`.
-
-</p>
-</details>
-
----
-## Function - SEP: Cancel a Command
-Cancels an existing command by creating a new cancel command for clients for which the command is still pending.
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_command_id` | `text` | Yes | `-` | The command ID for which details are needed. |
-
-</p>
-</details>
-
-<details><summary>Outputs:</summary>
-<p>
-
-> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
-
-```python
-results = {
-  "content": {
-     "commandID":"8D77EE017C204AFEA4A10B682F15DBAE"
-  },
-  "inputs": {
-    "sep_command_id": "E1B09D9873174FD49CC622037C5F4AE4"
-  },
-  "metrics": {
-     "version":"1.0",
-     "package":"fn-sep",
-     "package_version":"1.0.2",
-     "host":"host",
-     "execution_time_ms":2106,
-     "timestamp":"2023-01-18 19:34:42"
-  },
-  "raw": "None",
-  "reason": "None",
-  "success":true,
-  "version": 2.0
-}
-```
-
-</p>
-</details>
-
-<details><summary>Steps to Fetch "sep_command_id": </summary>
-<p>
-
-Value of `sep_command_id` field can be refered from [Function - SEP - Scan Endpoints](#function---sep---scan-endpoints) function's output. <br>
-Ex. `commandID_group/commandID_computer` attribute from following path `content-->commandID_group/commandID_computer`.
-
-</p>
-</details>
-
----
-## Function - SEP: Get Critical Events Info
-Gets information related to critical events. 'results_limit' is not currently used for this function.
-
-<details><summary>Inputs:</summary>
-<p>
-
-| Name | Type | Required | Example | Tooltip |
-| ---- | :--: | :------: | ------- | ------- |
-| `sep_results_limit` | `number` | No | `5` | The maximum number of records to be returned. Page size must be between 1 and 10000 |
+| `sep_results_limit` | `number` | No | `5` | The maximum number of records to be returned. Page size must be between 1 and 10000 |
 
 </p>
 </details>
@@ -2579,344 +1046,323 @@ results = {
     "criticalEventsInfoList": [
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
+        "eventDateTime": "2024-06-26 14:02:38.0",
+        "eventId": "C73763EF092E5BB9462D7353C645BC2C",
         "message": "To enhance security, Symantec recommends that you should require the users in this client group to use passwords in the following situations: opening, stopping, or uninstalling the client, or importing the Sylink file. You should assign a password to the following client groups.\u003cbr/\u003e\u003cbr/\u003eDefault: My Company\u003cbr/\u003e\u003cbr/\u003e\u003cbr/\u003eFor information on how to enable password protection on the client, see: \u003ca href=\"https://techdocs.broadcom.com/bin/gethidpage.html?ux-context-string=sesm_computersnusers_policies_password_setting\u0026appid=SEP\u0026language=en\u0026format=rendered\" class=\"bluelink\" target=\"_blank\" rel=\"noopener\"\u003ePassword-protecting the Symantec Endpoint Protection client\u003c/a\u003e",
         "subject": "Some Symantec Endpoint Protection groups have not been assigned a password."
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 11, 2022 4:11:03 PM.",
+        "eventDateTime": "2024-06-26 14:02:50.0",
+        "eventId": "388DC550092E5BB9462D7353CF5066D4",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 26, 2024 7:02:34 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Your Symantec Endpoint Protection Trial license expires in 60 days. To continue to receive virus definitions and product updates, contact your \u0026lt;a class=\u0026quot;bluelink\u0026quot; onclick=\u0026quot;createWindowFromURL(\u0026#039;../util/universal-redirect.php?WhereWeWant=https://ced.broadcom.com/sep/14/partnerlocator\u0026#039;, \u0026#039;_blank\u0026#039;, \u0026#039;scrollbars=yes,width=800, height=650, resizable=yes, screenX=100, screenY=100\u0026#039;);\u0026quot; href=\u0026quot;#\u0026quot; \u0026gt;preferred reseller\u0026lt;/a\u0026gt;.\u0026lt;br\u0026gt;",
-        "subject": "Information: Symantec Trial license Expires In 60 Days"
-      },
-      {
-        "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Date: Dec 11, 2022 4:19:17 PM UTC\tServer: EC2AAA-1A0AAAA\nDownload: Successfully downloaded the Symantec Agent for Linux 14.3 RU5 package from LiveUpdate. This package is now available for deployment.",
+        "eventDateTime": "2024-06-26 14:03:03.0",
+        "eventId": "A091BB08092E5BB9462D735340E9132C",
+        "message": "Date: Jun 26, 2024 6:46:43 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the Symantec Agent for Linux 14.3 RU8 package from LiveUpdate. This package is now available for deployment.",
         "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Date: Dec 11, 2022 4:20:22 PM UTC\tServer: EC2AAA-1A0AAAA\nDownload: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU3 package from LiveUpdate. This package is now available for deployment.",
+        "eventDateTime": "2024-06-26 14:03:03.0",
+        "eventId": "8EC7022F092E5BB9462D73539D642D01",
+        "message": "Date: Jun 26, 2024 6:50:27 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the Symantec Agent for Linux 14.3 RU5 package from LiveUpdate. This package is now available for deployment.",
         "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Date: Dec 11, 2022 4:21:28 PM UTC\tServer: EC2AAA-1A0AAAA\nDownload: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU5 package from LiveUpdate. This package is now available for deployment.",
+        "eventDateTime": "2024-06-26 14:03:03.0",
+        "eventId": "CCF70323092E5BB9462D7353600B23F8",
+        "message": "Date: Jun 26, 2024 6:51:35 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU3 package from LiveUpdate. This package is now available for deployment.",
         "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Date: Dec 11, 2022 4:21:31 PM UTC\tServer: EC2AAA-1A0AAAA\nDownload: Successfully downloaded the Symantec Agent for Linux 14.3 RU4 package from LiveUpdate. This package is now available for deployment.",
+        "eventDateTime": "2024-06-26 14:03:03.0",
+        "eventId": "8F3BBDAE092E5BB9462D7353B2402856",
+        "message": "Date: Jun 26, 2024 6:52:23 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU6 package from LiveUpdate. This package is now available for deployment.",
         "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 12, 2022 7:37:15 AM.",
-        "subject": "Server Health Alert"
-      },
-      {
-        "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Number of clients changed: 1.  Changes could be that a client was added, renamed, or deleted, Unmanaged Detector status changed, client mode changed, or the hardware changed.",
-        "subject": "Informational: Symantec Endpoint Protection Computer List Changed"
-      },
-      {
-        "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 13, 2022 7:42:58 AM.",
-        "subject": "Server Health Alert"
+        "eventDateTime": "2024-06-26 14:03:03.0",
+        "eventId": "B935736A092E5BB9462D73537BBD9220",
+        "message": "Date: Jun 26, 2024 6:54:04 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU5 package from LiveUpdate. This package is now available for deployment.",
+        "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 14, 2022 4:32:24 AM.",
-        "subject": "Server Health Alert"
+        "eventDateTime": "2024-06-26 14:03:03.0",
+        "eventId": "2CAEEDB5092E5BB9462D7353ADD2908C",
+        "message": "Date: Jun 26, 2024 6:54:10 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the Symantec Agent for Linux 14.3 RU4 package from LiveUpdate. This package is now available for deployment.",
+        "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Date: Dec 14, 2022 4:37:47 AM UTC\tServer: EC2AAA-1A0AAAA\nDownload: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU6 package from LiveUpdate. This package is now available for deployment.",
+        "eventDateTime": "2024-06-26 14:03:03.0",
+        "eventId": "D34404C5092E5BB9462D73534707F282",
+        "message": "Date: Jun 26, 2024 6:54:28 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU8 package from LiveUpdate. This package is now available for deployment.",
         "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 15, 2022 4:32:27 AM.",
-        "subject": "Server Health Alert"
+        "eventDateTime": "2024-06-26 14:03:03.0",
+        "eventId": "D130C96D092E5BB9462D73538F0E81DE",
+        "message": "Date: Jun 26, 2024 6:54:46 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the Symantec Agent for Linux 14.3 RU6 package from LiveUpdate. This package is now available for deployment.",
+        "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 16, 2022 4:32:29 AM.",
-        "subject": "Server Health Alert"
+        "eventDateTime": "2024-06-26 14:29:46.0",
+        "eventId": "00AEA0F3092E5BB9462D7353169FDC4E",
+        "message": "Number of clients changed: 1.  Changes could be that a client was added, renamed, or deleted, Unmanaged Detector status changed, client mode changed, or the hardware changed.",
+        "subject": "Informational: Symantec Endpoint Protection Computer List Changed"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 19, 2022 4:32:29 AM.",
-        "subject": "Server Health Alert"
+        "eventDateTime": "2024-06-27 07:03:15.0",
+        "eventId": "6443D9CA092E5BB936229E5074834588",
+        "message": "Your Symantec Endpoint Protection Trial license expires in 60 days. To continue to receive virus definitions and product updates, contact your \u0026lt;a class=\u0026quot;bluelink\u0026quot; onclick=\u0026quot;createWindowFromURL(\u0026#039;../util/universal-redirect.php?WhereWeWant=https://ced.broadcom.com/sep/14/partnerlocator\u0026#039;, \u0026#039;_blank\u0026#039;, \u0026#039;scrollbars=yes,width=800, height=650, resizable=yes, screenX=100, screenY=100\u0026#039;);\u0026quot; href=\u0026quot;#\u0026quot; \u0026gt;preferred reseller\u0026lt;/a\u0026gt;.\u0026lt;br\u0026gt;",
+        "subject": "Information: Symantec Trial license Expires In 60 Days"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 13, 2022 5:42:55 PM.",
+        "eventDateTime": "2024-06-28 12:29:23.0",
+        "eventId": "5ED2B2DE092E5BB936229E5022E27035",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 28, 2024 5:29:04 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 14, 2022 2:32:21 PM.",
+        "eventDateTime": "2024-06-28 22:29:23.0",
+        "eventId": "D23F6954092E5BB936229E50AA2CB93F",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 28, 2024 3:29:06 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 15, 2022 2:32:20 PM.",
+        "eventDateTime": "2024-06-29 08:30:38.0",
+        "eventId": "10E1F0A9092E5BB97E3F195BF1A05A94",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 29, 2024 1:30:17 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 16, 2022 2:32:30 PM.",
-        "subject": "Server Health Alert"
+        "eventDateTime": "2024-07-08 17:58:05.0",
+        "eventId": "EC7CF59F092E5BB954B29F87D815C7AC",
+        "message": "Date: Jul 8, 2024 10:54:58 AM PDT\tServer: c95648v1\nDownload: Successfully downloaded the null package from LiveUpdate. This package is now available for deployment.",
+        "subject": "New software package available"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 19, 2022 2:32:31 PM.",
+        "eventDateTime": "2024-06-28 02:28:23.0",
+        "eventId": "1C4CB36B092E5BB936229E50775A9E56",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 27, 2024 7:28:02 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 20, 2022 4:32:25 AM.",
+        "eventDateTime": "2024-06-29 18:30:40.0",
+        "eventId": "C07CE910092E5BB97E3F195B25EC92BF",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 29, 2024 11:30:18 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 20, 2022 2:32:25 PM.",
+        "eventDateTime": "2024-06-30 04:30:45.0",
+        "eventId": "6E7A6527092E5BB97E3F195B1BCE841D",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 29, 2024 9:30:30 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 21, 2022 4:32:21 AM.",
+        "eventDateTime": "2024-06-30 14:30:49.0",
+        "eventId": "43E80046092E5BB97E3F195BC2F4AD74",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 30, 2024 7:30:32 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 21, 2022 2:32:21 PM.",
+        "eventDateTime": "2024-07-01 00:30:54.0",
+        "eventId": "1C8161DE092E5BB97E3F195BAFB5DBB1",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jun 30, 2024 5:30:36 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 22, 2022 4:32:23 AM.",
+        "eventDateTime": "2024-07-01 10:31:04.0",
+        "eventId": "573028FB092E5BB97E3F195B639B9F4D",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 1, 2024 3:30:50 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 23, 2022 4:32:20 AM.",
+        "eventDateTime": "2024-07-01 20:31:09.0",
+        "eventId": "A4D7D5C9092E5BB97E3F195BAEEF6330",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 1, 2024 1:30:55 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 26, 2022 4:32:25 AM.",
+        "eventDateTime": "2024-07-03 22:31:36.0",
+        "eventId": "0C680D8A092E5BB97E3F195B276EBAE8",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 3, 2024 3:31:18 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 27, 2022 4:32:27 AM.",
+        "eventDateTime": "2024-07-04 18:31:45.0",
+        "eventId": "9C5ED05E092E5BB97E3F195B9B610D17",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 4, 2024 11:31:30 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 28, 2022 4:32:27 AM.",
+        "eventDateTime": "2024-07-06 10:32:12.0",
+        "eventId": "62646CAA092E5BB97E3F195BA0C158E8",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 6, 2024 3:31:51 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 29, 2022 4:32:25 AM.",
+        "eventDateTime": "2024-07-07 06:32:24.0",
+        "eventId": "A51FCF09092E5BB97E3F195B11557294",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 6, 2024 11:32:02 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 22, 2022 2:32:23 PM.",
+        "eventDateTime": "2024-07-08 13:18:11.0",
+        "eventId": "58E62790092E5BB954B29F87B6A521C4",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 8, 2024 6:17:51 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 23, 2022 2:32:20 PM.",
+        "eventDateTime": "2024-07-08 23:18:04.0",
+        "eventId": "3A23B513092E5BB954B29F8789D7CF43",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 8, 2024 4:17:42 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 26, 2022 2:32:24 PM.",
+        "eventDateTime": "2024-07-02 06:31:13.0",
+        "eventId": "6F4FCE57092E5BB97E3F195B0E91B958",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 1, 2024 11:30:59 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 27, 2022 2:33:26 PM.",
+        "eventDateTime": "2024-07-02 16:31:18.0",
+        "eventId": "816E4D4F092E5BB97E3F195B3A42774E",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 2, 2024 9:31:00 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 28, 2022 2:32:27 PM.",
+        "eventDateTime": "2024-07-03 02:31:28.0",
+        "eventId": "520DD58E092E5BB97E3F195B7C029BFE",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 2, 2024 7:31:10 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 29, 2022 2:32:26 PM.",
+        "eventDateTime": "2024-07-04 08:31:40.0",
+        "eventId": "CDFCA802092E5BB97E3F195B7F1A8637",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 4, 2024 1:31:18 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 30, 2022 4:32:24 AM.",
+        "eventDateTime": "2024-07-05 04:31:52.0",
+        "eventId": "E9FEB9C7092E5BB97E3F195BF7613F08",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 4, 2024 9:31:32 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Dec 30, 2022 2:32:22 PM.",
+        "eventDateTime": "2024-07-05 14:32:02.0",
+        "eventId": "AC5F04BE092E5BB97E3F195B3897DEFB",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 5, 2024 7:31:44 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 2, 2023 4:32:25 AM.",
+        "eventDateTime": "2024-07-06 00:32:07.0",
+        "eventId": "DB847B29092E5BB97E3F195B18644C0E",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 5, 2024 5:31:44 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 2, 2023 2:32:21 PM.",
+        "eventDateTime": "2024-07-07 16:32:33.0",
+        "eventId": "8DA48D11092E5BB97E3F195BD8691A78",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 7, 2024 9:32:14 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 3, 2023 4:32:24 AM.",
+        "eventDateTime": "2024-07-08 02:32:38.0",
+        "eventId": "76530F37092E5BB97E3F195B364CA62E",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 7, 2024 7:32:16 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 3, 2023 2:32:22 PM.",
-        "subject": "Server Health Alert"
+        "eventDateTime": "2024-07-08 13:21:05.0",
+        "eventId": "3F45D825092E5BB954B29F875AE1D576",
+        "message": "Number of system events detected: 1 \r\nSystem events included: Server and Errors.\r\n\r\n",
+        "subject": "System Event Notification"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 4, 2023 4:32:26 AM.",
+        "eventDateTime": "2024-07-09 19:19:05.0",
+        "eventId": "8C428752092E5BB954B29F87BC51C1D2",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 9, 2024 12:18:46 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 4, 2023 2:32:25 PM.",
+        "eventDateTime": "2024-07-03 12:31:32.0",
+        "eventId": "48C3782D092E5BB97E3F195BD2035D87",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 3, 2024 5:31:08 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 5, 2023 4:32:27 AM.",
+        "eventDateTime": "2024-07-06 20:32:17.0",
+        "eventId": "06269CC1092E5BB97E3F195BB9232A9B",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 6, 2024 1:32:01 PM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 5, 2023 2:32:26 PM.",
+        "eventDateTime": "2024-07-09 09:19:05.0",
+        "eventId": "7A42801F092E5BB954B29F87CA0AE4E7",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 9, 2024 2:18:44 AM.",
         "subject": "Server Health Alert"
       },
       {
         "acknowledged": 0,
-        "eventDateTime": "eventDateTime",
-        "eventId": "eventId",
-        "message": "Server EC2AAA-1A0AAAA health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jan 6, 2023 4:32:24 AM.",
+        "eventDateTime": "2024-07-10 05:19:14.0",
+        "eventId": "C6C9F775092E5BB954B29F871CA45A10",
+        "message": "Server c95648v1 health status: poor. \nReason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. \nStatus reported on Jul 9, 2024 10:18:56 PM.",
         "subject": "Server Health Alert"
       }
     ],
-    "lastUpdated": 1672986455971,
-    "totalUnacknowledgedMessages": 47
+    "lastUpdated": 1720622406545,
+    "totalUnacknowledgedMessages": 44
   },
   "inputs": {},
   "metrics": {
-    "execution_time_ms": 2281,
-    "host": "host",
+    "execution_time_ms": 1078,
+    "host": "local",
     "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-06 06:27:36",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-10 10:40:06",
     "version": "1.0"
   },
   "raw": null,
@@ -2929,16 +1375,140 @@ results = {
 </p>
 </details>
 
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+None
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+from time import time
+
+now = int(time()*1000)
+results = playbook.functions.results.get_critical_events_info_results
+
+if not results.get("success"):
+  incident.addNote(f"Symantec SEP - Get Critical Events failed: {results.reason}")
+else:
+  for event in results.get("content", {}).get("criticalEventsInfoList", []):
+    row = incident.addRow("sep_critical_events")
+    row['date_added'] = now
+    row['event_id'] = event.get('eventId')
+    row['event_date'] = event.get('eventDateTime')
+    row['subject'] = event.get('subject')
+    row['message'] = event.get('message')
+    row['acknowledged'] = bool(event.get('acknowledged'))
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Get Domains
+Gets a list of all accessible domains.
+
+ ![screenshot: fn-sep---get-domains ](./doc/screenshots/fn-sep---get-domains.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": [
+    {
+      "administratorCount": 1,
+      "companyName": "IBM",
+      "contactInfo": null,
+      "createdTime": 1719408628134,
+      "description": null,
+      "enable": true,
+      "id": "6E70F043092E5BB93F74FD57C083F99E",
+      "name": "Default"
+    }
+  ],
+  "inputs": {},
+  "metrics": {
+    "execution_time_ms": 4283,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-15 08:30:19",
+    "version": "1.0"
+  },
+  "raw": "[{\"id\": \"6E70F043092E5BB93F74FD57C083F99E\", \"name\": \"Default\", \"description\": null, \"createdTime\": 1719408628134, \"enable\": true, \"companyName\": \"IBM\", \"contactInfo\": null, \"administratorCount\": 1}]",
+  "reason": null,
+  "success": true,
+  "version": "1.0"
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+None
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+fn_name = "fn_sep_get_domains"
+wf_name = "Example: SEP - Get Groups information"
+results = playbook.functions.results.get_domains_results
+content = results.get("content", [])
+domainid = None
+for i in range(len(content)):
+  if content[i].get("name") == playbook.inputs.sep_domain_name:
+    domainid = content[i].get("id")
+    break
+if domainid:
+  playbook.addProperty("domid_exists", {"exists": True})
+else:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThe domain name <b>{1}</b> was not found " \
+              "for SOAR function <b>{2}</b>.".format(wf_name, str(playbook.inputs.sep_domain_name), fn_name)
+  incident.addNote(helper.createRichText(note_text))
+```
+
+</p>
+</details>
+
 ---
-## Function - SEP: Get Exceptions Policy
+## Function - SEP - Get Exceptions Policy
 Get the exceptions policy for specified policy id.
 
+ ![screenshot: fn-sep---get-exceptions-policy ](./doc/screenshots/fn-sep---get-exceptions-policy.png)
+
 <details><summary>Inputs:</summary>
 <p>
 
 | Name | Type | Required | Example | Tooltip |
 | ---- | :--: | :------: | ------- | ------- |
-| `sep_exceptions_id` | `text` | Yes | `-` | The ID of the exceptions policy to get. See the Policy Summary function which returns policy IDs. |
+| `sep_exceptions_id` | `text` | Yes | `-` | The ID of the exceptions policy to get |
 
 </p>
 </details>
@@ -2953,7 +1523,14 @@ results = {
   "content": {
     "configuration": {
       "applications": [],
-      "applications_to_monitor": [],
+      "applications_to_monitor": [
+        {
+          "name": "net.exe",
+          "rulestate": {
+            "enabled": true
+          }
+        }
+      ],
       "blacklistrules": [],
       "certificates": [],
       "directories": [],
@@ -2961,38 +1538,7 @@ results = {
       "dns_and_host_blacklistrules": [],
       "extension_list": null,
       "files": [],
-      "knownrisks": [
-        {
-          "action": "IGNORE",
-          "rulestate": {
-            "enabled": true
-          },
-          "threat": {
-            "id": "id",
-            "name": "name"
-          }
-        },
-        {
-          "action": "IGNORE",
-          "rulestate": {
-            "enabled": true
-          },
-          "threat": {
-            "id": "id",
-            "name": "name"
-          }
-        },
-        {
-          "action": "IGNORE",
-          "rulestate": {
-            "enabled": true
-          },
-          "threat": {
-            "id": "id",
-            "name": "name"
-          }
-        }
-      ],
+      "knownrisks": [],
       "linux": {
         "directories": [],
         "extension_list": null
@@ -3004,32 +1550,103 @@ results = {
       "tamper_files": [],
       "webdomains": []
     },
-    "desc": "test",
+    "desc": "Created automatically during product installation.",
     "enabled": true,
-    "lastmodifiedtime": 1671002049331,
+    "lastmodifiedtime": 1720451135816,
     "lockedoptions": {
-      "application": false,
-      "certificate": false,
-      "dnshostfile": false,
-      "domain": false,
-      "extension": false,
-      "file": false,
-      "knownrisk": false,
+      "application": true,
+      "certificate": true,
+      "dnshostfile": true,
+      "domain": true,
+      "extension": true,
+      "file": true,
+      "knownrisk": true,
       "securityrisk": false,
-      "sonar": false
+      "sonar": true
     },
-    "name": "name",
+    "name": "Exceptions policy",
     "sources": []
   },
   "inputs": {
-    "sep_exceptions_id": "sep_exceptions_id"
+    "sep_exceptions_id": "523B0176092E5BB97F83814D1657F3A4"
   },
   "metrics": {
-    "execution_time_ms": 2262,
-    "host": "host",
+    "execution_time_ms": 1294,
+    "host": "local",
     "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-05 10:28:10",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-10 10:45:19",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sep_exceptions_id = playbook.inputs.sep_exceptions_id
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+from json import dumps
+
+results = playbook.functions.results.get_exceptions_policy_results
+if not results.get("success"):
+  incident.addNote(f"SEP Exceptions Policy {playbook.inputs.sep_exceptions_id} error. Reason: {results.get('reason')}")
+else:
+  incident.addNote(f"SEP Exceptions Policy: {playbook.inputs.sep_exceptions_id}\n\n{dumps(results.get('content'), indent=4)}")
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Get File Content as Base64
+Get contents of a file uploaded to SEPM server as a Base64 string for a given file ID.
+
+ ![screenshot: fn-sep---get-file-content-as-base64 ](./doc/screenshots/fn-sep---get-file-content-as-base64.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_file_id` | `text` | No | `-` | The file ID from which to get detailed information. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": "WDVPIVAlQEFQWzRcUFpYNTQoUF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNULUZJTEUhJEgrSCo=",
+  "inputs": {
+    "sep_file_id": "A5E2EE53092E5BB91EBE5413EE47C386"
+  },
+  "metrics": {
+    "execution_time_ms": 1098,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-29 10:04:04",
     "version": "1.0"
   },
   "raw": null,
@@ -3038,28 +1655,179 @@ results = {
   "version": 2.0
 }
 ```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sep_file_id = row.file_id
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+## Symantec Endpoint Protection - fn_sep_get_file_content_as_base64 ##
+# Globals
+DATA_TBL_FIELDS = []
+FN_NAME = "fn_sep_get_file_content_as_base64"
+WF_NAME = "Get File Content as Base64 string"
+# List of fields in datatable fn_amp_get_computers script
+DATA_TBL_FIELDS = []
+results = playbook.functions.results.get_file_content_as_base65_results
+CONTENT = results.get("content")
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
+
+# Processing
+note_text = ''
+if CONTENT:
+    note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nReturned Base64 string of size <b>{1}</b> returned " \
+                "for SOAR function <b>{2}</b>".format(WF_NAME, len(CONTENT), FN_NAME)
+else:
+    note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere was <b>no</b> result returned for " \
+                "SOAR function <b>{1}</b>".format(WF_NAME, FN_NAME)
+
+incident.addNote(helper.createRichText(note_text))
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Get Fingerprint List
+Get the fingerprint list information for a specified name or id.
+
+ ![screenshot: fn-sep---get-fingerprint-list ](./doc/screenshots/fn-sep---get-fingerprint-list.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_domainid` | `text` | No | `-` | The SEPM domain id. |
+| `sep_fingerprintlist_id` | `text` | No | `-` | Id of SEP fingerprint list |
+| `sep_fingerprintlist_name` | `text` | No | `-` | Name of a SEP fingerprint list. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "appErrorCode": "",
+    "errorCode": "410",
+    "errorMessage": "Fingerprint list with ID Blacklist2 do not exist"
+  },
+  "inputs": {
+    "sep_domainid": "6E70F043092E5BB93F74FD57C083F99E",
+    "sep_fingerprintlist_name": "Blacklist2"
+  },
+  "metrics": {
+    "execution_time_ms": 995,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-15 08:30:24",
+    "version": "1.0"
+  },
+  "raw": "{\"errorCode\": \"410\", \"appErrorCode\": \"\", \"errorMessage\": \"Fingerprint list with ID Blacklist2 do not exist\"}",
+  "reason": null,
+  "success": true,
+  "version": "1.0"
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+domain_content = playbook.functions.results.get_domains_results.get("content", [])
+
+for i in range(len(domain_content)):
+  if domain_content[i].get("name") == playbook.inputs.sep_domain_name:
+    inputs.sep_domainid = domain_content[i].get("id")
+    break
+
+inputs.sep_fingerprintlist_name = playbook.inputs.sep_fingerprintlist_name
+```
+
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_exceptions_id": </summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
-Value of `sep_exceptions_id` field can be refered from [Function - SEP: Get Policy Summary](#function---sep-get-policy-summary) function's output. <br>
-Ex. `id` attribute from following path `content-->content-->id` where `"name": "Exceptions policy"`.
+```python
+## Symantec Endpoint Protection - fn_sep_get_fingerprint_list script ##
+# Globals
+# List of fields in datatable fn_sep_get_fingerprint_list script
+DATA_TBL_FIELDS = ["domain_name", "list_name", "list_id", "list_description", "hash_values", "hash_type", "group_ids"]
+WF_NAME = "Add Hash to Fingerprint List"
+results = playbook.functions.results.get_fingerprintlist_results
+CONTENT = results.get("content")
+INPUTS = results.get("inputs")
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
+
+# Processing
+fpl_exists = hash_in_list = False
+note_text = ''
+if CONTENT:
+  if CONTENT.get("errorCode") and int(CONTENT.get("errorCode")) == 410:
+    # The finger print list doesn't already exist.
+    pass
+  elif CONTENT.get("data"):
+    # The finger print list exists set flag for gateway.
+    fpl_exists = True
+    playbook.addProperty("fpl_exists", {"exists": True})
+  if CONTENT.get("data"):
+    # Check if data is in new format. A list of dictionaries
+    if isinstance(CONTENT.get("data", [])[0], dict):
+      if artifact.value.upper() in [h.upper() for d in CONTENT.get("data") for h in d]:
+        # Finger print list exists and hash in list set flag for hash in list.
+        hash_in_list = True
+    else:
+      if artifact.value.upper() in [d.upper() for d in CONTENT.get("data")]:
+        # Finger print list exists and hash in list set flag for hash in list.
+        hash_in_list = True
+    if hash_in_list:
+      playbook.addProperty("hash_in_list", {"hash_in_list": True})
+
+if fpl_exists and hash_in_list:
+  note_text = f"""Symantec SEP Integration:
+                  playbook <b>{WF_NAME}</b>:
+                  The hash <b>{artifact.value}</b> has already been added to fingerprint list <b>{INPUTS.get('sep_fingerprintlist_name')}</b> for domain id <b>{INPUTS.get('sep_domainid')}</b>."""
+  incident.addNote(helper.createRichText(note_text))
+```
 
 </p>
 </details>
 
 ---
-## Function - SEP: Get Firewall Policy
+## Function - SEP - Get Firewall Policy
 Get the firewall policy for specified policy id.
 
+ ![screenshot: fn-sep---get-firewall-policy ](./doc/screenshots/fn-sep---get-firewall-policy.png)
+
 <details><summary>Inputs:</summary>
 <p>
 
 | Name | Type | Required | Example | Tooltip |
 | ---- | :--: | :------: | ------- | ------- |
-| `sep_firewall_id` | `text` | Yes | `-` | The ID of the firewall policy to get. See the Policy Summary function which returns policy IDs.|
+| `sep_firewall_id` | `text` | Yes | `-` | The ID of the firewall policy to get. |
 
 </p>
 </details>
@@ -3085,7 +1853,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3144,43 +1912,43 @@ results = {
           "hosts": [
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "10.255.255.255",
+                "ip_start": "10.0.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "172.31.255.255",
+                "ip_start": "172.16.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "192.168.255.255",
+                "ip_start": "192.168.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "169.254.255.255",
+                "ip_start": "169.254.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fc00::"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fe80::"
               },
               "location": "REMOTE"
             }
@@ -3194,7 +1962,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "69FF496F092E5BB94E898D1E4D224D28"
         },
         {
           "action": "BLOCK",
@@ -3203,7 +1971,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3269,7 +2037,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "0F37D0BB092E5BB90B7A03EDE1B3DB2C"
         },
         {
           "action": "ALLOW",
@@ -3278,7 +2046,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3315,7 +2083,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "98E6DD8D092E5BB94F3948010B0EEAC9"
         },
         {
           "action": "ALLOW",
@@ -3324,7 +2092,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3349,43 +2117,43 @@ results = {
           "hosts": [
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "10.255.255.255",
+                "ip_start": "10.0.0.0"
               },
               "location": "SRC"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "172.31.255.255",
+                "ip_start": "172.16.0.0"
               },
               "location": "SRC"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "192.168.255.255",
+                "ip_start": "192.168.0.0"
               },
               "location": "SRC"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "169.254.255.255",
+                "ip_start": "169.254.0.0"
               },
               "location": "SRC"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fc00::"
               },
               "location": "SRC"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fe80::"
               },
               "location": "SRC"
             }
@@ -3399,7 +2167,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "0E2B7C47092E5BB97B9071E9F20B71B5"
         },
         {
           "action": "BLOCK",
@@ -3408,7 +2176,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3440,7 +2208,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "0BC3E9F0092E5BB9669E0FD237C8578E"
         },
         {
           "action": "ALLOW",
@@ -3449,7 +2217,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3498,43 +2266,43 @@ results = {
           "hosts": [
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "10.255.255.255",
+                "ip_start": "10.0.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "172.31.255.255",
+                "ip_start": "172.16.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "192.168.255.255",
+                "ip_start": "192.168.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "169.254.255.255",
+                "ip_start": "169.254.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fc00::"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fe80::"
               },
               "location": "REMOTE"
             }
@@ -3548,7 +2316,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "A6037EFE092E5BB936343F3A4F976490"
         },
         {
           "action": "BLOCK",
@@ -3557,7 +2325,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3613,7 +2381,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "D0B6ED57092E5BB92AD7E416CEC5B38E"
         },
         {
           "action": "ALLOW",
@@ -3622,7 +2390,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3647,43 +2415,43 @@ results = {
           "hosts": [
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "10.255.255.255",
+                "ip_start": "10.0.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "172.31.255.255",
+                "ip_start": "172.16.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "192.168.255.255",
+                "ip_start": "192.168.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "169.254.255.255",
+                "ip_start": "169.254.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fc00::"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fe80::"
               },
               "location": "REMOTE"
             }
@@ -3697,7 +2465,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "E232F5CA092E5BB9101039267C0E0589"
         },
         {
           "action": "BLOCK",
@@ -3706,7 +2474,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3731,8 +2499,8 @@ results = {
           "hosts": [
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "255.255.255.255",
+                "ip_start": "0.0.0.1"
               },
               "location": "REMOTE"
             }
@@ -3746,7 +2514,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "F39698A8092E5BB9465A33C08E4E132B"
         },
         {
           "action": "ALLOW",
@@ -3755,7 +2523,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3787,7 +2555,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "989BB854092E5BB93FABBA6EDC80EC8E"
         },
         {
           "action": "ALLOW",
@@ -3796,7 +2564,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3821,43 +2589,43 @@ results = {
           "hosts": [
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "10.255.255.255",
+                "ip_start": "10.0.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "172.31.255.255",
+                "ip_start": "172.16.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "192.168.255.255",
+                "ip_start": "192.168.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "169.254.255.255",
+                "ip_start": "169.254.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fc00::"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fe80::"
               },
               "location": "REMOTE"
             }
@@ -3871,7 +2639,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "EAD641B3092E5BB932821F06F1DF3BC0"
         },
         {
           "action": "BLOCK",
@@ -3880,7 +2648,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3912,7 +2680,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "D2A71E10092E5BB9148778DE794E7D5B"
         },
         {
           "action": "ALLOW",
@@ -3921,7 +2689,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -3946,43 +2714,43 @@ results = {
           "hosts": [
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "10.255.255.255",
+                "ip_start": "10.0.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "172.31.255.255",
+                "ip_start": "172.16.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "192.168.255.255",
+                "ip_start": "192.168.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "169.254.255.255",
+                "ip_start": "169.254.0.0"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fc00::"
               },
               "location": "REMOTE"
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                "ip_start": "fe80::"
               },
               "location": "REMOTE"
             }
@@ -3996,7 +2764,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "7D3F9127092E5BB9266A3276D4C51F7F"
         },
         {
           "action": "BLOCK",
@@ -4005,7 +2773,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4037,7 +2805,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "39230892092E5BB957AF518273836C33"
         },
         {
           "action": "ALLOW",
@@ -4046,7 +2814,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4094,7 +2862,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "73E8BCB4092E5BB938013D7530FA8804"
         },
         {
           "action": "ALLOW",
@@ -4103,7 +2871,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": [
@@ -4124,7 +2892,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "E30F6208092E5BB96C448A07BA9C4A95"
         },
         {
           "action": "ALLOW",
@@ -4133,7 +2901,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4152,7 +2920,7 @@ results = {
                 6
               ],
               "svc_name": "VPN --- PPTP",
-              "svc_uid": "svc_uid"
+              "svc_uid": "C8013082092E5BB93CFA886C25C48A04"
             },
             {
               "direction_id": 0,
@@ -4178,7 +2946,7 @@ results = {
                 17
               ],
               "svc_name": "VPN --- PPTP",
-              "svc_uid": "svc_uid"
+              "svc_uid": "C8013082092E5BB93CFA886C25C48A04"
             },
             {
               "direction_id": 0,
@@ -4189,7 +2957,7 @@ results = {
                 50
               ],
               "svc_name": "VPN --- PPTP",
-              "svc_uid": "svc_uid"
+              "svc_uid": "C8013082092E5BB93CFA886C25C48A04"
             },
             {
               "direction_id": 0,
@@ -4210,7 +2978,7 @@ results = {
                 6
               ],
               "svc_name": "VPN --- Check Point",
-              "svc_uid": "svc_uid"
+              "svc_uid": "FF34EE4A092E5BB92609F4E71C39D814"
             },
             {
               "direction_id": 0,
@@ -4241,7 +3009,7 @@ results = {
                 6
               ],
               "svc_name": "VPN --- Check Point",
-              "svc_uid": "svc_uid"
+              "svc_uid": "FF34EE4A092E5BB92609F4E71C39D814"
             },
             {
               "direction_id": 0,
@@ -4262,7 +3030,7 @@ results = {
                 17
               ],
               "svc_name": "VPN --- Check Point",
-              "svc_uid": "svc_uid"
+              "svc_uid": "FF34EE4A092E5BB92609F4E71C39D814"
             },
             {
               "direction_id": 0,
@@ -4288,7 +3056,7 @@ results = {
                 17
               ],
               "svc_name": "VPN --- Check Point",
-              "svc_uid": "svc_uid"
+              "svc_uid": "FF34EE4A092E5BB92609F4E71C39D814"
             },
             {
               "direction_id": 0,
@@ -4298,7 +3066,7 @@ results = {
                 50
               ],
               "svc_name": "VPN --- Check Point",
-              "svc_uid": "svc_uid"
+              "svc_uid": "FF34EE4A092E5BB92609F4E71C39D814"
             },
             {
               "direction_id": 0,
@@ -4308,7 +3076,7 @@ results = {
                 17
               ],
               "svc_name": "VPN --- Check Point",
-              "svc_uid": "svc_uid"
+              "svc_uid": "FF34EE4A092E5BB92609F4E71C39D814"
             },
             {
               "direction_id": 0,
@@ -4329,7 +3097,7 @@ results = {
                 17
               ],
               "svc_name": "VPN --- NetScreen",
-              "svc_uid": "svc_uid"
+              "svc_uid": "5D7E9B38092E5BB968DCBE0FDFE2A339"
             },
             {
               "direction_id": 0,
@@ -4339,7 +3107,7 @@ results = {
                 50
               ],
               "svc_name": "VPN --- NetScreen",
-              "svc_uid": "svc_uid"
+              "svc_uid": "5D7E9B38092E5BB968DCBE0FDFE2A339"
             },
             {
               "direction_id": 0,
@@ -4360,7 +3128,7 @@ results = {
                 17
               ],
               "svc_name": "VPN --- Cisco 5000",
-              "svc_uid": "svc_uid"
+              "svc_uid": "50F33FE0092E5BB95DA9DB7BFD3A2E41"
             },
             {
               "direction_id": 0,
@@ -4370,7 +3138,7 @@ results = {
                 50
               ],
               "svc_name": "VPN --- Cisco 5000",
-              "svc_uid": "svc_uid"
+              "svc_uid": "50F33FE0092E5BB95DA9DB7BFD3A2E41"
             },
             {
               "direction_id": 0,
@@ -4396,7 +3164,7 @@ results = {
                 17
               ],
               "svc_name": "VPN --- Cisco 3000",
-              "svc_uid": "svc_uid"
+              "svc_uid": "EF3159B9092E5BB94CDFCE3DB8806921"
             },
             {
               "direction_id": 0,
@@ -4406,7 +3174,7 @@ results = {
                 50
               ],
               "svc_name": "VPN --- Cisco 3000",
-              "svc_uid": "svc_uid"
+              "svc_uid": "EF3159B9092E5BB94CDFCE3DB8806921"
             },
             {
               "direction_id": 0,
@@ -4422,7 +3190,7 @@ results = {
                 6
               ],
               "svc_name": "VPN --- Nortel",
-              "svc_uid": "svc_uid"
+              "svc_uid": "B8C0FD37092E5BB96C6760F6E662A23D"
             },
             {
               "direction_id": 0,
@@ -4443,7 +3211,7 @@ results = {
                 6
               ],
               "svc_name": "VPN --- Nortel",
-              "svc_uid": "svc_uid"
+              "svc_uid": "B8C0FD37092E5BB96C6760F6E662A23D"
             },
             {
               "direction_id": 0,
@@ -4464,7 +3232,7 @@ results = {
                 17
               ],
               "svc_name": "VPN --- Nortel",
-              "svc_uid": "svc_uid"
+              "svc_uid": "B8C0FD37092E5BB96C6760F6E662A23D"
             },
             {
               "direction_id": 0,
@@ -4474,7 +3242,7 @@ results = {
                 50
               ],
               "svc_name": "VPN --- Nortel",
-              "svc_uid": "svc_uid"
+              "svc_uid": "B8C0FD37092E5BB96C6760F6E662A23D"
             },
             {
               "direction_id": 0,
@@ -4495,7 +3263,7 @@ results = {
                 6
               ],
               "svc_name": "VPN --- Aventail",
-              "svc_uid": "svc_uid"
+              "svc_uid": "5A6BBF37092E5BB924BD0656C5EDC154"
             },
             {
               "direction_id": 0,
@@ -4505,7 +3273,7 @@ results = {
                 50
               ],
               "svc_name": "VPN --- Aventail",
-              "svc_uid": "svc_uid"
+              "svc_uid": "5A6BBF37092E5BB924BD0656C5EDC154"
             }
           ],
           "desc": null,
@@ -4520,7 +3288,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 4,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "ADB2292C092E5BB93065667F4A40BFF9"
         },
         {
           "action": "ALLOW",
@@ -4529,7 +3297,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4552,7 +3320,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 4,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "E7E47214092E5BB92AB2B3A0E2776740"
         },
         {
           "action": "ALLOW",
@@ -4561,7 +3329,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4587,7 +3355,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 4,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "E764F25C092E5BB90FF2A93E70D04A8C"
         },
         {
           "action": "ALLOW",
@@ -4596,7 +3364,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4642,7 +3410,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "65AFBD1C092E5BB9643C123950557886"
         },
         {
           "action": "BLOCK",
@@ -4651,7 +3419,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4665,8 +3433,8 @@ results = {
             },
             {
               "ip_range": {
-                "ip_end": "ip_end",
-                "ip_start": "ip_start"
+                "ip_end": "239.255.255.255",
+                "ip_start": "224.0.0.0"
               },
               "location": "LOCAL"
             }
@@ -4680,7 +3448,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 1,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "6A35F99F092E5BB95DDD5B2960C09319"
         },
         {
           "action": "BLOCK",
@@ -4689,7 +3457,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4712,7 +3480,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 1,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "0B2AE82F092E5BB978629101355BF16B"
         },
         {
           "action": "BLOCK",
@@ -4721,7 +3489,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4738,7 +3506,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 1,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "604C4BAA092E5BB9343DAC446707079F"
         }
       ],
       "dos": false,
@@ -4756,7 +3524,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4779,7 +3547,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "AF6C0B7F092E5BB90F1F6AAAA6A9091C"
         },
         {
           "action": "BLOCK",
@@ -4788,7 +3556,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4820,7 +3588,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "93B197B4092E5BB97B99073C27A4A7FB"
         },
         {
           "action": "BLOCK",
@@ -4829,7 +3597,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4855,7 +3623,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "C15FF9A5092E5BB903C0D2ECA39FB09D"
         },
         {
           "action": "ALLOW",
@@ -4864,7 +3632,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4937,7 +3705,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "3FA24409092E5BB9047C4962ECE67CBF"
         },
         {
           "action": "BLOCK",
@@ -4946,7 +3714,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -4980,7 +3748,7 @@ results = {
                 6
               ],
               "svc_name": "SNMP Management",
-              "svc_uid": "svc_uid"
+              "svc_uid": "CE856BE3092E5BB95C42D34F3BD620DD"
             },
             {
               "direction_id": 0,
@@ -5011,7 +3779,7 @@ results = {
                 17
               ],
               "svc_name": "SNMP Management",
-              "svc_uid": "svc_uid"
+              "svc_uid": "CE856BE3092E5BB95C42D34F3BD620DD"
             },
             {
               "direction_id": 0,
@@ -5042,7 +3810,7 @@ results = {
                 6
               ],
               "svc_name": "SNMP Client",
-              "svc_uid": "svc_uid"
+              "svc_uid": "EF333F34092E5BB96FBAC8682039FA34"
             },
             {
               "direction_id": 0,
@@ -5073,7 +3841,7 @@ results = {
                 17
               ],
               "svc_name": "SNMP Client",
-              "svc_uid": "svc_uid"
+              "svc_uid": "EF333F34092E5BB96FBAC8682039FA34"
             }
           ],
           "desc": null,
@@ -5088,7 +3856,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "06DBD8D4092E5BB95C50F9F0BD7C1EBD"
         },
         {
           "action": "ALLOW",
@@ -5097,7 +3865,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -5120,7 +3888,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "033A04EE092E5BB9145E670ACDEA46E7"
         },
         {
           "action": "ALLOW",
@@ -5129,7 +3897,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -5152,7 +3920,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "D6C2BB7E092E5BB9439171F2482999EF"
         },
         {
           "action": "ALLOW",
@@ -5161,7 +3929,7 @@ results = {
               "enabled": true,
               "name": "All Adapters",
               "type": "ANY",
-              "uid": "uid"
+              "uid": "88FCC040092E5BB930FDDC8EEE3946B6"
             }
           ],
           "applications": null,
@@ -5184,7 +3952,7 @@ results = {
           "screen_saver": "ANY",
           "severity": 3,
           "time_slots": null,
-          "uid": "uid"
+          "uid": "0EBEEDC5092E5BB94D53BF4F111AC78C"
         }
       ],
       "hide_os": false,
@@ -5296,43 +4064,43 @@ results = {
             "hosts": [
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "10.255.255.255",
+                  "ip_start": "10.0.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "172.31.255.255",
+                  "ip_start": "172.16.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "192.168.255.255",
+                  "ip_start": "192.168.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "169.254.255.255",
+                  "ip_start": "169.254.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                  "ip_start": "fc00::"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                  "ip_start": "fe80::"
                 },
                 "location": "REMOTE"
               }
@@ -5346,7 +4114,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "53DACF1E092E5BB90D7BE4F2910F0F6A"
           },
           {
             "action": "BLOCK",
@@ -5447,7 +4215,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "77A01134092E5BB97F7828DF8D14642D"
           },
           {
             "action": "ALLOW",
@@ -5486,7 +4254,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "9507DAE4092E5BB9147007D3306BB8DC"
           },
           {
             "action": "ALLOW",
@@ -5513,43 +4281,43 @@ results = {
             "hosts": [
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "10.255.255.255",
+                  "ip_start": "10.0.0.0"
                 },
                 "location": "SRC"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "172.31.255.255",
+                  "ip_start": "172.16.0.0"
                 },
                 "location": "SRC"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "192.168.255.255",
+                  "ip_start": "192.168.0.0"
                 },
                 "location": "SRC"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "169.254.255.255",
+                  "ip_start": "169.254.0.0"
                 },
                 "location": "SRC"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                  "ip_start": "fc00::0"
                 },
                 "location": "SRC"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                  "ip_start": "fe80::0"
                 },
                 "location": "SRC"
               }
@@ -5563,7 +4331,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "294E17C9092E5BB92AAFDCFC6AF01270"
           },
           {
             "action": "BLOCK",
@@ -5597,7 +4365,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "05942D1E092E5BB96DD96AA5199D35BC"
           },
           {
             "action": "ALLOW",
@@ -5624,43 +4392,43 @@ results = {
             "hosts": [
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "10.255.255.255",
+                  "ip_start": "10.0.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "172.31.255.255",
+                  "ip_start": "172.16.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "192.168.255.255",
+                  "ip_start": "192.168.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "169.254.255.255",
+                  "ip_start": "169.254.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                  "ip_start": "fc00::0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                  "ip_start": "fe80::0"
                 },
                 "location": "REMOTE"
               }
@@ -5674,7 +4442,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "F829FB4A092E5BB92B1F80E5388C0870"
           },
           {
             "action": "BLOCK",
@@ -5708,7 +4476,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "DF25F540092E5BB962A1555998460F41"
           },
           {
             "action": "ALLOW",
@@ -5758,7 +4526,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "19B6E398092E5BB96A30E07E951FE96B"
           },
           {
             "action": "ALLOW",
@@ -5784,7 +4552,7 @@ results = {
                   17
                 ],
                 "svc_name": "VPN --- NetScreen",
-                "svc_uid": "svc_uid"
+                "svc_uid": "5D7E9B38092E5BB968DCBE0FDFE2A339"
               },
               {
                 "direction_id": 0,
@@ -5794,7 +4562,7 @@ results = {
                   50
                 ],
                 "svc_name": "VPN --- NetScreen",
-                "svc_uid": "svc_uid"
+                "svc_uid": "5D7E9B38092E5BB968DCBE0FDFE2A339"
               },
               {
                 "direction_id": 0,
@@ -5815,7 +4583,7 @@ results = {
                   17
                 ],
                 "svc_name": "VPN --- Cisco 5000",
-                "svc_uid": "svc_uid"
+                "svc_uid": "50F33FE0092E5BB95DA9DB7BFD3A2E41"
               },
               {
                 "direction_id": 0,
@@ -5825,7 +4593,7 @@ results = {
                   50
                 ],
                 "svc_name": "VPN --- Cisco 5000",
-                "svc_uid": "svc_uid"
+                "svc_uid": "50F33FE0092E5BB95DA9DB7BFD3A2E41"
               },
               {
                 "direction_id": 0,
@@ -5851,7 +4619,7 @@ results = {
                   17
                 ],
                 "svc_name": "VPN --- Cisco 3000",
-                "svc_uid": "svc_uid"
+                "svc_uid": "EF3159B9092E5BB94CDFCE3DB8806921"
               },
               {
                 "direction_id": 0,
@@ -5861,7 +4629,7 @@ results = {
                   50
                 ],
                 "svc_name": "VPN --- Cisco 3000",
-                "svc_uid": "svc_uid"
+                "svc_uid": "EF3159B9092E5BB94CDFCE3DB8806921"
               },
               {
                 "direction_id": 0,
@@ -5877,7 +4645,7 @@ results = {
                   6
                 ],
                 "svc_name": "VPN --- OS X",
-                "svc_uid": "svc_uid"
+                "svc_uid": "7889F07C092E5BB96A66B39A1E88630C"
               },
               {
                 "direction_id": 0,
@@ -5893,7 +4661,7 @@ results = {
                   6
                 ],
                 "svc_name": "VPN --- OS X",
-                "svc_uid": "svc_uid"
+                "svc_uid": "7889F07C092E5BB96A66B39A1E88630C"
               },
               {
                 "direction_id": 0,
@@ -5919,7 +4687,7 @@ results = {
                   17
                 ],
                 "svc_name": "VPN --- OS X",
-                "svc_uid": "svc_uid"
+                "svc_uid": "7889F07C092E5BB96A66B39A1E88630C"
               },
               {
                 "direction_id": 0,
@@ -5945,7 +4713,7 @@ results = {
                   17
                 ],
                 "svc_name": "VPN --- OS X",
-                "svc_uid": "svc_uid"
+                "svc_uid": "7889F07C092E5BB96A66B39A1E88630C"
               }
             ],
             "desc": null,
@@ -5960,7 +4728,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 4,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "16357E1D092E5BB95B84BECA70D06182"
           },
           {
             "action": "ALLOW",
@@ -5988,7 +4756,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 4,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "C0AFE420092E5BB91A59800472B588D8"
           },
           {
             "action": "ALLOW",
@@ -6046,7 +4814,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 4,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "8A7C6BF0092E5BB97C19F9DF273312A7"
           },
           {
             "action": "BLOCK",
@@ -6062,8 +4830,8 @@ results = {
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "239.255.255.255",
+                  "ip_start": "224.0.0.0"
                 },
                 "location": "LOCAL"
               }
@@ -6077,7 +4845,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 1,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "884D30DA092E5BB930DC6EBC4A3E9B5B"
           },
           {
             "action": "ALLOW",
@@ -6111,7 +4879,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "5D857B08092E5BB9744D3BD774298986"
           },
           {
             "action": "ALLOW",
@@ -6159,7 +4927,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "711DC180092E5BB959A6ACFC5861CEAB"
           },
           {
             "action": "ALLOW",
@@ -6193,7 +4961,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "63475044092E5BB970FE9EACAB21EFB1"
           },
           {
             "action": "ALLOW",
@@ -6227,7 +4995,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "109E0CD9092E5BB9566624F7E9BF266F"
           },
           {
             "action": "ALLOW",
@@ -6254,43 +5022,43 @@ results = {
             "hosts": [
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "10.255.255.255",
+                  "ip_start": "10.0.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "172.31.255.255",
+                  "ip_start": "172.16.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "192.168.255.255",
+                  "ip_start": "192.168.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "169.254.255.255",
+                  "ip_start": "169.254.0.0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                  "ip_start": "fc00::0"
                 },
                 "location": "REMOTE"
               },
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff",
+                  "ip_start": "fe80::0"
                 },
                 "location": "REMOTE"
               }
@@ -6304,7 +5072,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "2F96536A092E5BB900FBB64BA54B9C2B"
           },
           {
             "action": "ALLOW",
@@ -6352,7 +5120,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "E3F78964092E5BB92FE6B57EC76E8C07"
           },
           {
             "action": "BLOCK",
@@ -6377,7 +5145,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 1,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "45488FD5092E5BB9045BBC3330D499EA"
           }
         ],
         "dos": false,
@@ -6420,7 +5188,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "A7132944092E5BB91799542349877DC4"
           },
           {
             "action": "ALLOW",
@@ -6495,7 +5263,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "438C14D8092E5BB93B8797FC3D2836C4"
           },
           {
             "action": "ALLOW",
@@ -6522,8 +5290,8 @@ results = {
             "hosts": [
               {
                 "ip_range": {
-                  "ip_end": "ip_end",
-                  "ip_start": "ip_start"
+                  "ip_end": "239.255.255.255",
+                  "ip_start": "224.0.0.0"
                 },
                 "location": "DST"
               },
@@ -6541,7 +5309,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "AB6FDFDC092E5BB9493E327E03CFE785"
           },
           {
             "action": "BLOCK",
@@ -6575,7 +5343,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "6EBCC33E092E5BB968E1C4FF9C750796"
           },
           {
             "action": "ALLOW",
@@ -6623,7 +5391,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "7212F8B4092E5BB9415DE41EB43D4459"
           },
           {
             "action": "ALLOW",
@@ -6657,7 +5425,7 @@ results = {
             "screen_saver": "ANY",
             "severity": 3,
             "time_slots": null,
-            "uid": "uid"
+            "uid": "94238995092E5BB9278B654265950A7E"
           }
         ],
         "ignore_parent_rules": null,
@@ -6686,21 +5454,135 @@ results = {
       "windows_firewall": "DISABLE_ONCE",
       "windows_firewall_notification": false
     },
-    "desc": "Test Firewall",
+    "desc": "Created automatically during product installation.",
     "enabled": true,
-    "lastmodifiedtime": 1671002675007,
-    "name": "Test Firewall",
+    "lastmodifiedtime": 1719408684497,
+    "name": "Firewall policy",
     "sources": null
   },
   "inputs": {
-    "sep_firewall_id": "sep_firewall_id"
+    "sep_firewall_id": "7231E523092E5BB93F329A371754A877"
+  },
+  "metrics": {
+    "execution_time_ms": 1791,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-10 10:46:04",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sep_firewall_id = playbook.inputs.sep_firewall_id
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+from json import dumps
+results = playbook.functions.results.get_firewall_policy_results
+
+if not results.get("success"):
+  incident.addNote(f"SEP Firewall Policy {playbook.inputs.sep_firewall_id} error. Reason: {results.get('reason')}")
+else:
+  incident.addNote(f"SEP Firewall Policy: {playbook.inputs.sep_firewall_id}\n\n{dumps(results.get('content'), indent=4)}")
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Get Groups
+Get properties of all groups in a domain.
+
+ ![screenshot: fn-sep---get-groups ](./doc/screenshots/fn-sep---get-groups.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_domain` | `text` | No | `-` | The SEPM domain. |
+| `sep_fullpathname` | `text` | No | `-` | The full path name of the group. |
+| `sep_mode` | `text` | No | `-` | The presentation mode for the results, as a list (default) or as a tree. |
+| `sep_order` | `text` | No | `-` | Specifies whether the results are in ascending order (ASC) or descending order (DESC). |
+| `sep_pageindex` | `number` | No | `-` | The index page that is used for the returned results. The default page index is 1. |
+| `sep_pagesize` | `number` | No | `-` | The number of results to include on each page. The default is 20. |
+| `sep_sort` | `text` | No | `-` | The column by which the results are sorted. Possible values are COMPUTER_NAME (Default value), COMPUTER_ID, COMPUTER_DOMAIN_NAME, or DOMAIN_ID. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "content": [
+      {
+        "created": 1719408628197,
+        "createdBy": "AF3C39A10A320801000000DBF200C60A                                                                                                ",
+        "customIpsNumber": "",
+        "description": "",
+        "domain": {
+          "id": "6E70F043092E5BB93F74FD57C083F99E",
+          "name": null
+        },
+        "fullPathName": "My Company\\Default Group",
+        "id": "23899461092E5BB937223FCF3A0605E3",
+        "lastModified": 1719408628197,
+        "name": "Default Group",
+        "numberOfPhysicalComputers": 1,
+        "numberOfRegisteredUsers": 1,
+        "policyDate": 1720506552652,
+        "policyInheritanceEnabled": true,
+        "policySerialNumber": "2389-07/09/2024 06:29:12 652"
+      }
+    ],
+    "firstPage": true,
+    "lastPage": true,
+    "number": 0,
+    "numberOfElements": 1,
+    "size": 25,
+    "sort": [
+      {
+        "ascending": true,
+        "direction": "ASC",
+        "property": "NAME"
+      }
+    ],
+    "totalElements": 1,
+    "totalPages": 1
+  },
+  "inputs": {
+    "sep_domain": "6E70F043092E5BB93F74FD57C083F99E",
+    "sep_fullpathname": "My Company\\Default Group"
   },
   "metrics": {
-    "execution_time_ms": 3004,
-    "host": "host",
+    "execution_time_ms": 1180,
+    "host": "local",
     "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-05 10:28:02",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-18 10:48:52",
     "version": "1.0"
   },
   "raw": null,
@@ -6713,19 +5595,71 @@ results = {
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_firewall_id": </summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
-Value of `sep_firewall_id` field can be refered from [Function - SEP: Get Policy Summary](#function---sep-get-policy-summary) function's output. <br>
-Ex. `id` attribute from following path `content-->content-->id` where `"name": "Firewall policy"`.
+```python
+domain_content = playbook.functions.results.get_domains_results.get("content", [])
+
+for i in range(len(domain_content)):
+  if domain_content[i]["name"] ==  playbook.inputs.sep_domain_name:
+    inputs.sep_domain = domain_content[i]["id"]
+    break
+```
 
 </p>
 </details>
 
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+## Symantec Endpoint Protection - fn_sep_get_groups script ##
+# Globals
+FN_NAME = "fn_symc_sep_get_groups"
+WF_NAME = "Get Groups information"
+results = playbook.functions.results.get_groups_results
+C_OUTER = results.get("content", {})
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
+DOMAIN_NAME = playbook.inputs.sep_domain_name
+
+# Processing
+note_text = ''
+if C_OUTER is not None:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere were <b>{1}</b> results returned for domain " \
+              "<b>{2}</b> for SOAR function <b>{3}</b>"\
+      .format(WF_NAME, results.get("content", {}).get("numberOfElements"), DOMAIN_NAME, FN_NAME)
+  groups = C_OUTER.get("content")
+  for i in range(len(groups)):
+    newrow = incident.addRow("sep_groups")
+    newrow["query_execution_date"] = QUERY_EXECUTION_DATE
+    newrow["group_name"] = groups[i].get("name")
+    newrow["group_id"] = groups[i].get("id")
+    newrow["group_description"] = groups[i].get("description")
+    newrow["fullPathName"] = groups[i].get("fullPathName")
+    newrow["numberOfPhysicalComputers"] = groups[i].get("numberOfPhysicalComputers")
+    newrow["policyInheritanceEnabled"] = groups[i].get("policyInheritanceEnabled")
+
+    domain = groups[i].get("domain")
+    if domain:
+      newrow["domain_name"] = domain.get("name")
+      newrow["domain_id"] = domain.get("id")
+
+else:
+  note_text += "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere were <b>no</b> results returned for domain " \
+               "<b>{1}</b>for SOAR function <b>{2}</b>".format(WF_NAME, DOMAIN_NAME, FN_NAME)
+
+incident.addNote(helper.createRichText(note_text))
+```
+
+</p>
+</details>
 
 ---
-## Function - SEP: Get Policy Summary
-Get the policy summary for specified policy type. Also gets the list of groups to which the policies are assigned.
+## Function - SEP - Get Policy Summary
+Get the summary information for policies within a specific Domain. Also gets the list of groups to which the policies are assigned.
+
+ ![screenshot: fn-sep---get-policy-summary ](./doc/screenshots/fn-sep---get-policy-summary.png)
 
 <details><summary>Inputs:</summary>
 <p>
@@ -6750,18 +5684,18 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": false,
-        "id": "id",
-        "lastmodifiedtime": 1670774922808,
+        "id": "3418C720092E5BB96B7E42AD3BE5D55F",
+        "lastmodifiedtime": 1719408684510,
         "name": "Intensive Protection policy",
         "policytype": "hid",
         "sources": [],
@@ -6771,86 +5705,60 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922808,
+        "id": "523B0176092E5BB97F83814D1657F3A4",
+        "lastmodifiedtime": 1720451135816,
         "name": "Exceptions policy",
         "policytype": "exceptions",
         "sources": [],
         "subtype": null
       },
-      {
-        "assignedtocloudgroups": null,
-        "assignedtolocations": null,
-        "desc": "test",
-        "domainid": "domainid",
-        "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1671002049331,
-        "name": "Test",
-        "policytype": "exceptions",
-        "sources": [],
-        "subtype": null
-      },
       {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922777,
+        "id": "F12FDA6C092E5BB951DF7579239EF18B",
+        "lastmodifiedtime": 1719408684432,
         "name": "Memory Exploit Mitigation policy",
         "policytype": "mem",
         "sources": [],
         "subtype": null
       },
-      {
-        "assignedtocloudgroups": null,
-        "assignedtolocations": null,
-        "desc": "",
-        "domainid": "domainid",
-        "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1671003757070,
-        "name": "Test MEM",
-        "policytype": "mem",
-        "sources": [],
-        "subtype": null
-      },
       {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922777,
+        "id": "4E48B231092E5BB94B04E043AC98C412",
+        "lastmodifiedtime": 1719408684432,
         "name": "Web and Cloud Access Protection policy",
         "policytype": "ntr",
         "sources": [],
@@ -6860,18 +5768,18 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Recommended policy for most environments, providing a good balance between security and performance. Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922824,
+        "id": "39A014CA092E5BB96712B9382E078D95",
+        "lastmodifiedtime": 1719408684535,
         "name": "Virus and Spyware Protection policy - Balanced",
         "policytype": "av",
         "sources": [],
@@ -6881,10 +5789,10 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": null,
         "desc": "High security policy that may affect the performance of other applications. Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922840,
+        "id": "0C512A3A092E5BB947C433BCF26DEA2E",
+        "lastmodifiedtime": 1719408684567,
         "name": "Virus and Spyware Protection policy - High Security",
         "policytype": "av",
         "sources": [],
@@ -6894,10 +5802,10 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": null,
         "desc": "Higher performance policy, but with reduced security. Relies on Auto-Protect scanning of files with selected extensions for most detections. One monthly scheduled scan and no email scanning. Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922840,
+        "id": "1FF0FECA092E5BB95E6EFB78588BD500",
+        "lastmodifiedtime": 1719408684587,
         "name": "Virus and Spyware Protection policy - High Performance",
         "policytype": "av",
         "sources": [],
@@ -6907,18 +5815,18 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922808,
+        "id": "7231E523092E5BB93F329A371754A877",
+        "lastmodifiedtime": 1719408684497,
         "name": "Firewall policy",
         "policytype": "fw",
         "sources": [],
@@ -6928,44 +5836,31 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": null,
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922808,
+        "id": "F23A143E092E5BB9729D4A06F126B084",
+        "lastmodifiedtime": 1719408684497,
         "name": "Quarantine Firewall policy",
         "policytype": "fw",
         "sources": [],
         "subtype": null
       },
-      {
-        "assignedtocloudgroups": null,
-        "assignedtolocations": null,
-        "desc": "Test Firewall",
-        "domainid": "domainid",
-        "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1671002675007,
-        "name": "Test Firewall",
-        "policytype": "fw",
-        "sources": [],
-        "subtype": null
-      },
       {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922777,
+        "id": "79B840A5092E5BB915D114AB2C0EA950",
+        "lastmodifiedtime": 1719408684432,
         "name": "Intrusion Prevention policy",
         "policytype": "ips",
         "sources": [],
@@ -6975,10 +5870,10 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": null,
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922855,
+        "id": "52AD1F3F092E5BB927116FA915BBBDBF",
+        "lastmodifiedtime": 1719408684638,
         "name": "LiveUpdate Content policy",
         "policytype": "lucontent",
         "sources": null,
@@ -6988,78 +5883,52 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922855,
+        "id": "ECD7CDCD092E5BB93DE49DE84E475BFA",
+        "lastmodifiedtime": 1719408684636,
         "name": "LiveUpdate Settings policy",
         "policytype": "lu",
         "sources": [],
         "subtype": null
       },
-      {
-        "assignedtocloudgroups": null,
-        "assignedtolocations": null,
-        "desc": "",
-        "domainid": "domainid",
-        "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1671003711900,
-        "name": "Test LiveUpdate",
-        "policytype": "lu",
-        "sources": [],
-        "subtype": null
-      },
       {
         "assignedtocloudgroups": null,
         "assignedtolocations": null,
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922808,
+        "id": "523E53EC092E5BB90A16A700DAEEBE85",
+        "lastmodifiedtime": 1719408684510,
         "name": "Host Integrity policy",
         "policytype": "hi",
         "sources": [],
         "subtype": null
       },
-      {
-        "assignedtocloudgroups": null,
-        "assignedtolocations": null,
-        "desc": "HID/HI",
-        "domainid": "domainid",
-        "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1671003318142,
-        "name": "Test Integrity",
-        "policytype": "hi",
-        "sources": [],
-        "subtype": null
-      },
       {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": true,
-        "id": "id",
-        "lastmodifiedtime": 1670774922824,
+        "id": "4793B972092E5BB92E3450AD7023CD88",
+        "lastmodifiedtime": 1719408684510,
         "name": "Application and Device Control policy",
         "policytype": "adc",
         "sources": [],
@@ -7069,18 +5938,18 @@ results = {
         "assignedtocloudgroups": null,
         "assignedtolocations": [
           {
-            "defaultLocationId": "defaultLocationId",
-            "groupId": "groupId",
+            "defaultLocationId": "8E451D96092E5BB94D06F6F216972F1C",
+            "groupId": "52BBA2A9092E5BB94DC766C08B9D6354",
             "locationIds": [
-              "locationIds"
+              "8E451D96092E5BB94D06F6F216972F1C"
             ]
           }
         ],
         "desc": "Created automatically during product installation.",
-        "domainid": "domainid",
+        "domainid": "6E70F043092E5BB93F74FD57C083F99E",
         "enabled": false,
-        "id": "id",
-        "lastmodifiedtime": 1670774922808,
+        "id": "7C1FC997092E5BB90C24C0EA3BA7798A",
+        "lastmodifiedtime": 1719408684497,
         "name": "Client Upgrade policy",
         "policytype": "upgrade",
         "sources": [],
@@ -7090,19 +5959,568 @@ results = {
     "firstPage": true,
     "lastPage": true,
     "number": 0,
-    "numberOfElements": 20,
-    "size": 20,
+    "numberOfElements": 15,
+    "size": 15,
     "sort": null,
-    "totalElements": 20,
+    "totalElements": 15,
     "totalPages": 1
   },
-  "inputs": {},
+  "inputs": {
+    "sep_domainid": "6E70F043092E5BB93F74FD57C083F99E"
+  },
+  "metrics": {
+    "execution_time_ms": 1100,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-10 10:42:05",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sep_domainid = playbook.inputs.sep_domain_id
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+from json import dumps
+results = playbook.functions.results.get_policy_summary_results
+
+if not results.get("success"):
+  incident.addNote(f"SEP Policy Summary for Domain: {playbook.inputs.sep_domain_id} error. Reason: {results.get('reason')}")
+else:
+  incident.addNote(f"Policy Summary for Domain: {playbook.inputs.sep_domain_id}\n\n{dumps(results.get('content'), indent=4)}")
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Move endpoint
+Check for and move an endpoint to a different group.
+
+ ![screenshot: fn-sep---move-endpoint ](./doc/screenshots/fn-sep---move-endpoint.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_groupid` | `text` | No | `-` | Group id on which to run the SEP command. |
+| `sep_hardwarekey` | `text` | No | `-` | Hardware key of SEP computer. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": [
+    {
+      "responseCode": "200",
+      "responseMessage": "OK"
+    }
+  ],
+  "inputs": {
+    "sep_groupid": "23899461092E5BB937223FCF3A0605E3",
+    "sep_hardwarekey": "8DACE2559C1C951E09CC0BF71D973BB7"
+  },
+  "metrics": {
+    "execution_time_ms": 883,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-18 10:48:55",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+content = playbook.functions.results.get_groups_results.get("content", {})
+full_path_name = content.get("content", [])[0].get("fullPathName")
+inputs.sep_hardwarekey = row.hardwareKey
+inputs.sep_groupid = content.get("content", [])[0].get("id")
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+## Symantec Endpoint Protection - fn_sep_move_client script ##
+# List of fields in datatable fn_amp_get_computers script
+FN_NAME = "fn_set_move_client"
+WF_NAME = "Move Endpoint"
+results = playbook.functions.results.move_endpoint_results
+CONTENT = results.get("content", [])
+HW_KEY = results.get("inputs", {}).get("sep_hardwarekey")
+GROUP_ID = results.get("inputs", {}).get("sep_groupid")
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
+
+note_text = ''
+if CONTENT:
+  response_msg = CONTENT[0].get("responseMessage")
+  if response_msg == "OK":
+    oldfullpath = playbook.properties.sep_oldpathname.get("oldPathName")
+    fullpathname = playbook.properties.sep_fullpathname.get("fullPathName")
+    note_text = "Symantec SEP Integration:\nPlaybook: <b>{0}</b>:\nSuccessfully moved computer <b>{1}</b> " \
+               "from group <b>{2}</b> to group <b>{3}</b> for SOAR function <b>{4}</b>."\
+        .format(WF_NAME, row.computerName, oldfullpath, fullpathname, FN_NAME)
+    row.group_id = GROUP_ID
+    if fullpathname:
+      row.group_name = fullpathname
+  else:
+    note_text = "Symantec SEP Integration:\nPlaybook: <b>{0}</b>:\nUnsuccessful move of computer <b>{1}</b> " \
+               "to group with id <b>{2}</b>. Received response <b>{3}</b> for SOAR function <b>{4}</b>."\
+        .format(WF_NAME, row.computerName, GROUP_ID, response_msg, FN_NAME)
+else:
+  noteText = "Symantec SEP Integration:\nPlaybook: <b>{0}</b>:\nMove unsuccessful for computer with hardware id <b>{1}</b> " \
+             "to group with id <b>{2}</b> for SOAR function <b>{3}</b>."\
+      .format(WF_NAME, HW_KEY, GROUP_ID, FN_NAME)
+
+incident.addNote(helper.createRichText(note_text))
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Quarantine Endpoints
+Quarantine/un-quarantine Symantec Endpoint Protection endpoints. The function will add or remove endpoints to or from network quarantine.
+
+ ![screenshot: fn-sep---quarantine-endpoints ](./doc/screenshots/fn-sep---quarantine-endpoints.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_computer_ids` | `text` | No | `-` | The list of computer ids on which to run the SEP command. |
+| `sep_group_ids` | `text` | No | `-` | The list of groups on which to run the SEP command. |
+| `sep_hardwarekey` | `text` | No | `-` | Hardware key of SEP computer. |
+| `sep_undo` | `boolean` | No | `-` | Boolean value, if set to true, will undo operation. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "commandID_computer": "1CA9D4F37DD94CA88A9D93D09402E3D3",
+    "commandID_group": "89637CF1D7204D028522C81C4389301B"
+  },
+  "inputs": {
+    "sep_computer_ids": "01ECF4E8092E5BB91E4D52E45C3ABE4D",
+    "sep_group_ids": "E5E684A6092E5BB90F46E84BB6F35BBC",
+    "sep_hardwarekey": "8DACE2559C1C951E09CC0BF71D973BB7",
+    "sep_undo": false
+  },
+  "metrics": {
+    "execution_time_ms": 1016,
+    "host": "my.app.host",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-08-21 08:40:30",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sep_computer_ids = row.uniqueId
+inputs.sep_group_ids = row.group_id
+inputs.sep_hardwarekey = row.hardwareKey
+
+# un-quarantine the endpoint
+inputs.sep_undo = True
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+## Symantec Endpoint Protection - fn_sep_quarantine_endpoints script ##
+# Globals
+# List of fields in datatable fn_sep_quarantine_endpoints script
+DATA_TBL_FIELDS = ["quarantine_commandid"]
+fn_name = "fn_sep_quarantine_endpoints"
+wf_name = "Quarantine Endpoint"
+# Processing
+results = playbook.functions.results.quarantine_ep_results
+content = results.get("content", {})
+inputs = results.get("inputs", {})
+query_execution_date = results.get("metrics", {}).get("timestamp")
+
+if content:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nExecuted with command id <b>{1}</b> for endpoint " \
+              "<b>{2}</b> for SOAR function <b>{3}</b>"\
+      .format(wf_name, content.get("commandID_computer"), row.computerName, fn_name)
+  row.query_execution_date = query_execution_date
+  row.quarantine_commandid = content.get("commandID_computer")
+else:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere was <b>no</b> results returned for SOAR function <b>{1}</b>" \
+               .format(wf_name, fn_name)
+
+incident.addNote(helper.createRichText(note_text))
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Scan Endpoints
+Initiates an Evidence of Compromise (EOC) scan  of an artifact value  against  a list of endpoints or groups. The function can also be used to complete a remediation (quarantine) scan action  for hash value (MD5, SHA1 or SHA256).
+
+ ![screenshot: fn-sep---scan-endpoints ](./doc/screenshots/fn-sep---scan-endpoints.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_computer_ids` | `text` | No | `-` | The list of computer ids on which to run the SEP command. |
+| `sep_description` | `text` | No | `-` | The SEP object (e.g. scan) description. |
+| `sep_file_path` | `text` | No | `-` | The file path of the suspect file. |
+| `sep_group_ids` | `text` | No | `-` | The list of groups on which to run the SEP command. |
+| `sep_md5` | `text` | No | `-` | The MD5 hash value of the suspicious file. |
+| `sep_scan_action` | `select` | No | `-` | Action to be performed during a scan. |
+| `sep_scan_type` | `select` | No | `-` | The SEP eoc scan type. Possible values are:  FULL_SCAN and QUICK_SCAN. |
+| `sep_sha1` | `text` | No | `-` | The SHA1 hash value of the suspicious file. |
+| `sep_sha256` | `text` | No | `-` | The SHA256 hash value of the suspicious file. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "commandID_computer": "A0B9FC7873584EEAA44E1C3F78882D28"
+  },
+  "inputs": {
+    "sep_computer_ids": "01ECF4E8092E5BB91E4D52E45C3ABE4D",
+    "sep_description": "Scan eoc for suspicious hash of type Malware SHA-256 Hash and value 1ac32478198ae72153801c58d2e437f27827f434fd810ae8d6ec6bc8f54350fb in the SEP environment.",
+    "sep_file_path": null,
+    "sep_md5": null,
+    "sep_scan_action": null,
+    "sep_scan_type": "QUICK_SCAN",
+    "sep_sha1": null,
+    "sep_sha256": "1ac32478198ae72153801c58d2e437f27827f434fd810ae8d6ec6bc8f54350fb"
+  },
   "metrics": {
-    "execution_time_ms": 2390,
-    "host": "host",
+    "execution_time_ms": 1002,
+    "host": "my.app.host",
     "package": "fn-sep",
-    "package_version": "1.0.1",
-    "timestamp": "2023-01-05 10:21:01",
+    "package_version": "1.2.0",
+    "timestamp": "2024-08-16 08:46:57",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+
+GET_COMPUTERS_CONTENT = playbook.functions.results.get_computers_results.get("content", {})
+ARTIFACT_TYPE = artifact.type
+ARTIFACT_VALUE = artifact.value
+ARTIFACT_DESCRIPTION = artifact.description
+ARTIFACT_TYPE_TO_ROW = {
+  "File Name": "file_name",
+  "File Path": "file_path",
+  "Malware MD5 Hash": "md5",
+  "Malware SHA-1 Hash": "sha1",
+  "Malware SHA-256 Hash": "sha256"
+}
+ARTIFACT_TYPES = ['file_name', 'file_path', 'md5', 'sha1', 'sha256']
+COMPUTER_IDS = []
+
+def set_inputs(fn, fp, md5, sha1, sha256):
+  global COMPUTER_IDS
+  inputs.sep_file_path = fn if fp is None else fp
+  inputs.sep_md5 = md5
+  inputs.sep_sha1 = sha1
+  inputs.sep_sha256 = sha256
+  inputs.sep_computer_ids = ','.join(COMPUTER_IDS)
+  inputs.sep_scan_type = playbook.inputs.sep_scan_type
+  inputs.sep_scan_action = None
+  if ARTIFACT_DESCRIPTION:
+    inputs.sep_description = "Scan eoc for {0}".format(ARTIFACT_DESCRIPTION.get("content"))
+  else:
+    inputs.sep_description = "Scan eoc for suspicious hash of type {0} and value {1} in the SEP environment.".format(ARTIFACT_TYPE, ARTIFACT_VALUE)
+
+# Get computers to run scan against from previous step.
+if GET_COMPUTERS_CONTENT and GET_COMPUTERS_CONTENT.get("endpoints_matching_ids"):
+  COMPUTER_IDS = GET_COMPUTERS_CONTENT.get("endpoints_matching_ids")
+# Assign values to correct row based on artifact type
+types = [None if t not in ARTIFACT_TYPE_TO_ROW.get(ARTIFACT_TYPE) else ARTIFACT_VALUE for t in ARTIFACT_TYPES]
+set_inputs(*types)
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+## Symantec Endpoint Protection - fn_sep_upload_file_to_sepm script ##
+# List of fields in datatable fn_sep_get_command_status script
+DATA_TBL_FIELDS = ["scan_commandID"]
+FN_NAME = "fn_sep_scan_endpoints"
+WF_NAME = "Initiate EOC Scan for Artifact"
+
+results = playbook.functions.results.scan_eoc_results
+CONTENT = results.get("content", {})
+INPUTS = results.get("inputs", {})
+QUERY_EXECUTION_DATE = results.get("metrics", {}).get("timestamp")
+note_text = ''
+
+if CONTENT:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nReturned command id <b>{1}</b> for a <b>{2}</b> " \
+              "scan on artifact <b>{3}</b> for SOAR function <b>{4}</b>"\
+      .format(WF_NAME, CONTENT.get("commandID_computer"), INPUTS.get("sep_scan_type"), artifact.value, FN_NAME)
+else:
+  note_text = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere was <b>no</b> command id returned for a " \
+              "<b>{1}</b> scan on artifact <b>{2}</b> for SOAR function <b>{3}</b>"\
+      .format(WF_NAME, INPUTS.get("sep_scan_type"), INPUTS.get("sep_file_path"), artifact.value, FN_NAME)
+
+incident.addNote(helper.createRichText(note_text))
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Update Fingerprint List
+Updates an existing fingerprint list with a set of hash values. 
+Note: Currently supports MD5 and SHA256 hash type.
+
+ ![screenshot: fn-sep---update-fingerprint-list ](./doc/screenshots/fn-sep---update-fingerprint-list.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_description` | `text` | No | `-` | The SEP object (e.g. scan) description. |
+| `sep_domainid` | `text` | No | `-` | The SEPM domain id. |
+| `sep_fingerprintlist_id` | `text` | No | `-` | Id of SEP fingerprint list |
+| `sep_fingerprintlist_name` | `text` | No | `-` | Name of a SEP fingerprint list. |
+| `sep_hash_value` | `text` | No | `-` | The hash value. Can be MD5 or SHA256 hash value. |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": "",
+  "inputs": {
+    "sep_description": "Fingerprint list \u0027Blacklist\u0027",
+    "sep_domainid": "6E70F043092E5BB93F74FD57C083F99E",
+    "sep_fingerprintlist_content": "[{\u0027SHA256\u0027: \u00279a4e26d0c4ab855d5346bae28272bbeeb1ab713b29a4aab030770655f05acc25\u0027}, {\u0027MD5\u0027: \u0027FF8C053969C0A52FF267D25138C71553\u0027, \u0027SHA256\u0027: \u002702E188239C4A7761C2F4C63964B6A754E15A388980F4050AC8C327D1FA30255F\u0027}, {\u0027MD5\u0027: \u0027FF8D7335A370D17A1379A949AF595F78\u0027, \u0027SHA256\u0027: \u00276E46434DACCDED82FA235FA14A019C20CF3AAFDAAB3F8EB81EBD0195C8F1D909\u0027}, {\u0027MD5\u0027: \u0027FF8D847F4173DBFCAF0A25C6C17C7B99\u0027, \u0027SHA256\u0027: \u0027BC56124B126D2A2F468125C38789FF19C9655FDD3A84990A1B90E2F91BCA1FD9\u0027}, {\u0027MD5\u0027: \u0027FF8F37FECFB4F7A56531E413883E03F5\u0027, \u0027SHA256\u0027: \u0027AD49D17F25670CF54B14DC7FE3EC086D9FCB92DEB4375B598AB95ECCD676CDBC\u0027}, {\u0027MD5\u0027: \u0027FF8FFEA7310D9A4A642CC8018227B91B\u0027, \u0027SHA256\u0027: \u0027924D3456B5D72F6792CAE92895CFA9C0FEBA74616D92C8CD63639F77646B6B05\u0027}, {\u0027MD5\u0027: \u0027FF9171426D5A9490D548B08A5CA9C805\u0027, \u0027SHA256\u0027: \u00271F83EF7D0548828F101A6C760F1D208E2B220186ED71E38942D6CF6EF95FF756\u0027}, {\u0027MD5\u0027: \u0027FF91FA115BA27CD56716623DC6933946\u0027, \u0027SHA256\u0027: \u002705C2FB7565D2953D46E458D96000CD589AC14C4E4C33E718E38BE4739A9F7504\u0027}, {\u0027MD5\u0027: \u0027FF92B0EA7579E691C1FF669FAB5AC186\u0027, \u0027SHA256\u0027: \u0027048E17562A6C601D3EAFF05FF62318944C9E7083825F587AD0F5C1C2C26CBD71\u0027}, {\u0027MD5\u0027: \u0027FF93C7959F24921381B8338686B0509C\u0027, \u0027SHA256\u0027: \u00272C6DCF143C41A5780DD24B48CA08EFC96595D86F4DB1FCD10D59E28EC1DBB0E2\u0027}, {\u0027MD5\u0027: \u0027FF95B2B128EB6B0BDDDF39CD05C78A0F\u0027, \u0027SHA256\u0027: \u0027DF1AE05C349A5C4E9D3187D0D85BD6172FB131BD5B826A1FFC947DB9A09F3DCF\u0027}, {\u0027MD5\u0027: \u0027FF9932C30F72B19E57D9B07F230487E7\u0027, \u0027SHA256\u0027: \u0027FBD7F130718C6A73E0AFD15D1F8D843426604A866EC63624357F8A952B484AD1\u0027}, {\u0027MD5\u0027: \u0027FF995A3411623293F7E3FD72143D04AB\u0027, \u0027SHA256\u0027: \u0027ACEA65301D759F922BDB1AB8DD52B57828FF4D64106A93C3EEAF89553466EA58\u0027}, {\u0027MD5\u0027: \u0027FF9CD8F4947AD1474D29187220BC3972\u0027, \u0027SHA256\u0027: \u0027AE17F31CBEEC0471392A42E85CB8B258351351212AB028C0B6B5C101C76083D9\u0027}, {\u0027MD5\u0027: \u0027FF9CF495023DD6D5BCE4187214B1469B\u0027, \u0027SHA256\u0027: \u00278D9FE0851D4D35D312F35E83618F63DFCBB4A045B5348468E04AE3CA61782F74\u0027}, {\u0027MD5\u0027: \u0027FF9D51FB459CF535F33003FABB0E7FD9\u0027, \u0027SHA256\u0027: \u00276D36FEB1167103BFE37251D1B049C449466A21590710F1E7F20C9B0C69511F7B\u0027}, {\u0027MD5\u0027: \u0027FF9E058DAC27FCC739884D3DBE43D81F\u0027, \u0027SHA256\u0027: \u00278C6A42FC8D9262A7E84C39566AB25931FBD77A7F9B5F1806DB69B297ADC87F3C\u0027}, {\u0027MD5\u0027: \u0027FF9E1E7E499D8C6336FA697C7142FA0C\u0027, \u0027SHA256\u0027: \u0027FD8862560FFA44B8177F1B1E053C1E820F2E19636F28E75A9AC427DBA0E15534\u0027}, {\u0027MD5\u0027: \u0027FF9E62ECB2BFD5B9CA608A40A96DEB04\u0027, \u0027SHA256\u0027: \u002795A9CB94CCB3F30029E1C977B63A845FE129C02E6CAF26AD234AB66AA9AF1C6C\u0027}, {\u0027MD5\u0027: \u0027FFA44FD7FEDA32632E8CE84AD0F9101B\u0027, \u0027SHA256\u0027: \u00272A0746A7876C1A430F9C9A5BE4BE28CAA2FF4F73477651AE5CC74462278F333B\u0027}, {\u0027MD5\u0027: \u0027FFA6335553397F28CA47ADC34343CA62\u0027, \u0027SHA256\u0027: \u00270D43D4D40C9854EB158DDE164699D02F47B21D68CEACAFEB2F469587B861C356\u0027}]",
+    "sep_fingerprintlist_id": "C5C4CAC9092E5BB9315A5137B5B8DC8B",
+    "sep_fingerprintlist_name": "Blacklist",
+    "sep_hash_value": "0b9e4cb2af3dd1686accf0c469ce7b60"
+  },
+  "metrics": {
+    "execution_time_ms": 1685,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-11 10:29:26",
+    "version": "1.0"
+  },
+  "raw": "\"\"",
+  "reason": null,
+  "success": true,
+  "version": "1.0"
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+domain_content = playbook.functions.results.get_domains_results.get("content", [])
+fpl_content = playbook.functions.results.get_fingerprintlist_results.get("content", {})
+fpl_data = fpl_content.get("data", []).copy()
+
+for i in range(len(domain_content)):
+  if domain_content[i].get("name") == playbook.inputs.sep_domain_name:
+    inputs.sep_domainid = domain_content[i].get("id")
+    break
+
+if fpl_content.get("name") == playbook.inputs.sep_fingerprintlist_name:
+  inputs.sep_fingerprintlist_id = fpl_content.get("id")
+  inputs.sep_fingerprintlist_name = playbook.inputs.sep_fingerprintlist_name
+
+  if fpl_data:
+    # If the fingerprintlist a list of dictionaries, then it is using the new format.
+    if isinstance(fpl_data[0], dict):
+      # Get hash type
+      hash_type = "MD5"
+      if artifact.type == "Malware SHA-256 Hash":
+        hash_type = "SHA256"
+
+      fpl_data.append({hash_type: artifact.value})
+      inputs.sep_hash_value = str(fpl_data)
+    else:
+      inputs.sep_hash_value = artifact.value + ',' + ','.join(fpl_data)
+
+inputs.sep_description = f"Fingerprint list '{playbook.inputs.sep_fingerprintlist_name}'"
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+## Symantec Endpoint Protection - fn_sep_update_fingerprint_list script ##
+FN_NAME = "fn_sep_update_fingerprint_list"
+WF_NAME = "Add Hash to Fingerprint List"
+results = playbook.functions.results.update_fingerprintlist_results
+INPUTS = results.get("inputs")
+note_text = None
+hash_type = "MD5"
+if artifact.type == "Malware SHA-256 Hash":
+  hash_type = "SHA256"
+
+if results.get("success"):
+  # If we got here we assume we are successful, no status message is returned by api.
+  note_text = f"Symantec SEP Integration:\nPlaybook: <b>{WF_NAME}</b>\nSuccessfully added {hash_type} hash <b>{artifact.value}</b> to fingerprint " \
+              f"list <b>{INPUTS.get('sep_fingerprintlist_name')}</b> for SOAR function <b>{FN_NAME}</b>"
+
+else:
+  note_text = f"Symantec SEP Integration:\nPlaybook: <b>{WF_NAME}</b>\nFailed with reason: {results.get('reason')}"
+
+incident.addNote(helper.createRichText(note_text))
+```
+
+</p>
+</details>
+
+---
+## Function - SEP - Upload File to SEPM
+Upload a file from an endpoint back to the SEPM server.  
+Note: Only supports executable file types such as binary executable (.exe), batch (.bat), Windows installer package (.msi) etc. File source can be FILESYTEM, QUARANTINE or BOTH
+
+ ![screenshot: fn-sep---upload-file-to-sepm ](./doc/screenshots/fn-sep---upload-file-to-sepm.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sep_computer_ids` | `text` | No | `-` | The list of computer ids on which to run the SEP command. |
+| `sep_file_path` | `text` | No | `-` | The file path of the suspect file. |
+| `sep_md5` | `text` | No | `-` | The MD5 hash value of the suspicious file. |
+| `sep_sha1` | `text` | No | `-` | The SHA1 hash value of the suspicious file. |
+| `sep_sha256` | `text` | No | `-` | The SHA256 hash value of the suspicious file. |
+| `sep_source` | `text` | No | `-` | The file source from where to search for the suspicious file. Possible values are: FILESYSTEM (default), QUARANTINE, or BOTH.  |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "commandID": "C9456A597A0E42A89F243B8A537A056D"
+  },
+  "inputs": {
+    "sep_computer_ids": "01ECF4E8092E5BB91E4D52E45C3ABE4D",
+    "sep_file_path": "C:\\Users\\Administrator\\Desktop\\tesy.txt",
+    "sep_md5": "44d88612fea8a8f36de82e1278abb02f",
+    "sep_sha1": null,
+    "sep_sha256": null,
+    "sep_source": "QUARANTINE"
+  },
+  "metrics": {
+    "execution_time_ms": 7428,
+    "host": "local",
+    "package": "fn-sep",
+    "package_version": "1.2.0",
+    "timestamp": "2024-07-29 09:49:39",
     "version": "1.0"
   },
   "raw": null,
@@ -7115,11 +6533,50 @@ results = {
 </p>
 </details>
 
-<details><summary>Steps to Fetch "sep_domainid": </summary>
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sep_computer_ids = row.computer_id
+inputs.sep_file_path = row.file_path
+inputs.sep_source = playbook.inputs.sep_source
+hash_lengths  = [64, 40, 32]
+hvs = [None if h != len(row.hash_value) else row.hash_value for h in hash_lengths]
+inputs.sep_sha256 = hvs[0]
+inputs.sep_sha1 = hvs[1]
+inputs.sep_md5 = hvs[2]
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
-Value of `sep_domainid` field can be refered from [Function - SEP - Get Domains](#function---sep---get-domains) function's output. <br>
-Ex. `id` attribute from following path `content-->id`.
+```python
+## Symantec Endpoint Protection - fn_sep_upload_file_to_sepm script ##
+# Globals
+# List of fields in datatable fn_sep_get_command_status script
+DATA_TBL_FIELDS = ["commandID"]
+fn_name = "fn_sep_upload_file_to_sepm"
+wf_name = "Upload file to SEPM server"
+results = playbook.functions.results.upload_file_results
+content = results.get("content", {})
+inputs = results.get("inputs", {})
+
+# Processing
+if content:
+  noteText = "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nCommand executed with id <b>{1}</b> for artifact with " \
+             "type <b>{2}</b> and value <b>{3}</b> from source <b>{4}</b> for SOAR function <b>{5}</b>"\
+      .format(wf_name, content.get("commandID"), row.artifact_type, row.artifact_value, inputs.get("sep_source"), fn_name)
+  row.upload_commandid = content.get("commandID")
+
+else:
+  noteText += "Symantec SEP Integration:\nPlaybook <b>{0}</b>:\nThere was <b>no</b> results returned for SOAR " \
+              "function <b>{1}</b>".format(wf_name, fn_name)
+
+incident.addNote(helper.createRichText(noteText))
+```
 
 </p>
 </details>
@@ -7127,7 +6584,7 @@ Ex. `id` attribute from following path `content-->id`.
 ---
 
 ## Script - scr_sep_add_artifact_from_scan_results
-Script for Symantec SEP to add a IBM SOAR artifact from a property of the 'Symantec SEP - EOC scan results' data-table.
+Script for Symantec SEP to add a SOAR artifact from a property of the 'Symantec SEP - EOC scan results' data-table.
 The supported artifact types supported are: "File Path", "Malware SHA-256 Hash" and "System Name".
 
 **Object:** sep_eoc_scan_results
@@ -7136,7 +6593,7 @@ The supported artifact types supported are: "File Path", "Malware SHA-256 Hash"
 <p>
 
 ```python
-# Create a Resilient artifact based on a dropdown which selects the corresponding data-table field.
+# Create a SOAR artifact based on a dropdown which selects the corresponding data-table field.
 ARTIFACT_TYPE = rule.properties.sep_artifact_type_scan_results
 FUNCTION_NAME = "fn_sep_scan_endpoints"
 
@@ -7277,8 +6734,62 @@ main()
 
 ---
 
+## Playbooks
+| Playbook Name | Description | Activation Type | Object | Status | Condition | 
+| ------------- | ----------- | --------------- | ------ | ------ | --------- | 
+| SEP: Add Artifact from Scan Result - Example (PB) | add a SOAR artifact from a property of the 'Symantec SEP - EOC scan results' data-table. The supported artifact types supported are: "File Path", "Malware SHA-256 Hash" and "System Name". | Manual | sep_eoc_scan_results | `enabled` | `sep_eoc_scan_results.file_path has_a_value AND sep_eoc_scan_results.computer_name has_a_value AND sep_eoc_scan_results.scan_command_state contains Completed AND sep_eoc_scan_results.hash_value has_a_value AND (sep_eoc_scan_results.scan_result contains Hash match OR sep_eoc_scan_results.scan_result contains Full match)` | 
+| SEP: Add Hash to Blacklist - Example (PB) | Create a new blacklist fingerprint list and add an MD5 hash if the fingerprint list doesn't already exist. Add an MD5 hash to an existing blacklist fingerprint list if it already exists. | Manual | artifact | `enabled` | `artifact.type in ['Malware MD5 Hash', 'Malware SHA-256 Hash']` | 
+| SEP: Assign Blacklist to lockdown group - Example (PB) | Assign a blacklist fingerprint list to a group for system lockdown. | Manual | sep_groups | `enabled` | `sep_groups.group_id has_a_value AND sep_groups.policyInheritanceEnabled equals` | 
+| SEP: Cancel a Command - Example (PB) | Cancel an existing pending command | Manual | incident | `enabled` | `-` | 
+| SEP: Delete Blacklist - Example (PB) | Delete an existing blacklist fingerprint list. Note: Also removes it from any group to which it has been assigned. | Manual | sep_fingerprint_lists | `enabled` | `sep_fingerprint_lists.list_id has_a_value` | 
+| SEP: Delete Hash from Blacklist - Example (PB) | Update a blacklist fingerprint list to remove an MD5 hash. Note: The fingerprint list will be deleted if only a single MD5 hash is remaining in the list. | Manual | artifact | `enabled` | `artifact.type in ['Malware MD5 Hash', 'Malware SHA-256 Hash']` | 
+| SEP: Get Blacklist information - Example (PB) | Get a blacklist fingerprint list information for a specified name. | Manual | incident | `enabled` | `-` | 
+| SEP: Get Critical Events - Example (PB) | Gets information related to critical events. | Manual | incident | `enabled` | `-` | 
+| SEP: Get Endpoint Details - Example (PB) | Get endpoint details for Evidence of Compromise (EOC) data table row "computer_name" value. | Manual | sep_eoc_scan_results | `enabled` | `sep_eoc_scan_results.computer_name has_a_value` | 
+| SEP: Get Endpoint Details for artifact - Example (PB) | Get endpoint details for artifact value. Artifact value will be "DNS name" or "System name" | Manual | artifact | `enabled` | `artifact.type equals DNS Name OR artifact.type equals System Name` | 
+| SEP: Get Endpoints status summary - Example (PB) | Get overall Endpoint status summary. | Manual | incident | `enabled` | `-` | 
+| SEP: Get Endpoints status summary (refresh) - Example (PB) | Get overall Endpoint status summary. | Manual | sep_endpoint_status_summary | `enabled` | `-` | 
+| SEP: Get Exceptions Policy - Example (PB) | Get the exception's policy for the specified policy ID. | Manual | incident | `enabled` | `-` | 
+| SEP: Get File Content as Base64 string - Example (PB) | Get contents of a file uploaded to SEPM server as a Base64 string. | Manual | sep_eoc_scan_results | `enabled` | `sep_eoc_scan_results.file_id has_a_value AND sep_eoc_scan_results.file_upload_status contains Completed AND sep_eoc_scan_results.scan_command_state contains Completed AND sep_eoc_scan_results.scan_commandid has_a_value` | 
+| SEP: Get Firewall Policy - Example (PB) | Get the firewall policy for the specified policy ID. | Manual | incident | `enabled` | `-` | 
+| SEP: Get Groups information - Example (PB) | Get groups information. | Manual | incident | `enabled` | `-` | 
+| SEP: Get Non-Compliant Endpoints status details - Example (PB) | Get further details for Endpoints with non-compliant status. | Manual | sep_endpoint_status_summary | `enabled` | `sep_endpoint_status_summary.non_compliant gt` | 
+| SEP: Get Policy Summary - Example (PB) | Get the summary information for policies within a specific Domain. Also gets the list of groups to which the policies are assigned. | Manual | incident | `enabled` | `-` | 
+| SEP: Get Quarantine status - Example (PB) | Get the status of a Quarantine Endpoint command. | Manual | sep_endpoint_details | `enabled` | `sep_endpoint_details.computerName has_a_value AND sep_endpoint_details.quarantine_commandid has_a_value AND sep_endpoint_details.uniqueId has_a_value` | 
+| SEP: Get Remediation status - Example (PB) | Get the status of a remediation scan command. | Manual | sep_eoc_scan_results | `enabled` | `sep_eoc_scan_results.remediation_status has_a_value AND (sep_eoc_scan_results.remediation_status contains In progress OR sep_eoc_scan_results.remediation_status contains Waiting/Not received OR sep_eoc_scan_results.remediation_status contains Received)` | 
+| SEP: Get Scan results - Example (PB) | Get the results of a scan EOC command. | Manual | sep_eoc_scan_results | `enabled` | `sep_eoc_scan_results.scan_command_state not_contains Completed AND sep_eoc_scan_results.scan_command_state not_contains Timedout AND sep_eoc_scan_results.scan_commandid has_a_value AND (sep_eoc_scan_results.scan_command_state contains In progress OR sep_eoc_scan_results.scan_command_state contains Received OR sep_eoc_scan_results.scan_command_state contains Waiting/Not received)` | 
+| SEP: Get Upload status - Example (PB) | Get the status of an Upload command. | Manual | sep_eoc_scan_results | `enabled` | `sep_eoc_scan_results.file_upload_status contains In progress AND sep_eoc_scan_results.upload_commandid has_a_value` | 
+| SEP: Initiate EOC Scan for Artifact - Example (PB) | Initiate an Evidence of Compromise (EOC) scan on artifacts of type file (name or path) or hash (MD5, SHA1 or SHA256) against all endpoints. Use the returned command ID to get the initial command status and information on any matches for each endpoint. | Manual | artifact | `enabled` | `artifact.type equals File Name OR artifact.type equals File Path OR artifact.type equals Malware MD5 Hash OR artifact.type equals Malware SHA-1 Hash OR artifact.type equals Malware SHA-256 Hash` | 
+| SEP: Move Endpoint - Example (PB) | Move an endpoint to a different group. | Manual | sep_endpoint_details | `enabled` | `sep_endpoint_details.hardwareKey has_a_value AND sep_endpoint_details.uniqueId has_a_value` | 
+| SEP: Quarantine Endpoint - Example (PB) | Quarantine or un-quarantine an endpoint. Add or remove endpoints to or from network quarantine. | Manual | sep_endpoint_details | `enabled` | `sep_endpoint_details.computerName has_a_value AND sep_endpoint_details.endpoint_quarantine_status not_equals Quarantined AND sep_endpoint_details.group_id has_a_value AND sep_endpoint_details.hardwareKey has_a_value AND sep_endpoint_details.quarantine_command_state not_contains In progress AND sep_endpoint_details.uniqueId has_a_value` | 
+| SEP: Remediate Artifact on Endpoint - Example (PB) | Initiate a file quarantine scan on Symantec Endpoint Protection endpoints and get initial command status. A remediation action quarantines all copies of the selected file on the target endpoint(s) by hash value (SHA256, SHA1 or MD5). | Manual | sep_eoc_scan_results | `enabled` | `sep_eoc_scan_results.scan_commandid has_a_value AND sep_eoc_scan_results.scan_command_state contains Completed AND (sep_eoc_scan_results.scan_result contains FULL_MATCH OR sep_eoc_scan_results.scan_result contains HASH_MATCH OR sep_eoc_scan_results.scan_result contains PARTIAL_MATCH) AND sep_eoc_scan_results.remediation_status not_contains Completed AND sep_eoc_scan_results.remediation_status not_contains In progress AND sep_eoc_scan_results.remediation_status not_contains Unexpected status AND sep_eoc_scan_results.remediation_status not_contains No match found AND sep_eoc_scan_results.remediation_status not_contains Failed` | 
+| SEP: Un-Quarantine Endpoint - Example (PB) | Quarantine or un-quarantine an endpoint. Add or remove endpoints to or from network quarantine. | Manual | sep_endpoint_details | `enabled` | `sep_endpoint_details.computerName has_a_value AND sep_endpoint_details.endpoint_quarantine_status equals Quarantined AND sep_endpoint_details.group_id has_a_value AND sep_endpoint_details.hardwareKey has_a_value AND sep_endpoint_details.quarantine_command_state not_contains In progress AND sep_endpoint_details.uniqueId has_a_value` | 
+| SEP: Upload file to SEPM server - Example (PB) | Request a file discovered by an EOC scan be uploaded to the SEPM server. Note: Only supports file executable types such as binary executable (.exe), batch (.bat), Windows installer package (.msi) etc. | Manual | sep_eoc_scan_results | `enabled` | `sep_eoc_scan_results.scan_commandid has_a_value AND sep_eoc_scan_results.scan_command_state contains Completed AND (sep_eoc_scan_results.scan_result contains Full match OR sep_eoc_scan_results.scan_result contains Hash match OR sep_eoc_scan_results.scan_result contains Partial match) AND sep_eoc_scan_results.file_upload_status not_contains In progress AND sep_eoc_scan_results.file_upload_status not_contains Completed` | 
+
+---
+
+## Data Table - Symantec SEP - Critical Events
+
+ ![screenshot: dt-symantec-sep---critical-events](./doc/screenshots/dt-symantec-sep---critical-events.png)
+
+#### API Name:
+sep_critical_events
+
+#### Columns:
+| Column Name | API Access Name | Type | Tooltip |
+| ----------- | --------------- | ---- | ------- |
+| Acknowledged | `acknowledged` | `boolean` | - |
+| Date Added | `date_added` | `datetimepicker` | - |
+| Event Date | `event_date` | `text` | - |
+| Event Id | `event_id` | `text` | - |
+| Message | `message` | `text` | - |
+| Subject | `subject` | `text` | - |
+
+---
 ## Data Table - Symantec SEP - Endpoint details
 
+ ![screenshot: dt-symantec-sep---endpoint-details](./doc/screenshots/dt-symantec-sep---endpoint-details.png)
+
 #### API Name:
 sep_endpoint_details
 
@@ -7287,7 +6798,7 @@ sep_endpoint_details
 | ----------- | --------------- | ---- | ------- |
 | Computer name | `computerName` | `text` | - |
 | Description | `sep_description` | `text` | Description of an endpoint in the SEP environment. |
-| Endpoint quarantine status | `endpoint_quarantine_status` | `textarea` | Quarantine status of an endpoint. Possible statuses are 'Un-Quarantined' and 'Quarantined'. Note: Only applicable for MS Windows endpoints. |
+| Endpoint Quarantine Status | `endpoint_quarantine_status` | `textarea` | Quarantine status of an endpoint. Possible statuses are 'Un-Quarantined' and 'Quarantined'. Note: Only applicable for MS Windows endpoints. |
 | Hardware key | `hardwareKey` | `text` | Hardware Key is the way to identify a client in SEP. |
 | Infected | `infected` | `text` | - |
 | IP addresses | `ipAddresses` | `text` | - |
@@ -7304,6 +6815,8 @@ sep_endpoint_details
 ---
 ## Data Table - Symantec SEP - Endpoint status summary
 
+ ![screenshot: dt-symantec-sep---endpoint-status-summary](./doc/screenshots/dt-symantec-sep---endpoint-status-summary.png)
+
 #### API Name:
 sep_endpoint_status_summary
 
@@ -7322,33 +6835,37 @@ sep_endpoint_status_summary
 ---
 ## Data Table - Symantec SEP - EOC scan results
 
+ ![screenshot: dt-symantec-sep---eoc-scan-results](./doc/screenshots/dt-symantec-sep---eoc-scan-results.png)
+
 #### API Name:
 sep_eoc_scan_results
 
 #### Columns:
 | Column Name | API Access Name | Type | Tooltip |
 | ----------- | --------------- | ---- | ------- |
-| Artifact id | `artifact_id` | `text` | - |
-| Artifact type | `artifact_type` | `text` | - |
-| Artifact value | `artifact_value` | `text` | - |
-| Computer name | `computer_name` | `text` | - |
+| Artifact id | `artifact_id` | `text` | The ID of the artifact |
+| Artifact type | `artifact_type` | `text` | The SOAR artifact type. Either Malware SHA-256 Hash, Malware SHA-1 Hash, Malware MD5 Hash, File Name, or File Path |
+| Artifact value | `artifact_value` | `text` | The value of the SOAR artifact |
+| Computer name | `computer_name` | `text` | Name of the SEP computer |
 | File path | `file_path` | `text` | - |
-| File upload  status | `file_upload_status` | `textarea` | - |
+| File upload  status | `file_upload_status` | `textarea` | The status of the file upload from SEP |
 | Hash value | `hash_value` | `text` | Scan match can return sha-256, sha1 or md5 hash values. |
-| Query execution date | `query_execution_date` | `text` | - |
-| Remediation status | `remediation_status` | `textarea` | - |
+| Query execution date | `query_execution_date` | `text` | Time the Query was executed |
+| Remediation status | `remediation_status` | `textarea` | The remediation status from SEP |
 | Scan command state | `scan_command_state` | `textarea` | This value contains the overall state of the scan command across all target endpoints. Possible values are 'In progress', 'Completed' and 'Timedout''. |
 | Scan Query/Result | `scan_result` | `textarea` | This column is used to signify whether the row is being used to display a query or a query result.  Possible values: 'Query' for a query and 'Full match', 'Partial Match' or 'Hash match' for a match. |
-| SEP computer id | `computer_id` | `text` | - |
-| SEP file id | `file_id` | `text` | - |
-| SEP remediation command id | `remediation_commandid` | `text` | - |
-| SEP scan command id | `scan_commandid` | `text` | - |
+| SEP computer id | `computer_id` | `text` | The SEP computer ID |
+| SEP file id | `file_id` | `text` | The file ID from SEP |
+| SEP remediation command id | `remediation_commandid` | `text` | The remediation command ID from SEP |
+| SEP scan command id | `scan_commandid` | `text` | The scan command ID from SEP |
 | SEP Scan type | `scan_type` | `text` | The SEP eoc scan type.  |
-| SEP upload command id | `upload_commandid` | `text` | - |
+| SEP upload command id | `upload_commandid` | `text` | The upload command ID from SEP |
 
 ---
 ## Data Table - Symantec SEP - Fingerprint lists
 
+ ![screenshot: dt-symantec-sep---fingerprint-lists](./doc/screenshots/dt-symantec-sep---fingerprint-lists.png)
+
 #### API Name:
 sep_fingerprint_lists
 
@@ -7357,8 +6874,8 @@ sep_fingerprint_lists
 | ----------- | --------------- | ---- | ------- |
 | Assigned SEP group ids | `group_ids` | `text` | - |
 | Description | `list_description` | `text` | SEP list description. |
+| Hash values | `hash_values` | `text` | Hash values in list. |
 | List name | `list_name` | `text` | SEP list name. |
-| MD5 Hash values | `hash_values` | `text` | Hash values in list (Currently MD5 only supported). |
 | Query Execution date | `query_execution_date` | `text` | - |
 | SEP domain name | `domain_name` | `text` | - |
 | SEP list id | `list_id` | `text` | - |
@@ -7366,6 +6883,8 @@ sep_fingerprint_lists
 ---
 ## Data Table - Symantec SEP - Groups
 
+ ![screenshot: dt-symantec-sep---groups](./doc/screenshots/dt-symantec-sep---groups.png)
+
 #### API Name:
 sep_groups
 
@@ -7385,6 +6904,8 @@ sep_groups
 ---
 ## Data Table - Symantec SEP - Non-compliant Endpoints status details
 
+ ![screenshot: dt-symantec-sep---non-compliant-endpoints-status-details](./doc/screenshots/dt-symantec-sep---non-compliant-endpoints-status-details.png)
+
 #### API Name:
 sep_endpoints_non_compliant_details
 
@@ -7411,43 +6932,8 @@ sep_endpoints_non_compliant_details
 
 ---
 
-
-
-## Rules
-| Rule Name | Object | Workflow Triggered |
-| --------- | ------ | ------------------ |
-| Example: SEP - Add Artifact from Scan Result | sep_eoc_scan_results | `-` |
-| Example: SEP - Add Hash to Blacklist | artifact | `wf_sep_add_fingerprint_list` |
-| Example: SEP - Assign Blacklist to lockdown group | sep_groups | `wf_sep_assign_fingerprint_list_to_lockdown_group` |
-| Example: SEP - Delete Blacklist | sep_fingerprint_lists | `wf_sep_delete_fingerprint_list` |
-| Example: SEP - Delete Hash from Blacklist | artifact | `wf_sep_delete_hash_from_fingerprint_list` |
-| Example: SEP - Get Blacklist information | incident | `wf_sep_get_blacklist_information` |
-| Example: SEP - Get Endpoint Details | sep_eoc_scan_results | `wf_sep_get_endpoint_details` |
-| Example: SEP - Get Endpoint Details for artifact | artifact | `wf_sep_get_endpoint_details_for_artifact` |
-| Example: SEP - Get Endpoints status summary | incident | `wf_sep_get_endpoints_status` |
-| Example: SEP - Get Endpoints status summary (refresh) | sep_endpoint_status_summary | `wf_sep_get_endpoints_status_refresh` |
-| Example: SEP - Get File Content as Base64 string | sep_eoc_scan_results | `wf_sep_get_file_content_as_base64_string` |
-| Example: SEP - Get Groups information | incident | `wf_sep_get_groups_information` |
-| Example: SEP - Get Non-Compliant Endpoints status details | sep_endpoint_status_summary | `wf_sep_get_endpoints_status_details` |
-| Example: SEP - Get Quarantine status | sep_endpoint_details | `wf_sep_get_quarantine_status` |
-| Example: SEP - Get Remediation status | sep_eoc_scan_results | `wf_sep_get_remediation_status` |
-| Example: SEP - Get Scan results | sep_eoc_scan_results | `wf_sep_get_scan_results` |
-| Example: SEP - Get Upload status | sep_eoc_scan_results | `wf_sep_get_upload_status` |
-| Example: SEP - Initiate EOC Scan for Artifact | artifact | `wf_sep_initiate_eoc_scan_for_artifact` |
-| Example: SEP - Move Endpoint | sep_endpoint_details | `wf_sep_move_endpoint` |
-| Example: SEP - Parse notification | __emailmessage | `-` |
-| Example: SEP - Quarantine Endpoint | sep_endpoint_details | `wf_sep_quarantine_endpoint` |
-| Example: SEP - Remediate Artifact on Endpoint | sep_eoc_scan_results | `wf_sep_remediate_artifact_on_endpoint` |
-| Example: SEP - Un-Quarantine Endpoint | sep_endpoint_details | `wf_sep_quarantine_endpoint` |
-| Example: SEP - Upload file to SEPM server | sep_eoc_scan_results | `wf_sep_upload_file_to_sepm` |
-
----
-
-
 ## Troubleshooting & Support
-
 Refer to the documentation listed in the Requirements section for troubleshooting information.
 
 ### For Support
-
-This is an IBM supported app. Please search https://ibm.com/mysupport for assistance.
\ No newline at end of file
+This is an IBM supported app. Please search https://ibm.com/mysupport for assistance.
diff --git a/_sources/fn_soar_utils/README.md.txt b/_sources/fn_soar_utils/README.md.txt
index 2a7f5ca78..2a08797cc 100644
--- a/_sources/fn_soar_utils/README.md.txt
+++ b/_sources/fn_soar_utils/README.md.txt
@@ -1,21 +1,3 @@
-<!--
-  This README.md is generated by running:
-  "resilient-sdk docgen -p fn_soar_utils"
-
-  It is best edited using a Text Editor with a Markdown Previewer. VS Code
-  is a good example. Checkout https://guides.github.com/features/mastering-markdown/
-  for tips on writing with Markdown
-
-  All fields followed by "::CHANGE_ME::"" should be manually edited
-
-  If you make manual edits and run docgen again, a .bak file will be created
-
-  Store any screenshots in the "doc/screenshots" directory and reference them like:
-  ![screenshot: screenshot_1](./screenshots/screenshot_1.png)
-
-  NOTE: If your app is available in the container-format only, there is no need to mention the integration server in this readme.
--->
-
 # SOAR Utilities
 
 ## Table of Contents
@@ -56,7 +38,8 @@
 -->
 | Version | Date | Notes |
 | ------- | ---- | ----- |
-| 1.0.1 | 1/2023 | Bug fix and doc improvements |
+| 1.0.2 | 09/2024 | Bug fix for attachment zip list function |
+| 1.0.1 | 01/2023 | Bug fix and doc improvements |
 | 1.0.0 | 10/2022 | Initial Release |
 
 
@@ -80,13 +63,13 @@ This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRa
 The SOAR platform supports two app deployment mechanisms, App Host and integration server.
 
 If deploying to a SOAR platform with an App Host, the requirements are:
-* SOAR platform >= `45`.
+* SOAR platform >= `51.0.0`.
 * The app is in a container-based format (available from the AppExchange as a `zip` file).
 
 If deploying to a SOAR platform with an integration server, the requirements are:
-* SOAR platform >= `45`.
+* SOAR platform >= `51.0.0`.
 * The app is in the older integration format (available from the AppExchange as a `zip` file which contains a `tar.gz` file).
-* Integration server is running `resilient-circuits>=46.0.0`.
+* Integration server is running `resilient-circuits>=51.0.0`.
 * If using an API key account, make sure the account provides the following minimum permissions:
   | Name | Permissions |
   | ---- | ----------- |
@@ -102,7 +85,7 @@ The above guides are available on the IBM Documentation website at [ibm.biz/soar
 
 ### Cloud Pak for Security
 If you are deploying to IBM Cloud Pak for Security, the requirements are:
-* IBM Cloud Pak for Security >= 1.9.
+* IBM Cloud Pak for Security >= 1.10.
 * Cloud Pak is configured with an App Host.
 * The app is in a container-based format (available from the AppExchange as a `zip` file).
 
@@ -116,9 +99,9 @@ These guides are available on the IBM Documentation website at [ibm.biz/cp4s-doc
 The app does support a proxy server.
 
 ### Python Environment
-Both Python 3.6 and 3.9 are supported.
+Both Python 3.9 and 3.11 are supported.
 Additional package dependencies may exist for each of these packages:
-* resilient-circuits>=46.0.0
+* resilient-circuits>=51.0.0
 
 ---
 
diff --git a/_sources/fn_sumo_logic/README.md.txt b/_sources/fn_sumo_logic/README.md.txt
new file mode 100644
index 000000000..8e380c03c
--- /dev/null
+++ b/_sources/fn_sumo_logic/README.md.txt
@@ -0,0 +1,2342 @@
+<!--
+  This README.md is generated by running:
+  "resilient-sdk docgen -p fn_sumo_logic"
+
+  This file was generated with resilient-sdk v51.0.2.2.1096
+
+  It is best edited using a Text Editor with a Markdown Previewer. VS Code
+  is a good example. Checkout https://guides.github.com/features/mastering-markdown/
+  for tips on writing with Markdown
+
+  All fields followed by "::CHANGE_ME::"" should be manually edited
+
+  If you make manual edits and run docgen again, a .bak file will be created
+
+  Store any screenshots in the "doc/screenshots" directory and reference them like:
+  ![screenshot: screenshot_1](./screenshots/screenshot_1.png)
+
+  NOTE: If your app is available in the container-format only, there is no need to mention the integration server in this readme.
+-->
+
+# Sumo Logic Cloud SIEM
+
+
+## Table of Contents
+- [Sumo Logic Cloud SIEM](#sumo-logic-cloud-siem)
+  - [Table of Contents](#table-of-contents)
+  - [Release Notes](#release-notes)
+  - [Overview](#overview)
+    - [Key Features](#key-features)
+  - [Requirements](#requirements)
+    - [SOAR platform](#soar-platform)
+    - [Cloud Pak for Security](#cloud-pak-for-security)
+    - [Proxy Server](#proxy-server)
+    - [Python Environment](#python-environment)
+    - [Sumo Logic Development Version](#sumo-logic-development-version)
+      - [Prerequisites](#prerequisites)
+      - [Configuration](#configuration)
+    - [Generate an Access Key and Secret in Sumo Log Analytics Platform](#generate-an-access-key-and-secret-in-sumo-log-analytics-platform)
+  - [](#)
+  - [Installation](#installation)
+    - [Install](#install)
+    - [App Configuration](#app-configuration)
+    - [Poller Considerations](#poller-considerations)
+    - [Insights Filtering](#insights-filtering)
+      - [Polling Filter Examples](#polling-filter-examples)
+      - [Poller Templates for SOAR Cases](#poller-templates-for-soar-cases)
+  - [Function - Sumo Logic: Add Comment to Insight](#function---sumo-logic-add-comment-to-insight)
+  - [Function - Sumo Logic: Add Tag to Insight](#function---sumo-logic-add-tag-to-insight)
+  - [Function - Sumo Logic: Get Entity](#function---sumo-logic-get-entity)
+  - [Function - Sumo Logic: Get Insight By ID](#function---sumo-logic-get-insight-by-id)
+  - [Function - Sumo Logic: Get Insights Comments](#function---sumo-logic-get-insights-comments)
+  - [Function - Sumo Logic: Get Signal by ID](#function---sumo-logic-get-signal-by-id)
+  - [Function - Sumo Logic: Update Insight Status](#function---sumo-logic-update-insight-status)
+  - [Script - Convert JSON to rich text v1.3](#script---convert-json-to-rich-text-v13)
+  - [Script - Sumo Logic: Add Artifacts from Insight](#script---sumo-logic-add-artifacts-from-insight)
+  - [Script - Sumo Logic: Populate Signals Data Table](#script---sumo-logic-populate-signals-data-table)
+  - [Playbooks](#playbooks)
+  - [Custom Layouts](#custom-layouts)
+  - [Data Table - Signals](#data-table---signals)
+      - [API Name:](#api-name)
+      - [Columns:](#columns)
+  - [Custom Fields](#custom-fields)
+  - [Troubleshooting \& Support](#troubleshooting--support)
+    - [For Support](#for-support)
+
+---
+
+## Release Notes
+<!--
+  Specify all changes in this release. Do not remove the release
+  notes of a previous release
+-->
+| Version | Date | Notes |
+| ------- | ---- | ----- |
+| 1.0.0 | 08/2024 | Initial Release |
+
+---
+
+## Overview
+<!--
+  Provide a high-level description of the function itself and its remote software or application.
+  The text below is parsed from the "description" and "long_description" attributes in the setup.py file
+-->
+**IBM SOAR app - bidirectional synchronization and functions for Sumo Logic**
+
+ ![screenshot: main](./doc/screenshots/main.png)
+
+Bi-directional App for Sumo Logic Cloud SIEM. Query Sumo Logic for insights based on user-defined query parameters and create and update cases in SOAR.<br>
+
+### Key Features
+<!--
+  List the Key Features of the Integration
+-->
+* Poll Sumo Logic insights and create and update the corresponding cases in SOAR
+* Allow user to specify insight polling filters to limit insights escalated to SOAR 
+* Create artifacts in SOAR case from Sumo Logic entities
+* Create hits on SOAR artifacts based on the corresponding entity's Signal Severity Total in Sumo Logic via automatic or manual playbooks
+* Synchronize comments and notes between Sumo Logic insight and corresponding SOAR case
+* View insight signal details in the Signals data table
+* Write the insight, signal and entity full JSON data from Sumo Logic to a note in SOAR
+* Post tags to an insight from SOAR
+* Sumo Logic custom incident tab that contains insight custom fields, a link back to the insight in Sumo Logic and the Signals data table
+
+---
+
+## Requirements
+<!--
+  List any Requirements
+-->
+
+This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRadar SOAR for IBM Cloud Pak for Security.
+
+### SOAR platform
+The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.
+
+If deploying to a SOAR platform with an App Host, the requirements are:
+* SOAR platform >= `51.0.0.0`.
+* The app is in a container-based format (available from the AppExchange as a `zip` file).
+
+If deploying to a SOAR platform with an integration server, the requirements are:
+* SOAR platform >= `51.0.0.0`.
+* The app is in the older integration format (available from the AppExchange as a `zip` file which contains a `tar.gz` file).
+* Integration server is running `resilient-circuits>=51.0.0`.
+* If using an API key account, make sure the account provides the following minimum permissions:
+  | Name | Permissions |
+  | ---- | ----------- |
+  | Org Data | Read |
+  | Function | Read |
+  | Incidents | Read, Create |
+  | Edit Incidents | Fields, Status |
+  | Layouts | Read, Edit |
+
+The following SOAR platform guides provide additional information:
+* _Edge Gateway Deployment Guide_ or _App Host Deployment Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings.
+* _Integration Server Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings.
+* _System Administrator Guide_: provides the procedure to install, configure and deploy apps.
+
+The above guides are available on the IBM Documentation website at [ibm.biz/soar-docs](https://ibm.biz/soar-docs). On this web page, select your SOAR platform version. On the follow-on page, you can find the _Edge Gateway Deployment Guide_, _App Host Deployment Guide_, or _Integration Server Guide_ by expanding **Apps** in the Table of Contents pane. The System Administrator Guide is available by expanding **System Administrator**.
+
+### Cloud Pak for Security
+If you are deploying to IBM Cloud Pak for Security, the requirements are:
+* IBM Cloud Pak for Security >= `1.10`.
+* Cloud Pak is configured with an Edge Gateway.
+* The app is in a container-based format (available from the AppExchange as a `zip` file).
+
+The following Cloud Pak guides provide additional information:
+* _Edge Gateway Deployment Guide_ or _App Host Deployment Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings. From the Table of Contents, select Case Management and Orchestration & Automation > **Orchestration and Automation Apps**.
+* _System Administrator Guide_: provides information to install, configure, and deploy apps. From the IBM Cloud Pak for Security IBM Documentation table of contents, select Case Management and Orchestration & Automation > **System administrator**.
+
+These guides are available on the IBM Documentation website at [ibm.biz/cp4s-docs](https://ibm.biz/cp4s-docs). From this web page, select your IBM Cloud Pak for Security version. From the version-specific IBM Documentation page, select Case Management and Orchestration & Automation.
+
+### Proxy Server
+The app **does** support a proxy server.
+
+### Python Environment
+Python 3.9, 3.11, and 3.12 are officially supported. When deployed as an app, the app runs on Python 3.11.
+Additional package dependencies may exist for each of these packages:
+* resilient-circuits>=51.0.0
+
+### Sumo Logic Development Version
+
+This app has been implemented using:
+| Product Name | Product Version | API URL | API Version |
+| ------------ | --------------- | ------- | ----------- |
+| Sumo Logic Cloud SIEM | N/A | https://api.sumologic.com/api | v1 |
+
+#### Prerequisites
+<!--
+List any prerequisites that are needed to use with this endpoint solution. Remove any section that is unnecessary.
+-->
+* A Sumo Logic Log Analytics Platform user account in which Cloud SIEM Enterprise is enabled.
+
+#### Configuration
+<!--
+List any steps that are needed to configure the endpoint to use this app.
+-->
+### Generate an Access Key and Secret in Sumo Log Analytics Platform
+In the lower left corner of the Sumo Logic panel in the User Account Preferences menu item, Click on the `+ Add Access Key` blue button:
+
+ ![screenshot: fn-sumo-logic-access-id-key](./doc/screenshots/fn-sumo-logic-access-id-key.png)
+
+In the `Create an Access Key` dialog, enter an `Access Key Name` and Click the blue `Create Key` button.
+
+ ![screenshot: fn-sumo-logic-create-access-key](./doc/screenshots/fn-sumo-logic-create-access-key.png)
+
+Copy the Access ID and Access Key for use in the app.config file.
+
+ ![screenshot: fn-sumo-logic-access-id-key-dialog](./doc/screenshots/fn-sumo-logic-access-id-key-dialog.png)
+---
+
+## Installation
+
+### Install
+* To install or uninstall an App or Integration on the _SOAR platform_, see the documentation at [ibm.biz/soar-docs](https://ibm.biz/soar-docs).
+* To install or uninstall an App on _IBM Cloud Pak for Security_, see the documentation at [ibm.biz/cp4s-docs](https://ibm.biz/cp4s-docs) and follow the instructions above to navigate to Orchestration and Automation.
+
+### App Configuration
+The following table provides the settings you need to configure the app. These settings are made in the app.config file. See the documentation discussed in the Requirements section for the procedure.
+
+| Config | Required | Example | Description |
+| ------ | :------: | ------- | ----------- |
+| **access_id** | Yes | `xxx` | *Sumo Logic Access ID.* |
+| **access_key** | Yes | `xxx` | *Sumo Logic Access Key.* |
+| **api_endpoint_url** | Yes | `https://api.sumologic.com/api` | *Sumo Logic REST API endpoint URL. See Sumo Logic documentation to determine URL for your region: https://help.sumologic.com/docs/api/getting-started/#which-endpoint-should-i-should-use .* |
+| **console_url** | Yes | `https://service.sumologic.com` | *Sumo Logic console URL - used to create links back to Sumo Logic Insight.*  |
+| **polling_interval** | Yes | `600` | *Poller interval time in seconds. Value of zero turns poller off.*  |
+| **polling_lookback** | Yes | `20160` | *Number of minutes to lookback for queries the first time the poller runs.* |
+| **polling_add_case_url_comment_in_sumo_logic** | No | `True` | *Boolean flag indicating whether or not to add a comment in the Sumo Logic Insight that contains the URL link back to corresponding SOAR case.* |
+| **polling_filters** | No | `status:in("inprogress","new","closed") confidence:>=.70 severity:>="MEDIUM"` | *Polling filters to limit escalated insights - Sumo Logic DSL query statement - each query parameter separated by a space.* |
+| **soar_create_case_template** | No | `/var/rescircuits/create_case.jinja` | *Path to override template for automatic case creation. See [Poller Considerations](#poller-considerations).* |
+| **soar_update_case_template** | No | `/var/rescircuits/update_case.jinja` | *Path to override template for automatic case updating. See [Poller Considerations](#poller-considerations).* |
+| **soar_close_case_template** | No | `/var/rescircuits/close_case.jinja` | *Path to override template for automatic case closing. See [Poller Considerations](#poller-considerations).* |
+
+
+### Poller Considerations
+When the poller is enabled, cases are automatically escalated from this app. Any updates are checked at the cadence defined by the value set for `polling_interval`. It is possible, however, to escalate cases from other sources.
+In this scenario, the poller would be disabled by setting `polling_interval=0` and a separate source might capture a case from the endpoint and in turn create a case in SOAR. This app can still be useful for enrichment of that
+newly created case even though it was not directly escalated from this app. As long as the reference ID (i.e. alert ID, event ID, etc...) for each case is preserved, all remaining details will synchronize to the SOAR case through this app automatically.
+
+Sumo Logic REST API does not allow querying insights based on insight field `lastUpdated` timestamp. In order to implement bidirectional synchronization between Sumo Logic insights and SOAR cases, all Sumo Logic insights that have cases in SOAR are fetched and each case is updated on each polling interval.  Take this overhead into consideration when determining the `polling_interval`, especially if you have a large number of Sumo Logic cases in SOAR. 
+
+### Insights Filtering
+
+To limit the number of insights escalated to SOAR, consider using the optional `polling_filters` parameter in the app configuration file. The query string format is documented in Sumo Logic at: https://api.sumologic.com/docs/sec/#operation/GetInsights and below:
+
+
+The search query string uses sumo logic custom DSL that is used to filter the results.   
+
+Each filter is in the format `field:operator:value`. Multiple filters are separated by a space.
+
+   Operators:
+   - `exampleField:"bar"`: The value of the field is equal to "bar".
+   - `exampleField:in("bar", "baz", "qux")`: The value of the field is equal to either "bar", "baz", or "qux".
+   - `exampleTextField:contains("foo bar")`: The value of the field contains the phrase "foo bar".
+   - `exampleNumField:>5`: The value of the field is greater than 5. There are similar `<`, `<=`, and `>=` operators.
+   - `exampleNumField:5..10`: The value of the field is between 5 and 10 (inclusive).
+   - `exampleDateField:>2019-02-01T05:00:00+00:00`: The value of the date field is after 5 a.m. UTC time on February 2, 2019.
+   - `exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00`: The value of the date field is between 5 a.m. and 8 a.m. UTC time on February 2, 2019.
+
+   Fields:
+   - readableId
+   - status
+   - statusId
+   - name
+   - insightId
+   - serialId
+   - description
+   - created
+   - timestamp
+   - closed
+   - assignee
+   - entity.id
+   - entity.ip
+   - entity.hostname
+   - entity.username
+   - entity.sensorZone
+   - entity.type
+   - entity.value
+   - involvedEntities.id
+   - involvedEntities.type,
+   - involvedEntities.value
+   - enrichment
+   - sensorZone
+   - tag
+   - severity
+   - resolution
+   - subResolution
+   - ruleId
+   - records
+   - confidence
+
+NOTE: The poller uses the `created` field to escalate new insights to SOAR, so this insight field should not be used to filter insights.
+
+#### Polling Filter Examples
+
+```
+polling_filters = status:in("inprogress","new","closed") confidence:>=.85 severity:>="HIGH"
+```
+
+In this example, the query will return all insights with a status of either "inprogress", "new", and "closed" AND a confidence greater than or equal to .85 AND a severity greater than or equal to "HIGH" (which includes values "HIGH" or "CRITICAL").
+
+
+#### Poller Templates for SOAR Cases
+It may be necessary to modify the templates used to create, update, or close SOAR cases based on your required custom fields in SOAR.
+
+This is especially relevant if you have required custom _close_ fields that need to be filled when closing a case in SOAR. If that is the case, be sure to implement a custom `close_case_template` and reference those required close fields in the template.
+
+When overriding the template in App Host, specify the file path for each file as `/var/rescircuits`.
+
+Below are the default templates used which can be copied, modified, and used with app_config's
+`soar_create_case_template`, `soar_update_case_template`, and `soar_close_case_template` settings to override the default templates.
+
+<details><summary>soar_create_case.jinja</summary>
+
+```jinja
+{
+  {# JINJA template for creating a new SOAR incident from an endpoint #}
+  {# See https://ibmresilient.github.io/resilient-python-api/pages/resilient-lib/resilient-lib.html#module-resilient_lib.components.templates_common
+     for details on available jinja methods. Examples for `soar_substitute` and more are included below.
+  #}
+  {% set severity_mapping = '''{
+    "CRITICAL": "High", 
+    "HIGH": "High", 
+    "MEDIUM": "Medium", 
+    "LOW": "Low"
+  }'''
+  %}
+  {# modify to specify your specific **data** fields #}
+  "name": "Sumo Logic {{ readableId }} - {{ name }}",
+  "description": "{{ description | replace('"', '\\"') }}",
+  {# start_date cannot be after discovered_date #}
+  {% set start_date = created if created <= created else created %}
+  "discovered_date": {{ created| soar_datetimeformat(split_at='.') }},
+  "start_date": {{ start_date | soar_datetimeformat(split_at='.') }},
+  {# if alert users are different than SOAR users, consider using a mapping table using soar_substitute: #}
+  {# "owner_id": "{{ **assignedTo** |soar_substitute('{"Automation": "soar_user1@example.com", "default_user@example.com": "soar_user2@example.com", "DEFAULT": "default_user@example.com" }') }}", #}
+  "plan_status": "A",
+  "severity_code": "{{ severity | soar_substitute(severity_mapping) }}",
+  {# specify your custom fields for your endpoint solution #}
+  "properties": {
+    "sumo_logic_insight_id": "{{ id }}"
+  }
+}
+```
+</details>
+
+<details><summary>soar_update_case.jinja</summary>
+
+```jinja
+{
+  {# JINJA template for updating a new SOAR incident from an endpoint #}
+  {# modify to specify your specific **data** fields #}
+  {% set severity_mapping = '''{
+    "CRITICAL": "High", 
+    "HIGH": "High", 
+    "MEDIUM": "Medium", 
+    "LOW": "Low"
+  }'''
+  %}
+  "severity_code": "{{ severity | soar_substitute(severity_mapping) }}",
+  {# specify your custom fields for your endpoint solution #}
+  "properties": {
+    "sumo_logic_insight_global_confidence": {{ (confidence*100)|int }},
+    "sumo_logic_insight_assignee": "{{ assignee.displayName }} ({{assignee.username}})",
+    "sumo_logic_insight_status": "{{ status.displayName }}",
+    "sumo_logic_insight_readable_id": "{{ readableId }}",
+    "sumo_logic_insight_resolution": "{{ resolution }}",
+    "sumo_logic_insight_source": "{{ source }}",
+    "sumo_logic_insight_sub_resolution": "{{ subResolution }}",
+    "sumo_logic_insight_link": "<a target='_blank' href='{{ entity_url }}'>Insight</a>"
+    {% if tags %}
+    ,"sumo_logic_insight_tags": "{{ tags | join(', ') }}"
+    {% endif %}
+  }
+}
+
+```
+</details>
+
+<details><summary>soar_close_case.jinja</summary>
+
+```jinja
+{
+  {# JINJA template for closing a SOAR incident using endpoint data #}
+  {# modify to specify your specific **data** fields #}
+  "plan_status": "C",
+  "resolution_id": "{{ resolution | soar_substitute('{"False Positive": "Not an Issue", "Resolved": "Resolved", "Duplicate": "Duplicate", "No Action": "Unresolved" }') }}",
+  "resolution_summary": "Closed by Sumo Logic, Insight Status: {{ status.displayName }}"
+  {# add additional fields based on your 'on close' field requirements #}
+  {#
+  ,"properties": {
+      "your_custom_field": "value"
+  }
+  #}
+}
+```
+</details>
+
+
+ ---
+
+## Function - Sumo Logic: Add Comment to Insight
+Post a comment to a Sumo Logic insight in Sumo Logic.
+
+ ![screenshot: fn-sumo-logic-add-comment-to-insight ](./doc/screenshots/fn-sumo-logic-add-comment-to-insight.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sumo_logic_comment_text` | `text` | Yes | `-` | - |
+| `sumo_logic_insight_id` | `text` | Yes | `-` | - |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "data": {
+      "author": {
+        "username": "admin@example.com"
+      },
+      "body": "Created by IBM SOAR:  Sumo Logic: Get Insight Comments  playbook created 1 notes in SOAR.",
+      "id": "6",
+      "timestamp": "2024-08-01T20:05:28.833246"
+    },
+    "errors": []
+  },
+  "inputs": {
+    "sumo_logic_comment_text": "\u003cb\u003eSumo Logic: Get Insight Comments\u003c/b\u003e playbook created 1 notes in SOAR.",
+    "sumo_logic_insight_id": "2a8419c4-b84b-3b6c-8447-af4ccbfba9c6"
+  },
+  "metrics": {
+    "execution_time_ms": 9515,
+    "host": "my.app.host",
+    "package": "fn-sumo-logic",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-01 16:05:30",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sumo_logic_insight_id = incident.properties.sumo_logic_insight_id
+inputs.sumo_logic_comment_text = note.text.content
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+from datetime import datetime
+
+results = playbook.functions.results.add_comment_to_insight_results
+
+# Edit note in SOAR to indicate it was sent to CBC alert
+if results.get("success"):
+  # Get the current time
+  now = datetime.now()
+  note.text = u"<b>Post comment to Sumo Logic insight at {0}</b><br>{1}".format(now, note.text.content)
+```
+
+</p>
+</details>
+
+---
+## Function - Sumo Logic: Add Tag to Insight
+Add a tag to a Sumo Logic insight in Sumo Logic.
+
+ ![screenshot: fn-sumo-logic-add-tag-to-insight ](./doc/screenshots/fn-sumo-logic-add-tag-to-insight.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sumo_logic_insight_id` | `text` | Yes | `-` | - |
+| `sumo_logic_insight_tag` | `text` | Yes | `-` | - |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "data": {
+      "artifacts": [],
+      "assignedTo": null,
+      "assignee": null,
+      "closed": null,
+      "closedBy": null,
+      "confidence": 0.85,
+      "created": "2024-07-30T20:17:57.153553",
+      "description": "Initial Access",
+      "entity": {
+        "entityType": "_username",
+        "hostname": null,
+        "id": "_username-root",
+        "macAddress": null,
+        "name": "root",
+        "sensorZone": "",
+        "value": "root"
+      },
+      "id": "f741314d-34b6-3417-9c0a-426d547e345a",
+      "involvedEntities": [
+        {
+          "entityType": "_process",
+          "hostname": null,
+          "id": "_process-sshd",
+          "macAddress": null,
+          "name": "sshd",
+          "sensorZone": null,
+          "value": "sshd"
+        },
+        {
+          "entityType": "_username",
+          "hostname": null,
+          "id": "_username-root",
+          "macAddress": null,
+          "name": "root",
+          "sensorZone": null,
+          "value": "root"
+        },
+        {
+          "entityType": "_ip",
+          "hostname": null,
+          "id": "_ip-9.108.160.132",
+          "macAddress": null,
+          "name": "9.108.160.132",
+          "sensorZone": null,
+          "value": "9.108.160.132"
+        },
+        {
+          "entityType": "_hostname",
+          "hostname": "sumologic1",
+          "id": "_hostname-sumologic1",
+          "macAddress": null,
+          "name": "sumologic1",
+          "sensorZone": null,
+          "value": "sumologic1"
+        }
+      ],
+      "lastUpdated": "2024-08-01T13:18:50.606099",
+      "lastUpdatedBy": null,
+      "name": "Initial Access",
+      "orgId": "0000000000BD6D7C",
+      "readableId": "INSIGHT-2",
+      "resolution": null,
+      "severity": "MEDIUM",
+      "signals": [
+        {
+          "allRecords": [
+            {
+              "baseImage": "sshd",
+              "bro_dns_answers": [],
+              "bro_file_bytes": {},
+              "bro_file_connUids": [],
+              "bro_flow_service": [],
+              "bro_ftp_pendingCommands": [],
+              "bro_http_cookieVars": [],
+              "bro_http_origFuids": [],
+              "bro_http_origMimeTypes": [],
+              "bro_http_request_headers": {},
+              "bro_http_request_proxied": [],
+              "bro_http_response_headers": {},
+              "bro_http_response_respFuids": [],
+              "bro_http_response_respMimeTypes": [],
+              "bro_http_tags": [],
+              "bro_http_uriVars": [],
+              "bro_kerberos_clientCert": {},
+              "bro_kerberos_serverCert": {},
+              "bro_sip_headers": {},
+              "bro_sip_requestPath": [],
+              "bro_sip_responsePath": [],
+              "bro_ssl_certChainFuids": [],
+              "bro_ssl_clientCertChainFuids": [],
+              "cseSignal": {},
+              "day": 30,
+              "device_hostname": "sumologic1",
+              "device_hostname_raw": "sumologic1",
+              "dstDevice_hostname": "sumologic1",
+              "dstDevice_hostname_raw": "sumologic1",
+              "fieldTags": {},
+              "fields": {
+                "event_id": "sshd-failed-invalid-password",
+                "source_ip": "9.108.160.132",
+                "source_port": "53371",
+                "ssh_version": "ssh2",
+                "syslog_hostname": "sumologic1",
+                "syslog_message": "Failed password for root from 9.108.160.132 port 53371 ssh2",
+                "syslog_process": "sshd",
+                "syslog_process_id": "35224",
+                "syslog_timestamp": "Jul 30 13:17:19",
+                "user": "root"
+              },
+              "friendlyName": "record",
+              "hour": 13,
+              "http_requestHeaders": {},
+              "listMatches": [],
+              "matchedItems": [],
+              "metadata_deviceEventId": "sshd-failed-invalid-password",
+              "metadata_mapperName": "Linux OS Syslog - Process sshd - SSH Auth Failure Invalid Password",
+              "metadata_mapperUid": "05445189-0e1e-425a-8f2b-5d1f41e9546e",
+              "metadata_orgId": "0000000000BD6D7C",
+              "metadata_parseTime": 1722370665323,
+              "metadata_parser": "/Parsers/System/Linux/Linux OS Syslog",
+              "metadata_product": "Linux OS Syslog",
+              "metadata_productGuid": "0e20c932-d992-4bd4-b276-c15119ca5c0b",
+              "metadata_receiptTime": 1722370640,
+              "metadata_schemaVersion": 3,
+              "metadata_sensorId": "0000000000BD6D7C",
+              "metadata_sensorInformation": {},
+              "metadata_sensorZone": "default",
+              "metadata_sourceBlockId": "2295449033841068855",
+              "metadata_sourceCategory": "linux/system",
+              "metadata_sourceMessageId": "-7272543713819412727",
+              "metadata_vendor": "Linux",
+              "month": 7,
+              "normalizedAction": "logon",
+              "objectClassification": "Authentication",
+              "objectType": "Authentication",
+              "pid": 35224,
+              "srcDevice_ip": "9.108.160.132",
+              "srcDevice_ip_ipv4IntValue": 158113924,
+              "srcDevice_ip_isInternal": false,
+              "srcDevice_ip_version": 4,
+              "srcPort": 53371,
+              "success": false,
+              "timestamp": 1722345439000,
+              "uid": "aac19471-8442-5536-9742-bcc5aacc1e80",
+              "user_username": "root",
+              "user_username_raw": "root",
+              "year": 2024
+            }
+          ],
+          "artifacts": [],
+          "contentType": "RULE",
+          "created": "2024-07-30T13:17:19",
+          "description": "Detects multiple failed login attempts for the same username over a 24 hour timeframe. This is designed to catch both slow and quick brute force type attacks. The threshold and time frame can be adjusted based on the customer\u0027s environment.",
+          "entity": {
+            "entityType": "_username",
+            "hostname": null,
+            "id": "_username-root",
+            "macAddress": null,
+            "name": "root",
+            "sensorZone": "",
+            "value": "root"
+          },
+          "id": "f16f0e84-66c4-50c7-a0b2-b02b5cbdd543",
+          "name": "Brute Force Attempt",
+          "recordCount": 1,
+          "recordSearchDetails": {
+            "query": "_index=sec_record_* | json field=_raw \"resultType\" as _unpacked__raw_resultType nodrop\n| where (if (isNull(objectType), false, objectType == \"Authentication\") and if (isNull(normalizedAction), false, normalizedAction == \"logon\") and if (isNull(success), false, !(success)) and !(if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == \"Security-4776\") and !isBlank(listMatches) AND jsonArrayContains(listMatches, \"domain_controllers\")) and !(if (isNull(metadata_vendor), false, metadata_vendor == \"Microsoft\") and if (isNull(metadata_product), false, metadata_product == \"Azure\") and if (isNull(_unpacked__raw_resultType), false, _unpacked__raw_resultType == \"700082\")) and !(metadata_vendor in (\"Microsoft\", \"Intersect Alliance\") and metadata_product in (\"Windows\", \"Snare Enterprise Agent for Windows\") and user_username matches /^[\\s\\S]*\\$[\\s\\S]*$/) and !(!isBlank(listMatches) AND jsonArrayContains(listMatches, \"vuln_scanners\")) and if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == \"sshd-failed-invalid-password\") and if (isNull(metadata_product), false, metadata_product == \"Linux OS Syslog\") and if (isNull(metadata_vendor), false, metadata_vendor == \"Linux\") and if (isNull(user_username), false, user_username == \"root\"))",
+            "queryEndTime": "2024-07-30T14:24:00",
+            "queryStartTime": "2024-07-29T14:24:00"
+          },
+          "recordTypes": [],
+          "ruleId": "THRESHOLD-S00096",
+          "severity": 4,
+          "stage": "Initial Access",
+          "tags": [
+            "_mitreAttackTactic:TA0006",
+            "_mitreAttackTechnique:T1078",
+            "_mitreAttackTactic:TA0001",
+            "_mitreAttackTechnique:T1110.001",
+            "_mitreAttackTechnique:T1110.002",
+            "_mitreAttackTactic:TA0008",
+            "_mitreAttackTechnique:T1110",
+            "_mitreAttackTechnique:T1586"
+          ],
+          "timestamp": "2024-07-30T13:17:19"
+        }
+      ],
+      "source": "ALGORITHM",
+      "status": {
+        "displayName": "In Progress",
+        "name": "inprogress"
+      },
+      "subResolution": null,
+      "tags": [
+        "New tag",
+        "_mitreAttackTactic:TA0001",
+        "_mitreAttackTactic:TA0006",
+        "_mitreAttackTactic:TA0008",
+        "_mitreAttackTechnique:T1078",
+        "_mitreAttackTechnique:T1110",
+        "_mitreAttackTechnique:T1110.001",
+        "_mitreAttackTechnique:T1110.002",
+        "_mitreAttackTechnique:T1586"
+      ],
+      "teamAssignedTo": null,
+      "timeToDetection": 25238.153553,
+      "timeToRemediation": null,
+      "timeToResponse": 147653.411281,
+      "timestamp": "2024-07-30T13:17:19"
+    },
+    "errors": []
+  },
+  "inputs": {
+    "sumo_logic_insight_id": "f741314d-34b6-3417-9c0a-426d547e345a",
+    "sumo_logic_insight_tag": "New tag"
+  },
+  "metrics": {
+    "execution_time_ms": 151744,
+    "host": "my.app.host",
+    "package": "fn-sumo-logic",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-02 13:49:08",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sumo_logic_insight_id = incident.properties.sumo_logic_insight_id
+inputs.sumo_logic_insight_tag = playbook.inputs.sumo_logic_insight_tag
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+results = playbook.functions.results.add_tag_results
+
+if results.get("success"):
+    content = results.get("content")
+    if content:
+        data = content.get("data", None)
+        tags = data.get("tags", None)
+        incident.properties.sumo_logic_insight_tags = ", ".join(tags) if isinstance(tags, list) else None
+        note_text = f"<b>Sumo Logic Add Tag to Insight:</b>  {playbook.inputs.sumo_logic_insight_tag} added."
+    else:
+        note_text = "<b>Sumo Logic: Add Tag to Insight</b> failed to post tag(s) - no content."
+else:
+    reason = results.get("reason")
+    note_text = "<b>VMware CBC: Add Tag to Insight</b> failed to add tag(s) {reason}."
+  
+incident.addNote(note_text)
+```
+
+</p>
+</details>
+
+---
+## Function - Sumo Logic: Get Entity
+Query Sumo Logic to get details of an entity.
+
+ ![screenshot: fn-sumo-logic-get-entity ](./doc/screenshots/fn-sumo-logic-get-entity.png)
+
+The **Sumo Logic: Scan Artifact for Hits** playbooks create hits on artifacts based on the Signal Severity score associated with Sumo Logic entities.
+<p>
+NOTE: Edit the following playbook post-script variable to set the minimum threshold at which a hit is added to an artifact:
+
+```python
+MINIMUM_RECENT_SIGNAL_SEVERITY = 8
+```
+
+ ![screenshot: fn-sumo-logic-get-entity ](./doc/screenshots/fn-sumo-logic-get-entity2.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sumo_logic_entity_type` | `text` | No | `-` | - |
+| `sumo_logic_entity_value` | `text` | No | `-` | - |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": [
+    {
+      "activityScore": 0,
+      "criticality": null,
+      "entityType": "_ip",
+      "firstSeen": null,
+      "hostname": null,
+      "id": "_ip-9.61.102.36",
+      "isSuppressed": false,
+      "lastSeen": "2024-08-20T08:39:03",
+      "macAddress": null,
+      "name": "9.61.102.36",
+      "recentSignalSeverity": 10,
+      "reputation": null,
+      "sensorZone": null,
+      "tags": [],
+      "value": "9.61.102.36"
+    }
+  ],
+  "inputs": {
+    "sumo_logic_entity_type": "_ip",
+    "sumo_logic_entity_value": "9.61.102.36",
+    "sumo_logic_insight_id": "0b5f00b6-b14d-3492-9564-28bd98610a29"
+  },
+  "metrics": {
+    "execution_time_ms": 7397,
+    "host": "my.app.host",
+    "package": "fn-sumo-logic",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-21 11:39:58",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+ARTIFACT_TYPE_MAPPING = {
+  "DNS Name": "_hostname",
+  "IP Address": "_ip",
+  "File Path": "_file",
+  "MAC Address": "_mac",
+  "Process Name": "_process",
+  "User Account": "_username",
+  "User Agent": "_useragent",
+  "URL": "_url"
+}
+
+inputs.sumo_logic_entity_type = ARTIFACT_TYPE_MAPPING.get(artifact.type, None)
+if not inputs.sumo_logic_entity_type:
+  helper.fail(f"Artifact {artifact.type} not mapped.")
+inputs.sumo_logic_entity_value = artifact.value
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+# Edit the following variable to change the minimum threshold at which a hit is added to an artifact.
+MINIMUM_RECENT_SIGNAL_SEVERITY = 8
+results = playbook.functions.results.get_entity_results
+
+note_text = "<b>Sumo Logic Automatic Scan Artifact:</b><br>"
+if results.get("success"):
+    content = results.get("content")
+    if content:
+        data = content.get("data", {})
+        if data:
+            total = data.get("total", 0)
+            if total >= 1:
+                objects = data.get("objects", [])
+                if total >= 1:
+                    entity = objects[0]
+                    recent_signal_severity = entity.get("recentSignalSeverity")
+                    if recent_signal_severity >= MINIMUM_RECENT_SIGNAL_SEVERITY:
+                        # Create a hit on the artifact.
+                        hit = [
+                          {
+                            "name": "Artifact Value",
+                            "type": "string",
+                            "value": f"{artifact.value}"
+                          }
+                        ]
+                        artifact.addHit(f"Sumo Logic: Signal Severity Total: {recent_signal_severity}.", hit)
+                        note_text = f"{note_text} Hit added on <b>{artifact.type} {artifact.value}</b> with Signal Severity Total: <b>{recent_signal_severity}</b>."
+
+                        incident.addNote(note_text)
+```
+
+</p>
+</details>
+
+---
+## Function - Sumo Logic: Get Insight By ID
+Get the details of a Sumo Logic insight given the insight ID.
+
+ ![screenshot: fn-sumo-logic-get-insight-by-id ](./doc/screenshots/fn-sumo-logic-get-insight-by-id.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sumo_logic_insight_id` | `text` | Yes | `-` | - |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "data": {
+      "artifacts": [],
+      "assignedTo": null,
+      "assignee": null,
+      "closed": null,
+      "closedBy": null,
+      "confidence": 0.85,
+      "created": "2024-07-30T20:17:57.153553",
+      "description": "Initial Access",
+      "entity": {
+        "entityType": "_username",
+        "hostname": null,
+        "id": "_username-root",
+        "macAddress": null,
+        "name": "root",
+        "sensorZone": "",
+        "value": "root"
+      },
+      "id": "f741314d-34b6-3417-9c0a-426d547e345a",
+      "involvedEntities": [
+        {
+          "entityType": "_process",
+          "hostname": null,
+          "id": "_process-sshd",
+          "macAddress": null,
+          "name": "sshd",
+          "sensorZone": null,
+          "value": "sshd"
+        },
+        {
+          "entityType": "_username",
+          "hostname": null,
+          "id": "_username-root",
+          "macAddress": null,
+          "name": "root",
+          "sensorZone": null,
+          "value": "root"
+        },
+        {
+          "entityType": "_ip",
+          "hostname": null,
+          "id": "_ip-9.108.160.132",
+          "macAddress": null,
+          "name": "9.108.160.132",
+          "sensorZone": null,
+          "value": "9.108.160.132"
+        },
+        {
+          "entityType": "_hostname",
+          "hostname": "sumologic1",
+          "id": "_hostname-sumologic1",
+          "macAddress": null,
+          "name": "sumologic1",
+          "sensorZone": null,
+          "value": "sumologic1"
+        }
+      ],
+      "lastUpdated": "2024-07-30T20:18:10.061087",
+      "lastUpdatedBy": null,
+      "name": "Initial Access",
+      "orgId": "0000000000BD6D7C",
+      "readableId": "INSIGHT-2",
+      "recordSummaryFields": [],
+      "resolution": null,
+      "severity": "MEDIUM",
+      "signals": [
+        {
+          "allRecords": [
+            {
+              "baseImage": "sshd",
+              "bro_dns_answers": [],
+              "bro_file_bytes": {},
+              "bro_file_connUids": [],
+              "bro_flow_service": [],
+              "bro_ftp_pendingCommands": [],
+              "bro_http_cookieVars": [],
+              "bro_http_origFuids": [],
+              "bro_http_origMimeTypes": [],
+              "bro_http_request_headers": {},
+              "bro_http_request_proxied": [],
+              "bro_http_response_headers": {},
+              "bro_http_response_respFuids": [],
+              "bro_http_response_respMimeTypes": [],
+              "bro_http_tags": [],
+              "bro_http_uriVars": [],
+              "bro_kerberos_clientCert": {},
+              "bro_kerberos_serverCert": {},
+              "bro_sip_headers": {},
+              "bro_sip_requestPath": [],
+              "bro_sip_responsePath": [],
+              "bro_ssl_certChainFuids": [],
+              "bro_ssl_clientCertChainFuids": [],
+              "cseSignal": {},
+              "day": 30,
+              "device_hostname": "sumologic1",
+              "device_hostname_raw": "sumologic1",
+              "dstDevice_hostname": "sumologic1",
+              "dstDevice_hostname_raw": "sumologic1",
+              "fieldTags": {},
+              "fields": {
+                "event_id": "sshd-failed-invalid-password",
+                "source_ip": "90.8.160.132",
+                "source_port": "53371",
+                "ssh_version": "ssh2",
+                "syslog_hostname": "sumologic1",
+                "syslog_message": "Failed password for root from 90.8.160.132 port 53371 ssh2",
+                "syslog_process": "sshd",
+                "syslog_process_id": "35224",
+                "syslog_timestamp": "Jul 30 13:17:19",
+                "user": "root"
+              },
+              "friendlyName": "record",
+              "hour": 13,
+              "http_requestHeaders": {},
+              "listMatches": [],
+              "matchedItems": [],
+              "metadata_deviceEventId": "sshd-failed-invalid-password",
+              "metadata_mapperName": "Linux OS Syslog - Process sshd - SSH Auth Failure Invalid Password",
+              "metadata_mapperUid": "05445189-0e1e-425a-8f2b-5d1f41e9546e",
+              "metadata_orgId": "0000000000BD6D7C",
+              "metadata_parseTime": 1722370665323,
+              "metadata_parser": "/Parsers/System/Linux/Linux OS Syslog",
+              "metadata_product": "Linux OS Syslog",
+              "metadata_productGuid": "0e20c932-d992-4bd4-b276-c15119ca5c0b",
+              "metadata_receiptTime": 1722370640,
+              "metadata_schemaVersion": 3,
+              "metadata_sensorId": "0000000000BD6D7C",
+              "metadata_sensorInformation": {},
+              "metadata_sensorZone": "default",
+              "metadata_sourceBlockId": "2295449033841068855",
+              "metadata_sourceCategory": "linux/system",
+              "metadata_sourceMessageId": "-7272543713819412727",
+              "metadata_vendor": "Linux",
+              "month": 7,
+              "normalizedAction": "logon",
+              "objectClassification": "Authentication",
+              "objectType": "Authentication",
+              "pid": 35224,
+              "srcDevice_ip": "90.8.160.132",
+              "srcDevice_ip_ipv4IntValue": 158113924,
+              "srcDevice_ip_isInternal": false,
+              "srcDevice_ip_version": 4,
+              "srcPort": 53371,
+              "success": false,
+              "timestamp": 1722345439000,
+              "uid": "aac19471-8442-5536-9742-bcc5aacc1e80",
+              "user_username": "root",
+              "user_username_raw": "root",
+              "year": 2024
+            }
+          ],
+          "artifacts": [],
+          "contentType": "RULE",
+          "created": "2024-07-30T13:17:19",
+          "description": "Detects multiple failed login attempts for the same username over a 24 hour timeframe. This is designed to catch both slow and quick brute force type attacks. The threshold and time frame can be adjusted based on the customer\u0027s environment.",
+          "entity": {
+            "entityType": "_username",
+            "hostname": null,
+            "id": "_username-root",
+            "macAddress": null,
+            "name": "root",
+            "sensorZone": "",
+            "value": "root"
+          },
+          "id": "f16f0e84-66c4-50c7-a0b2-b02b5cbdd543",
+          "name": "Brute Force Attempt",
+          "recordCount": 1,
+          "recordSearchDetails": {
+            "query": "_index=sec_record_* | json field=_raw \"resultType\" as _unpacked__raw_resultType nodrop\n| where (if (isNull(objectType), false, objectType == \"Authentication\") and if (isNull(normalizedAction), false, normalizedAction == \"logon\") and if (isNull(success), false, !(success)) and !(if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == \"Security-4776\") and !isBlank(listMatches) AND jsonArrayContains(listMatches, \"domain_controllers\")) and !(if (isNull(metadata_vendor), false, metadata_vendor == \"Microsoft\") and if (isNull(metadata_product), false, metadata_product == \"Azure\") and if (isNull(_unpacked__raw_resultType), false, _unpacked__raw_resultType == \"700082\")) and !(metadata_vendor in (\"Microsoft\", \"Intersect Alliance\") and metadata_product in (\"Windows\", \"Snare Enterprise Agent for Windows\") and user_username matches /^[\\s\\S]*\\$[\\s\\S]*$/) and !(!isBlank(listMatches) AND jsonArrayContains(listMatches, \"vuln_scanners\")) and if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == \"sshd-failed-invalid-password\") and if (isNull(metadata_product), false, metadata_product == \"Linux OS Syslog\") and if (isNull(metadata_vendor), false, metadata_vendor == \"Linux\") and if (isNull(user_username), false, user_username == \"root\"))",
+            "queryEndTime": "2024-07-30T14:24:00",
+            "queryStartTime": "2024-07-29T14:24:00"
+          },
+          "recordTypes": [],
+          "ruleId": "THRESHOLD-S00096",
+          "severity": 4,
+          "stage": "Initial Access",
+          "tags": [
+            "_mitreAttackTactic:TA0006",
+            "_mitreAttackTechnique:T1078",
+            "_mitreAttackTactic:TA0001",
+            "_mitreAttackTechnique:T1110.001",
+            "_mitreAttackTechnique:T1110.002",
+            "_mitreAttackTactic:TA0008",
+            "_mitreAttackTechnique:T1110",
+            "_mitreAttackTechnique:T1586"
+          ],
+          "timestamp": "2024-07-30T13:17:19"
+        }
+      ],
+      "source": "ALGORITHM",
+      "status": {
+        "displayName": "New",
+        "name": "new"
+      },
+      "subResolution": null,
+      "tags": [
+        "_mitreAttackTactic:TA0001",
+        "_mitreAttackTactic:TA0006",
+        "_mitreAttackTactic:TA0008",
+        "_mitreAttackTechnique:T1078",
+        "_mitreAttackTechnique:T1110",
+        "_mitreAttackTechnique:T1110.001",
+        "_mitreAttackTechnique:T1110.002",
+        "_mitreAttackTechnique:T1586"
+      ],
+      "teamAssignedTo": null,
+      "timeToDetection": 25238.153553,
+      "timeToRemediation": null,
+      "timeToResponse": null,
+      "timestamp": "2024-07-30T13:17:19"
+    },
+    "errors": []
+  },
+  "inputs": {
+    "sumo_logic_insight_id": "f741314d-34b6-3417-9c0a-426d547e345a"
+  },
+  "metrics": {
+    "execution_time_ms": 7981,
+    "host": "my.app.host",
+    "package": "fn-sumo-logic",
+    "package_version": "1.0.0",
+    "timestamp": "2024-07-31 12:25:37",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sumo_logic_insight_id = incident.properties.sumo_logic_insight_id
+
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+# Map Sumo Logic resolution values SOAR resolution id values.
+#    Duplicate — The insight has triggered before on the same entity and is a duplicate.
+#    False Positive—An insight triggered and it is legitimate activity.
+#    No Action—An insight triggered and it might not be an incident but is also not a false positive.
+#    Resolved — An incident occurred and was resolved.
+
+MAPPING_RESOLUTION = {
+  "Duplicate" : "Duplicate",
+  "False Positive": "Resolved",
+  "No Action": "Resolved",
+  "Resolved" : "Resolved"
+}
+
+# Map Sumo Logic subResolution values to SOAR resolution id values.
+MAPPING_SUB_RESOLUTION_ON_CLOSE = {
+  "None": "Resolved",
+  "False positive": "Not an Issue",
+  "True positive": "Resolved"
+}
+results = playbook.functions.results.get_insight_by_id_results
+
+if not results.success:
+    incident.addNote("<b>Sumo Logic: Update Case on Creation:</b> Unable to get case data to update custom fields.")
+else:
+    content = results.get("content", {})
+    if content:
+        data = content.get("data", None)
+        tags = data.get("tags", None)
+        incident.properties.sumo_logic_insight_tags = ", ".join(tags) if isinstance(tags, list) else None
+        entity_url = content.get("entity_url", None)
+        if entity_url:
+            incident.properties.sumo_logic_insight_link = "<a target='_blank' href='{0}'>Insight</a>".format(entity_url)
+        confidence = data.get("confidence", None)
+        incident.properties.sumo_logic_insight_global_confidence = int(confidence * 100) if confidence and (confidence <= 1) else None
+        incident.properties.sumo_logic_insight_readable_id = data.get("readableId", None)
+        incident.properties.sumo_logic_insight_source = data.get("source", None)
+        incident.properties.sumo_logic_insight_resolution = data.get("resolution", None)
+        incident.properties.sumo_logic_insight_sub_resolution = data.get("subResolution", None)
+        assignee = data.get("assignee", None)
+        if assignee:
+            display_name = assignee.get("displayName", "")
+            username     = assignee.get("username", "")
+            incident.properties.sumo_logic_insight_assignee = f"{display_name} ({username})"
+        status = data.get("status", None)
+        if status:
+          incident.properties.sumo_logic_insight_status = status.get("displayName")
+
+        incident.addNote(f"<b>Sumo Logic: Update Case on Creation:</b> Write Alert Custom Fields complete.")
+        if incident.properties.sumo_logic_insight_status.lower() == "closed":
+            incident.plan_status = "C"
+            incident.resolution_id = MAPPING_RESOLUTION.get(incident.properties.sumo_logic_insight_resolution, "Resolved")
+            incident.resolution_summary = "Case {0} Closed in SOAR".format(incident.id)
+    else: 
+        incident.addNote("<b>Sumo Logic: Update Case on Creation:</b> Write Insight Custom Fields did NOT complete.")
+```
+
+</p>
+</details>
+
+---
+## Function - Sumo Logic: Get Insights Comments
+Get comments from a Sumo Logic insight and add any new ones as notes to the corresponding SOAR case.
+
+ ![screenshot: fn-sumo-logic-get-insights-comments ](./doc/screenshots/fn-sumo-logic-get-insights-comments.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sumo_logic_incident_id` | `number` | Yes | `-` | - |
+| `sumo_logic_insight_id` | `text` | Yes | `-` | - |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "count": 1
+  },
+  "inputs": {
+    "sumo_logic_incident_id": 2167,
+    "sumo_logic_insight_id": "2a8419c4-b84b-3b6c-8447-af4ccbfba9c6"
+  },
+  "metrics": {
+    "execution_time_ms": 6625,
+    "host": "my.app.host",
+    "package": "fn-sumo-logic",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-01 14:26:04",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sumo_logic_incident_id = incident.id
+inputs.sumo_logic_insight_id = incident.properties.sumo_logic_insight_id
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+results = playbook.functions.results.get_insights_comments_results
+
+if results.get("success"):
+  content = results.get("content")
+  if content:
+    note_text = "<b>Sumo Logic: Update Case on Creation - Get Insight Comments</b> function added {0} note(s) in SOAR.".format(content.get("count"))
+  else:
+    note_text = "<b>Sumo Logic: Update Case on Creation - Get Insight Comments</b> function failed to get notes from Sumo Logic."
+else:
+  note_text = "<b>Sumo Logic: Update Case on Creation - Get Insight Comments</b> function failed to get notes from Sumo Logic."
+  
+incident.addNote(note_text)
+```
+
+</p>
+</details>
+
+---
+## Function - Sumo Logic: Get Signal by ID
+Get the details of a Sumo Logic signal given the signal ID.
+
+ ![screenshot: fn-sumo-logic-get-signal-by-id ](./doc/screenshots/fn-sumo-logic-get-signal-by-id.png)
+
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sumo_logic_signal_id` | `text` | Yes | `-` | - |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "data": {
+      "allRecords": [
+        {
+          "action": "login",
+          "baseImage": "/usr/sbin/sshd",
+          "bro_dns_answers": [],
+          "bro_file_bytes": {},
+          "bro_file_connUids": [],
+          "bro_flow_service": [],
+          "bro_ftp_pendingCommands": [],
+          "bro_http_cookieVars": [],
+          "bro_http_origFuids": [],
+          "bro_http_origMimeTypes": [],
+          "bro_http_request_headers": {},
+          "bro_http_request_proxied": [],
+          "bro_http_response_headers": {},
+          "bro_http_response_respFuids": [],
+          "bro_http_response_respMimeTypes": [],
+          "bro_http_tags": [],
+          "bro_http_uriVars": [],
+          "bro_kerberos_clientCert": {},
+          "bro_kerberos_serverCert": {},
+          "bro_sip_headers": {},
+          "bro_sip_requestPath": [],
+          "bro_sip_responsePath": [],
+          "bro_ssl_certChainFuids": [],
+          "bro_ssl_clientCertChainFuids": [],
+          "cseSignal": {},
+          "day": 8,
+          "fieldTags": {},
+          "fields": {
+            "AUID": "unset",
+            "UID": "root",
+            "acct": "(unknown)",
+            "addr": "9.30.223.75",
+            "auid": "4294967295",
+            "event_id": "USER_LOGIN",
+            "exe": "/usr/sbin/sshd",
+            "msg": "audit(1723134275.877:33373):",
+            "op": "login",
+            "pid": "61267",
+            "res": "failed",
+            "ses": "4294967295",
+            "subj": "kernel",
+            "syslog_message": "type=USER_LOGIN msg=audit(1723134275.877:33373): pid=61267 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg=\u0027op=login acct=\"(unknown)\" exe=\"/usr/sbin/sshd\" hostname=? addr=9.30.223.75 terminal=ssh res=failed\u0027\u001dUID=\"root\" AUID=\"unset\"",
+            "syslog_process": "systemdjournal",
+            "syslog_timestamp": "1723134275.877",
+            "terminal": "ssh",
+            "type": "USER_LOGIN",
+            "uid": "0"
+          },
+          "friendlyName": "record",
+          "hour": 16,
+          "http_requestHeaders": {},
+          "listMatches": [],
+          "matchedItems": [],
+          "metadata_deviceEventId": "USER_LOGIN",
+          "metadata_mapperName": "Linux OS Systemd Journal - Login Events",
+          "metadata_mapperUid": "0e5cbfbb-91ac-4658-918c-709c76d53f1e",
+          "metadata_orgId": "0000000000BD6D7C",
+          "metadata_parseTime": 1723134354974,
+          "metadata_parser": "/Parsers/System/Linux/Linux OS Syslog",
+          "metadata_product": "Systemd Journal",
+          "metadata_productGuid": "5be5af82-c248-4c4c-a485-0571025f242c",
+          "metadata_receiptTime": 1723134278,
+          "metadata_schemaVersion": 3,
+          "metadata_sensorId": "0000000000BD6D7C",
+          "metadata_sensorInformation": {},
+          "metadata_sensorZone": "default",
+          "metadata_sourceBlockId": "1864672286443784304",
+          "metadata_sourceCategory": "linux/system",
+          "metadata_sourceMessageId": "-6870926605261705032",
+          "metadata_vendor": "Linux",
+          "month": 8,
+          "normalizedAction": "logon",
+          "objectClassification": "Authentication",
+          "objectType": "Authentication",
+          "pid": 61267,
+          "srcDevice_ip": "9.30.223.75",
+          "srcDevice_ip_ipv4IntValue": 153018187,
+          "srcDevice_ip_isInternal": false,
+          "srcDevice_ip_version": 4,
+          "success": false,
+          "targetUser_username": "0",
+          "targetUser_username_raw": "0",
+          "timestamp": 1723134275877,
+          "uid": "6c825674-ab7b-5cf1-9250-ba35c9746835",
+          "user_username": "(unknown)",
+          "user_username_raw": "(unknown)",
+          "year": 2024
+        }
+      ],
+      "artifacts": [],
+      "contentType": "RULE",
+      "created": "2024-08-08T16:25:58.534000",
+      "description": "Detects multiple failed login attempts for the same username over a 24 hour timeframe. This is designed to catch both slow and quick brute force type attacks. The threshold and time frame can be adjusted based on the customer\u0027s environment.",
+      "entity": {
+        "entityType": "_username",
+        "hostname": null,
+        "id": "_username-(unknown)",
+        "macAddress": null,
+        "name": "(unknown)",
+        "sensorZone": "",
+        "value": "(unknown)"
+      },
+      "id": "328c96b1-02a1-5c01-af94-364a90b9c0d6",
+      "involvedEntities": [
+        {
+          "entityType": "_ip",
+          "hostname": null,
+          "id": "_ip-9.30.223.75",
+          "macAddress": null,
+          "name": "9.30.223.75",
+          "sensorZone": "",
+          "value": "9.30.223.75"
+        },
+        {
+          "entityType": "_ip",
+          "hostname": null,
+          "id": "_ip-9.30.48.247",
+          "macAddress": null,
+          "name": "9.30.48.247",
+          "sensorZone": "",
+          "value": "9.30.48.247"
+        },
+        {
+          "entityType": "_process",
+          "hostname": null,
+          "id": "_process-/usr/sbin/sshd",
+          "macAddress": null,
+          "name": "/usr/sbin/sshd",
+          "sensorZone": "",
+          "value": "/usr/sbin/sshd"
+        },
+        {
+          "entityType": "_username",
+          "hostname": null,
+          "id": "_username-0",
+          "macAddress": null,
+          "name": "0",
+          "sensorZone": "",
+          "value": "0"
+        },
+        {
+          "entityType": "_username",
+          "hostname": null,
+          "id": "_username-(unknown)",
+          "macAddress": null,
+          "name": "(unknown)",
+          "sensorZone": "",
+          "value": "(unknown)"
+        }
+      ],
+      "name": "Brute Force Attempt",
+      "recordCount": 1,
+      "recordSearchDetails": {
+        "query": "_index=sec_record_* | json field=_raw \"resultType\" as _unpacked__raw_resultType nodrop\n| where (if (isNull(objectType), false, objectType == \"Authentication\") and if (isNull(normalizedAction), false, normalizedAction == \"logon\") and if (isNull(success), false, !(success)) and !(if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == \"Security-4776\") and !isBlank(listMatches) AND jsonArrayContains(listMatches, \"domain_controllers\")) and !(if (isNull(metadata_vendor), false, metadata_vendor == \"Microsoft\") and if (isNull(metadata_product), false, metadata_product == \"Azure\") and if (isNull(_unpacked__raw_resultType), false, _unpacked__raw_resultType == \"700082\")) and !(metadata_vendor in (\"Microsoft\", \"Intersect Alliance\") and metadata_product in (\"Windows\", \"Snare Enterprise Agent for Windows\") and user_username matches /^[\\s\\S]*\\$[\\s\\S]*$/) and !(!isBlank(listMatches) AND jsonArrayContains(listMatches, \"vuln_scanners\")) and if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == \"USER_LOGIN\") and if (isNull(metadata_product), false, metadata_product == \"Systemd Journal\") and if (isNull(metadata_vendor), false, metadata_vendor == \"Linux\") and if (isNull(user_username), false, user_username == \"(unknown)\"))",
+        "queryEndTime": "2024-08-08T19:12:00",
+        "queryStartTime": "2024-08-07T19:12:00"
+      },
+      "recordTypes": [],
+      "ruleId": "THRESHOLD-S00096",
+      "severity": 4,
+      "stage": "Initial Access",
+      "summary": "Multiple failed login attempts for user: (unknown)",
+      "suppressed": false,
+      "tags": [
+        "_mitreAttackTactic:TA0006",
+        "_mitreAttackTechnique:T1078",
+        "_mitreAttackTactic:TA0001",
+        "_mitreAttackTechnique:T1110.001",
+        "_mitreAttackTechnique:T1110.002",
+        "_mitreAttackTactic:TA0008",
+        "_mitreAttackTechnique:T1110",
+        "_mitreAttackTechnique:T1586"
+      ],
+      "threatIntelIndicatorIds": [],
+      "timestamp": "2024-08-08T16:24:35.877000"
+    },
+    "errors": []
+  },
+  "inputs": {
+    "sumo_logic_signal_id": "328c96b1-02a1-5c01-af94-364a90b9c0d6"
+  },
+  "metrics": {
+    "execution_time_ms": 19139,
+    "host": "my.app.host",
+    "package": "fn-sumo-logic",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-09 14:56:09",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sumo_logic_signal_id = row.sumo_logic_signal_id
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+results = playbook.functions.results.get_signal_by_id_results
+inputs = results.get("inputs", None)
+signal_id = inputs.get("sumo_logic_signal_id", None)
+  
+header = u"<b>Sumo Logic: Get Signal by ID:</b> {0}".format(signal_id)
+
+json_note = {
+              "version": "1.3",
+              "header": header, 
+              "json": results.content,
+              "sort": False
+            }
+playbook.addProperty('convert_json_to_rich_text', json_note)
+```
+
+</p>
+</details>
+
+---
+## Function - Sumo Logic: Update Insight Status
+Update the status of an insight in Sumo Logic.  If the status is set to closed, set the resolution reason.
+
+ ![screenshot: fn-sumo-logic-update-insight-status ](./doc/screenshots/fn-sumo-logic-update-insight-status.png)
+
+Dialog box to set an Insight's status through a manual playbook:
+
+ ![screenshot: fn-sumo-logic-update-insight-status ](./doc/screenshots/fn-sumo-logic-update-insight-status-2.png)
+<details><summary>Inputs:</summary>
+<p>
+
+| Name | Type | Required | Example | Tooltip |
+| ---- | :--: | :------: | ------- | ------- |
+| `sumo_logic_insight_id` | `text` | Yes | `-` | - |
+| `sumo_logic_insight_resolution` | `text` | No | `-` | - |
+| `sumo_logic_insight_status` | `select` | Yes | `-` | - |
+
+</p>
+</details>
+
+<details><summary>Outputs:</summary>
+<p>
+
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
+```python
+results = {
+  "content": {
+    "data": {
+      "artifacts": [],
+      "assignedTo": null,
+      "assignee": null,
+      "closed": null,
+      "closedBy": null,
+      "confidence": 0.85,
+      "created": "2024-07-30T20:17:57.153553",
+      "description": "Initial Access",
+      "entity": {
+        "entityType": "_username",
+        "hostname": null,
+        "id": "_username-root",
+        "macAddress": null,
+        "name": "root",
+        "sensorZone": "",
+        "value": "root"
+      },
+      "id": "f741314d-34b6-3417-9c0a-426d547e345a",
+      "involvedEntities": [
+        {
+          "entityType": "_process",
+          "hostname": null,
+          "id": "_process-sshd",
+          "macAddress": null,
+          "name": "sshd",
+          "sensorZone": null,
+          "value": "sshd"
+        },
+        {
+          "entityType": "_username",
+          "hostname": null,
+          "id": "_username-root",
+          "macAddress": null,
+          "name": "root",
+          "sensorZone": null,
+          "value": "root"
+        },
+        {
+          "entityType": "_ip",
+          "hostname": null,
+          "id": "_ip-9.108.160.132",
+          "macAddress": null,
+          "name": "9.108.160.132",
+          "sensorZone": null,
+          "value": "9.108.160.132"
+        },
+        {
+          "entityType": "_hostname",
+          "hostname": "sumologic1",
+          "id": "_hostname-sumologic1",
+          "macAddress": null,
+          "name": "sumologic1",
+          "sensorZone": null,
+          "value": "sumologic1"
+        }
+      ],
+      "lastUpdated": "2024-08-02T20:50:41.638872",
+      "lastUpdatedBy": null,
+      "name": "Initial Access",
+      "orgId": "0000000000BD6D7C",
+      "readableId": "INSIGHT-2",
+      "resolution": null,
+      "severity": "MEDIUM",
+      "signals": [
+        {
+          "allRecords": [
+            {
+              "baseImage": "sshd",
+              "bro_dns_answers": [],
+              "bro_file_bytes": {},
+              "bro_file_connUids": [],
+              "bro_flow_service": [],
+              "bro_ftp_pendingCommands": [],
+              "bro_http_cookieVars": [],
+              "bro_http_origFuids": [],
+              "bro_http_origMimeTypes": [],
+              "bro_http_request_headers": {},
+              "bro_http_request_proxied": [],
+              "bro_http_response_headers": {},
+              "bro_http_response_respFuids": [],
+              "bro_http_response_respMimeTypes": [],
+              "bro_http_tags": [],
+              "bro_http_uriVars": [],
+              "bro_kerberos_clientCert": {},
+              "bro_kerberos_serverCert": {},
+              "bro_sip_headers": {},
+              "bro_sip_requestPath": [],
+              "bro_sip_responsePath": [],
+              "bro_ssl_certChainFuids": [],
+              "bro_ssl_clientCertChainFuids": [],
+              "cseSignal": {},
+              "day": 30,
+              "device_hostname": "sumologic1",
+              "device_hostname_raw": "sumologic1",
+              "dstDevice_hostname": "sumologic1",
+              "dstDevice_hostname_raw": "sumologic1",
+              "fieldTags": {},
+              "fields": {
+                "event_id": "sshd-failed-invalid-password",
+                "source_ip": "9.108.160.132",
+                "source_port": "53371",
+                "ssh_version": "ssh2",
+                "syslog_hostname": "sumologic1",
+                "syslog_message": "Failed password for root from 9.108.160.132 port 53371 ssh2",
+                "syslog_process": "sshd",
+                "syslog_process_id": "35224",
+                "syslog_timestamp": "Jul 30 13:17:19",
+                "user": "root"
+              },
+              "friendlyName": "record",
+              "hour": 13,
+              "http_requestHeaders": {},
+              "listMatches": [],
+              "matchedItems": [],
+              "metadata_deviceEventId": "sshd-failed-invalid-password",
+              "metadata_mapperName": "Linux OS Syslog - Process sshd - SSH Auth Failure Invalid Password",
+              "metadata_mapperUid": "05445189-0e1e-425a-8f2b-5d1f41e9546e",
+              "metadata_orgId": "0000000000BD6D7C",
+              "metadata_parseTime": 1722370665323,
+              "metadata_parser": "/Parsers/System/Linux/Linux OS Syslog",
+              "metadata_product": "Linux OS Syslog",
+              "metadata_productGuid": "0e20c932-d992-4bd4-b276-c15119ca5c0b",
+              "metadata_receiptTime": 1722370640,
+              "metadata_schemaVersion": 3,
+              "metadata_sensorId": "0000000000BD6D7C",
+              "metadata_sensorInformation": {},
+              "metadata_sensorZone": "default",
+              "metadata_sourceBlockId": "2295449033841068855",
+              "metadata_sourceCategory": "linux/system",
+              "metadata_sourceMessageId": "-7272543713819412727",
+              "metadata_vendor": "Linux",
+              "month": 7,
+              "normalizedAction": "logon",
+              "objectClassification": "Authentication",
+              "objectType": "Authentication",
+              "pid": 35224,
+              "srcDevice_ip": "9.108.160.132",
+              "srcDevice_ip_ipv4IntValue": 158113924,
+              "srcDevice_ip_isInternal": false,
+              "srcDevice_ip_version": 4,
+              "srcPort": 53371,
+              "success": false,
+              "timestamp": 1722345439000,
+              "uid": "aac19471-8442-5536-9742-bcc5aacc1e80",
+              "user_username": "root",
+              "user_username_raw": "root",
+              "year": 2024
+            }
+          ],
+          "artifacts": [],
+          "contentType": "RULE",
+          "created": "2024-07-30T13:17:19",
+          "description": "Detects multiple failed login attempts for the same username over a 24 hour timeframe. This is designed to catch both slow and quick brute force type attacks. The threshold and time frame can be adjusted based on the customer\u0027s environment.",
+          "entity": {
+            "entityType": "_username",
+            "hostname": null,
+            "id": "_username-root",
+            "macAddress": null,
+            "name": "root",
+            "sensorZone": "",
+            "value": "root"
+          },
+          "id": "f16f0e84-66c4-50c7-a0b2-b02b5cbdd543",
+          "name": "Brute Force Attempt",
+          "recordCount": 1,
+          "recordSearchDetails": {
+            "query": "_index=sec_record_* | json field=_raw \"resultType\" as _unpacked__raw_resultType nodrop\n| where (if (isNull(objectType), false, objectType == \"Authentication\") and if (isNull(normalizedAction), false, normalizedAction == \"logon\") and if (isNull(success), false, !(success)) and !(if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == \"Security-4776\") and !isBlank(listMatches) AND jsonArrayContains(listMatches, \"domain_controllers\")) and !(if (isNull(metadata_vendor), false, metadata_vendor == \"Microsoft\") and if (isNull(metadata_product), false, metadata_product == \"Azure\") and if (isNull(_unpacked__raw_resultType), false, _unpacked__raw_resultType == \"700082\")) and !(metadata_vendor in (\"Microsoft\", \"Intersect Alliance\") and metadata_product in (\"Windows\", \"Snare Enterprise Agent for Windows\") and user_username matches /^[\\s\\S]*\\$[\\s\\S]*$/) and !(!isBlank(listMatches) AND jsonArrayContains(listMatches, \"vuln_scanners\")) and if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == \"sshd-failed-invalid-password\") and if (isNull(metadata_product), false, metadata_product == \"Linux OS Syslog\") and if (isNull(metadata_vendor), false, metadata_vendor == \"Linux\") and if (isNull(user_username), false, user_username == \"root\"))",
+            "queryEndTime": "2024-07-30T14:24:00",
+            "queryStartTime": "2024-07-29T14:24:00"
+          },
+          "recordTypes": [],
+          "ruleId": "THRESHOLD-S00096",
+          "severity": 4,
+          "stage": "Initial Access",
+          "tags": [
+            "_mitreAttackTactic:TA0006",
+            "_mitreAttackTechnique:T1078",
+            "_mitreAttackTactic:TA0001",
+            "_mitreAttackTechnique:T1110.001",
+            "_mitreAttackTechnique:T1110.002",
+            "_mitreAttackTactic:TA0008",
+            "_mitreAttackTechnique:T1110",
+            "_mitreAttackTechnique:T1586"
+          ],
+          "timestamp": "2024-07-30T13:17:19"
+        }
+      ],
+      "source": "ALGORITHM",
+      "status": {
+        "displayName": "New",
+        "name": "new"
+      },
+      "subResolution": null,
+      "tags": [
+        "AnnMarie-2",
+        "AnnMarie tag",
+        "_mitreAttackTactic:TA0001",
+        "_mitreAttackTactic:TA0006",
+        "_mitreAttackTactic:TA0008",
+        "_mitreAttackTechnique:T1078",
+        "_mitreAttackTechnique:T1110",
+        "_mitreAttackTechnique:T1110.001",
+        "_mitreAttackTechnique:T1110.002",
+        "_mitreAttackTechnique:T1586"
+      ],
+      "teamAssignedTo": null,
+      "timeToDetection": 25238.153553,
+      "timeToRemediation": null,
+      "timeToResponse": 147653.411281,
+      "timestamp": "2024-07-30T13:17:19"
+    },
+    "errors": []
+  },
+  "inputs": {
+    "sumo_logic_insight_id": "f741314d-34b6-3417-9c0a-426d547e345a",
+    "sumo_logic_insight_resolution": null,
+    "sumo_logic_insight_status": "New"
+  },
+  "metrics": {
+    "execution_time_ms": 64088,
+    "host": "my.app.host",
+    "package": "fn-sumo-logic",
+    "package_version": "1.0.0",
+    "timestamp": "2024-08-02 16:51:21",
+    "version": "1.0"
+  },
+  "raw": null,
+  "reason": null,
+  "success": true,
+  "version": 2.0
+}
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Input Script:</summary>
+<p>
+
+```python
+inputs.sumo_logic_insight_id = incident.properties.sumo_logic_insight_id
+inputs.sumo_logic_insight_status = playbook.inputs.sumo_logic_insight_status
+inputs.sumo_logic_insight_resolution = playbook.inputs.sumo_logic_insight_resolution
+
+if inputs.sumo_logic_insight_status == "Closed" and not playbook.inputs.sumo_logic_insight_resolution:
+  helper.fail("Resolution musted be specified if status is Closed.")
+```
+
+</p>
+</details>
+
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+
+```python
+results = playbook.functions.results.update_insight_status_results
+
+if results.get("success"):
+    note_text = f"<b>Sumo Logic: Update Insight Status: </b> set:<br>"
+    if playbook.inputs.sumo_logic_insight_status:
+        incident.properties.sumo_logic_insight_status = playbook.inputs.sumo_logic_insight_status
+        note_text = f"{note_text}<br>   Status:  {playbook.inputs.sumo_logic_insight_status}"
+    if playbook.inputs.sumo_logic_insight_resolution and playbook.inputs.sumo_logic_insight_status == 'Closed':
+        incident.properties.sumo_logic_insight_resolution = playbook.inputs.sumo_logic_insight_resolution
+        note_text = f"{note_text}<br>   Resolution: {playbook.inputs.sumo_logic_insight_resolution}"
+    # Uncomment if sub_resolution is implemented.
+    #if playbook.inputs.sumo_logic_insight_sub_resolution and playbook.inputs.sumo_logic_insight_status == 'Closed':
+    #    incident.properties.sumo_logic_insight_sub_resolution = playbook.inputs.sumo_logic_insight_sub_resolution
+    #    note_text = f"{note_text}<br>   Sub Resolution: {playbook.inputs.sumo_logic_insight_sub_resolution"
+else:
+    reason = results.get("reason")
+    note_text = f"<b>Sumo Logic: Update Insight Status: </b> failed to update status to <b>{playbook.inputs.sumo_logic_insight_status}</b>:<br>  {reason}"
+  
+incident.addNote(note_text)
+```
+
+</p>
+</details>
+
+---
+
+## Script - Convert JSON to rich text v1.3
+This script converts a json object into a hierarchical display of rich text and adds the rich text to an incident's rich text (custom) field or an incident note. A workflow property is used to share the json to convert and identify parameters used on how to perform the conversion.
+Typically, a function will create workflow property and this script will run after that function to perform the conversion.
+
+Features:
+
+* Display the hierarchical nature of json, presenting the json keys (sorted if specified) as bold labels
+* Provide links to found URLs
+* Create either an incident note or add results to an incident (custom) rich text field.
+
+**Object:** incident
+
+<details><summary>Script Text:</summary>
+<p>
+
+```python
+# (c) Copyright IBM Corp. 2010, 2023. All Rights Reserved.
+VERSION = 1.3
+"""
+  This script converts a json object into a hierarchical display of rich text and adds the rich text to an incident's rich text (custom) field or an incident note.
+  A workflow property is used to define the json to convert and identify parameters used on how to perform the conversion.
+  Typically, a function will create workflow property and this script will run after that function to perform the conversion.
+  Features:
+    * Display the hierarchical nature of json, presenting the json keys as bold labels
+    * Provide links to found URLs
+    * Create either an incident note or add results to an incident (custom) rich text field.
+  
+  In order to use this script, define a workflow property called: convert_json_to_rich_text, to define the json and parameters to use for the conversion.
+  Workflow properties can be added using a command similar to this:
+  workflow.addProperty('convert_json_to_rich_text', {
+    "version": 1.3,
+    "header": "Artifact scan results for: {}".format(artifact.value),
+    "padding": 10,
+    "separator": u"<br />",
+    "sort": True,
+    "json": results.content,
+    "json_omit_list": ["omit"],
+    "incident_field": None
+  })
+  
+  Format of workflow.property.convert_json_to_rich_text:
+  { 
+    "version": 1.3, [this is for future compatibility]
+    "header": str, [header line to add to converted json produced or None. Ex: Results from scanning artifact: xxx. The header may contain rich text tags]
+    "padding": 10, [padding for nested json elements, or defaults to 10]
+    "separator": u"<br />"|list such as ['<span>','</span>'], [html separator between json keys and lists or defaults to html break: '<br />'. 
+                                                If a list, then the data is brackets by the pair specified]
+    "sort": True|False, [sort the json keys at each level when displayed]
+    "json": json, [required json to convert]
+    "json_omit_list": [list of json keys to exclude or None]
+    "incident_field": "<incident_field>" [indicates a builtin rich text incident field, such as 'description' 
+                                          or a custom rich text field in the format: 'properties.<field>'. default: create an incident note]
+  }
+
+  For playbooks, use playbook.addProperty() with the same format as workflow.addProperty()
+
+  Playbooks can also use playbook.functions.results.convert_json_to_rich_text using the standard function output which contains the 'content' json element.
+  When using playbook.functions.results.convert_json_to_rich_text with standard function results, all the defaults for padding, separator, etc. are used.
+"""
+
+import re
+
+# needed for python 3
+try:
+    unicode("abc") # fails in py3
+    py2 = True
+except:
+    unicode = str
+    py2 = False
+
+
+rc = re.compile(r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#\?]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+')
+
+class ConvertJson:
+    """Class to hold the conversion parameters and perform the conversion"""
+
+    def __init__(self, omit_keys=[], padding=10, separator=u"<br />", sort_keys=False):
+        self.omit_keys = omit_keys
+        self.padding = padding
+        self.separator = separator
+        self.sort_keys = sort_keys
+
+
+    def format_link(self, item):
+        """[summary]
+          Find embedded urls (http(s)) and add html anchor tags to display as links
+          Args:
+              item ([string])
+
+          Returns:
+              [str]: None|original text if no links|text with html links
+        """
+        formatted_item = item
+        if py2:
+            num_type = bool(item and isinstance(item, (int, long, bool, float)))
+        else:
+            num_type = bool(item and isinstance(item, (int, bool, float)))
+
+        if item and not num_type:
+            list = rc.findall(item)
+            if list:
+                for link in list:
+                    formatted_item = formatted_item.replace(link, u"<a target='blank' href='{0}'>{0}</a>".format(link))
+
+        return formatted_item
+
+    def expand_list(self, list_value, is_list=False):
+        """[summary]
+          convert items to html, adding indents to nested dictionaries.
+          Args:
+              list_value ([dict|list]): json element
+
+          Returns:
+              [str]: html converted code
+        """
+        if not isinstance(list_value, list):
+            return self.format_link(list_value)
+        elif not list_value:
+            return u"None<br>"
+
+        try:
+            items_list = []  # this will ensure list starts on second line of key label
+            for item in list_value:
+                if isinstance(item, dict):
+                    result = self.convert_json_to_rich_text(item)
+                    if is_list:
+                        items_list.append(u"<li>{}</li>".format(result))
+                    else:
+                        items_list.append(result)
+                elif isinstance(item, list):
+                    items_list.append(self.expand_list(item, is_list=True))
+                elif is_list:
+                    items_list.append(u"<li>{}</li>".format(self.format_link(unicode(item))))
+                else:
+                    items_list.append(self.format_link(unicode(item)))
+
+            expand_list_result = self.add_separator(self.separator if not is_list else u"",
+                                                    items_list,
+                                                    is_list=is_list)
+
+            if is_list:
+                return u"<ul>{}</ul>".format(expand_list_result)
+            else:
+                return u"<div style='padding:5px'>{}</div>".format(expand_list_result)
+        except Exception as err:
+            return str(err)
+
+    def convert_json_to_rich_text(self, sub_dict):
+        """[summary]
+          Walk dictionary tree and convert to html for better display
+          Args:
+              sub_dict ([type]): [description]
+
+          Returns:
+              [type]: [description]
+        """
+        notes = []
+        if sub_dict and isinstance(sub_dict, (list, dict)):
+            if isinstance(sub_dict, list):
+                expanded_list = self.expand_list(sub_dict, is_list=True)
+                notes.append(self.add_separator(self.separator, expanded_list))
+            else:
+                keys = sorted (sub_dict.keys()) if self.sort_keys else sub_dict.keys()
+
+                for key in keys:
+                    if key not in self.omit_keys:
+                        value = sub_dict[key]
+                        is_list = isinstance(value, list)
+                        item_list = [u"<strong>{0}</strong>: ".format(key)]
+                        if isinstance(value, dict):
+                            convert_result = self.convert_json_to_rich_text(value)
+                            if convert_result:
+                                item_list.append(u"<div style='padding:{}px'>{}</div>".format(self.padding, convert_result))
+                            else:
+                                item_list.append(u"None<br>")
+                        else:
+                            item_list.append(self.expand_list(value, is_list=is_list))
+
+                        notes.append(self.add_separator(self.separator, u"".join(make_unicode(v) for v in item_list), is_list=is_list))
+
+        result_notes = u"".join(notes)
+        if isinstance(self.separator, list):
+            return result_notes
+        else:
+            return result_notes.replace(
+                u"</div>{0}".format(self.separator), u"</div>").replace(
+                u"{0}</div>".format(self.separator), u"</div>"
+            )  # tighten up result
+
+    def add_separator(self, separator, items, is_list=False):
+        """
+        apply the separator to the data
+        :param separator: None, str or list such as ['<span>', '</span>']
+        :param items: str or list to add separator
+        :return: text with separator applied
+        """
+        _items = items
+
+        if not _items:
+            return "<br>"
+
+        if not isinstance(_items, list):
+            _items = [_items]
+
+        if isinstance(separator, list):
+            return u"".join([u"{}{}{}".format(separator[0], item, separator[1]) for item in _items])
+
+        return u"{}{}".format(separator.join(_items), separator if not is_list else u"")
+
+def make_unicode(value):
+    if value is None:
+        return 'None'
+
+    return unicode(value)
+
+def get_results(property_name):
+    if playbook and playbook.functions.results[property_name] is not None:
+        return playbook.functions.results[property_name]
+    elif playbook and playbook.properties[property_name] is not None:
+        return playbook.properties[property_name]
+    elif workflow and workflow.properties[property_name] is not None:
+        return workflow.properties[property_name]
+
+    return None
+
+def get_properties(property_name):
+    """
+    Logic to collect the json and parameters from a workflow property.
+    Args:
+      property_name: workflow property to reference
+    Returns:
+      padding, separator, header, json_omit_list, incident_field, json, sort_keys
+    """
+    result_properties = get_results(property_name)
+    if not result_properties:
+        helper.fail("Playbook/workflow property not found: {}".format(property_name))
+
+    padding = int(result_properties.get("padding", 10))
+    separator = result_properties.get("separator", u"<br />")
+    if isinstance(separator, list) and len(separator) != 2:
+        helper.fail("list of separators should be specified as a pair such as ['<div>', '</div>']: {}".format(separator))
+
+    header = result_properties.get("header")
+    sort_keys = bool(result_properties.get("sort", False))
+    json_omit_list = result_properties.get("json_omit_list")
+    if not json_omit_list:
+        json_omit_list = []
+    incident_field = result_properties.get("incident_field")
+    
+    # workflow formatted content is 'json'. Standard functions is 'content'
+    json = result_properties.get("json") if result_properties.get("json") else result_properties.get("content")
+    json_err = None
+    # is there an issue we need handle now?
+    if not json and \
+        result_properties.get("success") == False and result_properties.get("reason"):
+        json_err = result_properties.get("reason")
+    
+    return padding, separator, header, json_omit_list, incident_field, json, json_err, sort_keys
+
+
+## S T A R T
+padding, separator, header, json_omit_list, incident_field, json, json_err, sort_keys = get_properties('convert_json_to_rich_text')
+if json_err:
+    result = "Result error: {}".format(json_err)
+else:
+    if header:
+        if isinstance(separator, list):
+            hdr = u"{0}{1}{2}".format(separator[0], header, separator[1])
+        else:
+            hdr = u"{0}{1}".format(header, separator)
+    else:
+        hdr = u""
+
+    convert = ConvertJson(omit_keys=json_omit_list, padding=padding, separator=separator, sort_keys=sort_keys)
+    converted_json = convert.convert_json_to_rich_text(json)
+    result = u"{}{}".format(hdr, converted_json if converted_json else "\nNone")
+
+rich_text_note = helper.createRichText(result)
+if incident_field:
+    incident[incident_field] = rich_text_note
+else:
+    incident.addNote(rich_text_note)
+
+```
+
+</p>
+</details>
+
+---
+## Script - Sumo Logic: Add Artifacts from Insight
+Create artifacts in SOAR from the Sumo Logic Get Insight by ID function and write the results to a note.
+
+**Object:** incident
+
+<details><summary>Script Text:</summary>
+<p>
+
+```python
+ARTIFACT_TYPE_MAPPING = {
+  "_ip": "IP Address",
+  "_hostname": "DNS Name",
+  "_file": "File Path",
+  "_mac": "MAC Address",
+  "_process": "Process Name",
+  "_username": "User Account",
+  "_useragent": "User Agent",
+  "_url": "URL"
+}
+
+results = playbook.functions.results.get_insight_by_id_results
+
+note_text = "<b>Sumo Logic: Add Artifacts from Insight:</b>"
+if results.get("success", False):
+  content = results.get("content", {})
+  if content:
+      data = content.get("data", None)
+      if data:
+          involved_entities = data.get("involvedEntities", [])
+          artifact_count = 0
+          for entity in involved_entities:
+              entity_type = ARTIFACT_TYPE_MAPPING.get(entity.get("entityType"), None)
+              entity_value = entity.get("value", None)
+              if entity_type and entity_value:
+                  incident.addArtifact(entity_type, entity_value, f"Artifact created from Sumo Logic insight {incident.properties.sumo_logic_insight_readable_id}")
+                  artifact_count += 1
+              else:
+                  note_text = f"{note_text}<br>Unable to create artifact from entity: {entity}"
+          note_text = f"{note_text}<br>{artifact_count} artifact(s) created."
+      else:
+          note_text = f"{note_text}<br>no data found in insight results."
+  else:
+      note_text = f"{note_text}<br>no content found in insight results."
+else:
+    note_text = f"{note_text}<br>results found in insight results."
+
+incident.addNote(note_text)
+```
+
+</p>
+</details>
+
+---
+## Script - Sumo Logic: Populate Signals Data Table
+Populate the Signals data table with results from get insight function.
+
+**Object:** incident
+
+<details><summary>Script Text:</summary>
+<p>
+
+```python
+results = playbook.functions.results.get_insight_by_id_results
+note_text = f"<b>Sumo Logic: Populate Signals Data Table:</b>"
+if results.get("success", False):
+  content = results.get("content", {})
+  if content:
+      data = content.get("data", None)
+      if data:
+          signals = data.get("signals", [])
+          for signal in signals:
+              signal_row = incident.addRow("sumo_logic_insight_signals_dt")
+              signal_row.sumo_logic_signal_timestamp   = signal.get("timestamp", None)
+              signal_row.sumo_logic_signal_id          = signal.get("id", None)
+              signal_row.sumo_logic_signal_name        = signal.get("name", None)
+              signal_row.sumo_logic_signal_stage       = signal.get("stage", None)
+              signal_row.sumo_logic_signal_description = signal.get("description", None)
+              signal_row.sumo_logic_signal_rule_id     = signal.get("ruleId", None)
+              signal_row.sumo_logic_signal_severity = str(signal.get("severity")) if signal.get("severity", None) else None
+          num_signals = len(signals)
+          note_text = f"{note_text} {num_signals} signal(s) written to Signals data table."
+      else:
+          note_text = f"{note_text} Failed - no data found."
+  else:
+      note_text = f"{note_text} Failed - no data content found."
+else:
+    reason = results.get("reason", "No reason")
+    note_text = f"{note_text} Failed - {reason}"
+incident.addNote(note_text)
+```
+
+</p>
+</details>
+
+---
+
+## Playbooks
+| Playbook Name | Description | Activation Type | Object | Status | Condition | 
+| ------------- | ----------- | --------------- | ------ | ------ | --------- | 
+| Sumo Logic: Add Comment to Insight | Manual playbook to add a comment to a Sumo Logic insight in Sumo Logic. | Manual | note | `enabled` | `incident.properties.sumo_logic_insight_id has_a_value` | 
+| Sumo Logic: Add Tag to Insight | Manual playbook to add a tag to a Sumo Logic insight. | Manual | incident | `enabled` | `incident.properties.sumo_logic_insight_id has_a_value` | 
+| Sumo Logic: Close Insight on Case Close | Automatic playbook that updates the Status and Resolution of the associated insight in Sumo Logic  when the cases is closed in SOAR.  The SOAR case resolution summary is written as a comment to the Sumo Logic insight. | Automatic | incident | `enabled` | `incident.plan_status changed_to Closed AND incident.properties.sumo_logic_insight_id has_a_value` | 
+| Sumo Logic: Scan Artifact for Hits | Scan artifacts added to Sumo Logic case and add hit if | Manual | artifact | `enabled` | `artifact.type in ['IP Address', 'DNS Name', 'URL', 'User Account', 'Process Name', 'File Name', 'File Path', 'MAC Address', 'User Agent'] AND incident.properties.sumo_logic_insight_id has_a_value` | 
+| Sumo Logic: Scan Artifact for Hits Automatic | Automatic playbook to scan artifacts added to Sumo Logic case and add hit on artifact if recent Signal Severity Total is greater than specified threshold value. | Automatic | artifact | `enabled` | `artifact.type in ['IP Address', 'DNS Name', 'URL', 'User Account', 'Process Name', 'File Name', 'File Path', 'MAC Address', 'User Agent'] AND incident.properties.sumo_logic_insight_id has_a_value AND object_added` | 
+| Sumo Logic: Update Case | Manual playbook to update Sumo Logic case. Custom fields, data tables and comments are updated in the SOAR case. | Manual | incident | `enabled` | `incident.properties.sumo_logic_insight_id has_a_value` | 
+| Sumo Logic: Update Case on Creation | Automatic playbook to update Sumo Logic case when the case is created. Custom fields, data tables and comments are updated in the SOAR case. | Automatic | incident | `enabled` | `incident.properties.sumo_logic_insight_id has_a_value AND object_added` | 
+| Sumo Logic: Update Insight Status | Manual playbook to update the status of an insight in Sumo Logic. | Manual | incident | `enabled` | `-` | 
+| Sumo Logic: Write Entity JSON to Note | Write the Sumo Logic entity JSON to an incident note in SOAR. | Manual | artifact | `enabled` | `-` | 
+| Sumo Logic: Write Insight JSON to Note | Write the Sumo Logic insight JSON to an incident note in SOAR. | Manual | incident | `enabled` | `incident.properties.sumo_logic_insight_id has_a_value` | 
+| Sumo Logic: Write Signal JSON to Note | Write the Sumo Logic signal JSON to an incident note in SOAR. | Manual | sumo_logic_insight_signals_dt | `enabled` | `-` | 
+
+---
+
+## Custom Layouts
+<!--
+  Use this section to provide guidance on where the user should add any custom fields and data tables.
+  You may wish to recommend a new incident tab.
+  You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
+-->
+A custom layout Sumo Logic tab is included that contains Custom Fields and Signals Data Tables and Custom Fields like the screenshot below:
+
+  ![screenshot: custom_layouts](./doc/screenshots/custom_layouts.png)
+
+Sumo Logic Incident tab example:
+
+  ![screenshot: custom_layouts](./doc/screenshots/custom_layouts2.png)
+
+## Data Table - Signals
+
+ ![screenshot: dt-signals](./doc/screenshots/dt-signals.png)
+
+#### API Name:
+sumo_logic_insight_signals_dt
+
+#### Columns:
+| Column Name | API Access Name | Type | Tooltip |
+| ----------- | --------------- | ---- | ------- |
+| Description | `sumo_logic_signal_description` | `text` | - |
+| Name | `sumo_logic_signal_name` | `text` | - |
+| Rule ID | `sumo_logic_signal_rule_id` | `text` | - |
+| Severity | `sumo_logic_signal_severity` | `text` | - |
+| Signal ID | `sumo_logic_signal_id` | `text` | - |
+| Stage | `sumo_logic_signal_stage` | `text` | - |
+| Timestamp | `sumo_logic_signal_timestamp` | `text` | - |
+
+---
+
+## Custom Fields
+| Label | API Access Name | Type | Prefix | Placeholder | Tooltip |
+| ----- | --------------- | ---- | ------ | ----------- | ------- |
+| Insight Assignee | `sumo_logic_insight_assignee` | `text` | `properties` | - | - |
+| Insight Global Confidence | `sumo_logic_insight_global_confidence` | `number` | `properties` | - | - |
+| Insight ID | `sumo_logic_insight_id` | `text` | `properties` | - | - |
+| Insight Link | `sumo_logic_insight_link` | `textarea` | `properties` | - | - |
+| Insight Readable ID | `sumo_logic_insight_readable_id` | `text` | `properties` | - | - |
+| Insight Resolution | `sumo_logic_insight_resolution` | `text` | `properties` | - | - |
+| Insight Source | `sumo_logic_insight_source` | `text` | `properties` | - | - |
+| Insight Status | `sumo_logic_insight_status` | `text` | `properties` | - | - |
+| Insight Sub Resolution | `sumo_logic_insight_sub_resolution` | `text` | `properties` | - | - |
+| Insight Tags | `sumo_logic_insight_tags` | `text` | `properties` | - | - |
+
+---
+
+
+
+
+## Troubleshooting & Support
+Refer to the documentation listed in the Requirements section for troubleshooting information.
+ 
+### For Support
+This is an IBM supported app. Please search [ibm.com/mysupport](https://ibm.com/mysupport) for assistance.
diff --git a/_sources/fn_urlhaus/README.md.txt b/_sources/fn_urlhaus/README.md.txt
index 40ef2bef7..0fb047e00 100644
--- a/_sources/fn_urlhaus/README.md.txt
+++ b/_sources/fn_urlhaus/README.md.txt
@@ -26,18 +26,12 @@
 ---
 
 ## Release Notes
-<!--
-  Specify all changes in this release. Do not remove the release
-  notes of a previous release
--->
-### v1.0.2
-* Added App Host support
-
-### v1.0.1
-* Minor bug fix
-
-### v1.0.0
-* Initial Release
+| Version | Date | Notes |
+| ------- | ---- | ----- |
+| v1.0.3  | 09/2024 | Refresh for SOAR v51.0.0 |
+| v1.0.2  | 09/2020 | Added App Host support |
+| v1.0.1  | 03/2020 | Minor bug fix |
+| v1.0.0  | 03/2019 | Initial Release |
 
 ---
 
@@ -58,8 +52,8 @@ Look up supported artifacts in URLhaus to get more enrichment information and su
 <!--
   List any Requirements
 -->
-* Resilient platform >= `v35.0.0`
-* An Integration Server running `resilient_circuits>=33.0.0`
+* Resilient platform >= `v51.0.0`
+* An Integration Server running `resilient_circuits>=40.0.0`
   * To set up an Integration Server see: [ibm.biz/res-int-server-guide](https://ibm.biz/res-int-server-guide)
   * If using API Keys, minimum required permissions are:
       * Org Data: Read, Edit
@@ -157,20 +151,7 @@ There are several ways to verify the successful operation of a function.
 
 ---
 
-<!--
-  If necessary, use this section to describe how to configure your security application to work with the integration.
-  Delete this section if the user does not need to perform any configuration procedures on your product.
-
-## Configure <Product_Name>
-
-* Step One
-* Step Two
-* Step Three
-
----
--->
-
 ## Support
 | Name | Version | Author | Support URL |
 | ---- | ------- | ------ | ----------- |
-| fn_urlhaus | 1.0.2 | Resilient Labs | https://ibm.biz/resilientcommunity |
+| fn_urlhaus | 1.0.3 | IBM SOAR | https://ibm.biz/resilientcommunity |
diff --git a/_sources/fn_whois_rdap/README.md.txt b/_sources/fn_whois_rdap/README.md.txt
index e47be93ba..cf54cf974 100644
--- a/_sources/fn_whois_rdap/README.md.txt
+++ b/_sources/fn_whois_rdap/README.md.txt
@@ -1,41 +1,63 @@
-# Whois RDAP
-
-- [fn-whois-rdap Functions for IBM Resilient](#fn-whois-rdap-functions-for-ibm-resilient)
-  - [Release Notes](#release-notes)
-  - [Overview](#overview)
-  - [Requirements](#requirements)
-  - [Installation](#installation)
-  - [Function - RDAP: Query](#function---RDAP:-query)
-  - [Function - WHOIS: Query](#function---whois:-query)
-  - [Troubleshooting](#troubleshooting)
-    - [Resilient Action Status](#resilient-action-status)
-    - [Resilient Scripting Log](#resilient-scripting-log)
-    - [Resilient Logs](#resilient-logs)
-    - [Resilient-Circuits](#resilient-circuits)
-  - [Support](#support)
+<!--
+  This README.md is generated by running:
+  "resilient-sdk docgen -p fn_whois_rdap"
 
----
+  This file was generated with resilient-sdk v51.0.2.2.1096
 
-## Release Notes
+  It is best edited using a Text Editor with a Markdown Previewer. VS Code
+  is a good example. Checkout https://guides.github.com/features/mastering-markdown/
+  for tips on writing with Markdown
+
+  All fields followed by "::CHANGE_ME::"" should be manually edited
+
+  If you make manual edits and run docgen again, a .bak file will be created
 
-### History
+  Store any screenshots in the "doc/screenshots" directory and reference them like:
+  ![screenshot: screenshot_1](./screenshots/screenshot_1.png)
 
+  NOTE: If your app is available in the container-format only, there is no need to mention the integration server in this readme.
+-->
+
+# fn_whois_rdap
+
+
+## Table of Contents
+- [Release Notes](#release-notes)
+- [Overview](#overview)
+  - [Key Features](#key-features)
+- [Requirements](#requirements)
+  - [SOAR platform](#soar-platform)
+  - [Cloud Pak for Security](#cloud-pak-for-security)
+  - [Proxy Server](#proxy-server)
+  - [Python Environment](#python-environment)
+- [Installation](#installation)
+  - [Install](#install)
+  - [App Configuration](#app-configuration)
+- [Function - RDAP: Query](#function---rdap-query)
+- [Function - WHOIS: query](#function---whois-query)
+- [Rules](#rules)
+- [Troubleshooting & Support](#troubleshooting--support)
+
+---
+
+## Release Notes
 | Version| Date |Comment |
 | -------: | ---: | ------ |
-| 1.0.4 | 6/2021 |Bug fix ipwhois version pin |
+| 1.0.6 | 9/2024 | Refresh app for v51.0.0 |
+| 1.0.5 | 4/2022 | Bug fixes |
+| 1.0.4 | 6/2021 | Bug fix ipwhois version pin |
 | 1.0.3 | 8/2020 | Updated examples, proxy support added |
-| 1.0.2 | 4/2020 | bug fixes |
+| 1.0.2 | 4/2020 | Bug fixes |
 | 1.0.1 | 4/2020 | Support for App Host |
 | 1.0.0 | 12/2019 | Initial release |
 
 ---
 ## Overview
-
 **Retrieve registry information for IP, URL or DNS Artifacts**
 
  ![screenshot: main](./doc/screenshots/main.png)
 
-This integration retrieves registry information (via legacy WHOIS or new RDAP protocol) for IP, URL or DNS Artifacts that provides enrichment and threat intelligence on suspicious address. The information is added directly to artifact description and can include dns-zone, asn and asn description & other useful metadata.
+This integration retrieves registry information (via legacy WHOIS or new RDAP protocol) for IP, URL or DNS Artifacts that provides enrichment and threat intelligence on suspicious address. The information is added directly to artifact description and can include dns-zone, asn, and asn description & other useful metadata.
 
 ### Key Features
 <!--
@@ -48,49 +70,74 @@ This integration retrieves registry information (via legacy WHOIS or new RDAP pr
 ---
 
 ## Requirements
+This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRadar SOAR for IBM Cloud Pak for Security.
+
+### SOAR platform
+The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.
+
+If deploying to a SOAR platform with an App Host, the requirements are:
+* SOAR platform >= `51.0.0.0.9340`.
+* The app is in a container-based format (available from the AppExchange as a `zip` file).
+
+If deploying to a SOAR platform with an integration server, the requirements are:
+* SOAR platform >= `51.0.0.0.9340`.
+* The app is in the older integration format (available from the AppExchange as a `zip` file which contains a `tar.gz` file).
+* Integration server is running `resilient_circuits>=44.1.0`.
+* If using an API key account, make sure the account provides the following minimum permissions:
+  | Name | Permissions |
+  | ---- | ----------- |
+  | Org Data | Read |
+  | Function | Read |
+
+The following SOAR platform guides provide additional information:
+* _Edge Gateway Deployment Guide_ or _App Host Deployment Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings.
+* _Integration Server Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings.
+* _System Administrator Guide_: provides the procedure to install, configure and deploy apps.
+
+The above guides are available on the IBM Documentation website at [ibm.biz/soar-docs](https://ibm.biz/soar-docs). On this web page, select your SOAR platform version. On the follow-on page, you can find the _Edge Gateway Deployment Guide_, _App Host Deployment Guide_, or _Integration Server Guide_ by expanding **Apps** in the Table of Contents pane. The System Administrator Guide is available by expanding **System Administrator**.
+
+### Cloud Pak for Security
+If you are deploying to IBM Cloud Pak for Security, the requirements are:
+* IBM Cloud Pak for Security >= `1.10.15`.
+* Cloud Pak is configured with an Edge Gateway.
+* The app is in a container-based format (available from the AppExchange as a `zip` file).
+
+The following Cloud Pak guides provide additional information:
+* _Edge Gateway Deployment Guide_ or _App Host Deployment Guide_: provides installation, configuration, and troubleshooting information, including proxy server settings. From the Table of Contents, select Case Management and Orchestration & Automation > **Orchestration and Automation Apps**.
+* _System Administrator Guide_: provides information to install, configure, and deploy apps. From the IBM Cloud Pak for Security IBM Documentation table of contents, select Case Management and Orchestration & Automation > **System administrator**.
+
+These guides are available on the IBM Documentation website at [ibm.biz/cp4s-docs](https://ibm.biz/cp4s-docs). From this web page, select your IBM Cloud Pak for Security version. From the version-specific IBM Documentation page, select Case Management and Orchestration & Automation.
+
+### Proxy Server
+The app **does** support a proxy server.
+
+### Python Environment
+Python 3.9, 3.11, and 3.12 are officially supported. When deployed as an app, the app runs on Python 3.11.
+Additional package dependencies may exist for each of these packages:
+* future~=0.18
+* ipwhois==1.1.0
+* requests-file==1.5.1; python_version<='3.6'
+* resilient_circuits>=44.1.0
+* tldextract~=2.2; python_version<"3.0"
+* tldextract~=3.0; python_version>="3.0"
 
-* IBM Resilient >= `v35.0.5468`
-* An App Host environment or an Integration Server running `resilient_circuits>=32.0.0`
-  * To setup an Integration Server see [the Integration Server setup documentation](https://www.ibm.com/support/knowledgecenter/SSBRUQ_37.0.0/doc/container_apps.html)
 
 ---
 ## Installation
-### App Host Installation
-All the components for running Whois in a container already exist when using the App Host app. Once installed, review the app.config file in the Customizations tab.
-```
-[fn_whois_rdap]
-# uncomment to include proxy support
-#http_proxy=https://some_proxy.com
-#https_proxy=http://some_proxy.com
-```
 
-### Integration Server Installation
-
-* Download the `app-fn_whois_rdap-x.x.x-nnnn.zip`.
-* Copy the `.zip` to your Integration Server and SSH into it.
-* **Unzip** the package:
-  ```
-  $ unzip app-fn_whois_rdap-x.x.x-nnnn.zip
-  ```
-* **Install** the package:
-  ```
-  $ pip install fn_whois_rdap-x.x.x.tar.gz
-  ```
-* Import the fn_whois_rdap **customizations** into the Resilient platform:
-  ```
-  $ resilient-circuits customize -y -l fn-whois-rdap
-  ```
-* **Run** resilient-circuits or restart the Service on Windows/Linux:
-  ```
-  $ resilient-circuits run
-  ```
-* **Uninstall** the package:
-  ```
-  $ pip uninstall fn-whois-rdap
-  ```
----
+### Install
+* To install or uninstall an App or Integration on the _SOAR platform_, see the documentation at [ibm.biz/soar-docs](https://ibm.biz/soar-docs).
+* To install or uninstall an App on _IBM Cloud Pak for Security_, see the documentation at [ibm.biz/cp4s-docs](https://ibm.biz/cp4s-docs) and follow the instructions above to navigate to Orchestration and Automation.
+
+### App Configuration
+The following table provides the settings you need to configure the app. These settings are made in the app.config file. See the documentation discussed in the Requirements section for the procedure.
+
+| Config | Required | Example | Description |
+| ------ | :------: | ------- | ----------- |
+| http_proxy | No | http://<proxy ip> | HTTP proxy, if used |
+| https_proxy | No | https://<proxy ip> | HTTPS proxy, if used |
 
- ![screenshot: fn-rdap-query ](./doc/screenshots/workflows.png)
+ ---
 
 ## Function - RDAP: Query
 Using ipwhois library to make general queries in RDAP format
@@ -102,8 +149,8 @@ Using ipwhois library to make general queries in RDAP format
 
 | Name | Type | Required | Example | Tooltip |
 | ---- | :--: | :------: | ------- | ------- |
-| `rdap_depth` | `number` | Yes | `0` | 0, 1 or 2 |
-| `rdap_query` | `text` | Yes | `ibm.com` | IP, URL or DNS |
+| `rdap_depth` | `number` | Yes | `0` | Can be 0, 1 or 2 |
+| `rdap_query` | `text` | Yes | `ibm.com` | IP, URL or DNS Artifact |
 
 </p>
 </details>
@@ -111,161 +158,308 @@ Using ipwhois library to make general queries in RDAP format
 <details><summary>Outputs:</summary>
 <p>
 
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
 ```python
-results = {'content': {'asn': '16807',
-             'asn_cidr': '129.42.38.0/24',
-             'asn_country_code': 'US',
-             'asn_date': '1987-07-29',
-             'asn_description': 'IBM-EI - IBM - Events Infrastructure, US',
-             'asn_registry': 'arin',
-             'display_content': '{ '
-                                '"nir":false,"asn_registry":"arin","asn":"16807","asn_cidr":"129.42.38.0/24","asn_country_code":"US","asn_date":"1987-07-29","asn_description":"IBM-EI '
-                                '- IBM - Events Infrastructure, '
-                                'US","query":"129.42.38.10","network":{ '
-                                '"handle":"NET-129-42-0-0-1","remarks":false,"raw":false,"start_address":"129.42.0.0","end_address":"129.42.255.255","cidr":"129.42.0.0/16","ip_version":"v4","type":"DIRECT '
-                                'ASSIGNMENT","name":"IBM-RSCH-NET2","country":false,"parent_handle":"NET-129-0-0-0-0" '
-                                '},"objects":{ "IBM-1":{ '
-                                '"handle":"IBM-1","status":false,"remarks":false,"notices":false,"raw":false,"contact":{ '
-                                '"name":"IBM","kind":"org","phone":false,"email":false,"role":false,"title":false '
-                                '},"events_actor":false } '
-                                '},"raw":false,"dns_zone":"10.38.42.129.origin.asn.cymru.com" '
-                                '}',
-             'dns_zone': '10.38.42.129.origin.asn.cymru.com',
-             'entities': ['IBM-1'],
-             'network': {'cidr': '129.42.0.0/16',
-                         'country': None,
-                         'end_address': '129.42.255.255',
-                         'events': [{'action': 'last changed',
-                                     'actor': None,
-                                     'timestamp': '2015-10-20T16:09:08-04:00'},
-                                    {'action': 'registration',
-                                     'actor': None,
-                                     'timestamp': '1987-07-28T23:00:00-04:00'}],
-                         'handle': 'NET-129-42-0-0-1',
-                         'ip_version': 'v4',
-                         'links': ['https://rdap.arin.net/registry/ip/129.42.0.0',
-                                   'https://whois.arin.net/rest/net/NET-129-42-0-0-1'],
-                         'name': 'IBM-RSCH-NET2',
-                         'notices': [{'description': 'By using the ARIN '
-                                                     'RDAP/Whois service, you '
-                                                     'are agreeing to the '
-                                                     'RDAP/Whois Terms of Use',
-                                      'links': ['https://www.arin.net/resources/registry/whois/tou/'],
-                                      'title': 'Terms of Service'},
-                                     {'description': 'If you see inaccuracies '
-                                                     'in the results, please '
-                                                     'visit: ',
-                                      'links': ['https://www.arin.net/resources/registry/whois/inaccuracy_reporting/'],
-                                      'title': 'Whois Inaccuracy Reporting'},
-                                     {'description': 'Copyright 1997-2019, '
-                                                     'American Registry for '
-                                                     'Internet Numbers, Ltd.',
-                                      'links': None,
-                                      'title': 'Copyright Notice'}],
-                         'parent_handle': 'NET-129-0-0-0-0',
-                         'raw': None,
-                         'remarks': None,
-                         'start_address': '129.42.0.0',
-                         'status': ['active'],
-                         'type': 'DIRECT ASSIGNMENT'},
-             'nir': None,
-             'objects': {'IBM-1': {'contact': {'address': [{'type': None,
-                                                            'value': '3039 '
-                                                                     'Cornwallis '
-                                                                     'Road\n'
-                                                                     'Research '
-                                                                     'Triangle '
-                                                                     'Park\n'
-                                                                     'NC\n'
-                                                                     '27709-2195\n'
-                                                                     'United '
-                                                                     'States'}],
-                                               'email': None,
-                                               'kind': 'org',
-                                               'name': 'IBM',
-                                               'phone': None,
-                                               'role': None,
-                                               'title': None},
-                                   'entities': ['RAIN-ARIN'],
-                                   'events': [{'action': 'last changed',
-                                               'actor': None,
-                                               'timestamp': '2017-11-30T14:46:26-05:00'},
-                                              {'action': 'registration',
-                                               'actor': None,
-                                               'timestamp': '1992-02-08T00:00:00-05:00'}],
-                                   'events_actor': None,
-                                   'handle': 'IBM-1',
-                                   'links': ['https://rdap.arin.net/registry/entity/IBM-1',
-                                             'https://whois.arin.net/rest/org/IBM-1'],
-                                   'notices': None,
-                                   'raw': None,
-                                   'remarks': None,
-                                   'roles': ['registrant'],
-                                   'status': None}},
-             'query': '129.42.38.10',
-             'raw': None},
- 'inputs': {'rdap_depth': 0, 'rdap_query': 'https://www.ibm.com'},
- 'metrics': {'execution_time_ms': 337,
-             'host': 'your@hostname.com',
-             'package': 'fn-whois-rdap',
-             'package_version': '1.0.0',
-             'timestamp': '2019-09-26 15:52:48',
-             'version': '1.0'},
- 'raw': '{"nir": null, "asn_registry": "arin", "asn": "16807", "asn_cidr": '
-        '"129.42.38.0/24", "asn_country_code": "US", "asn_date": "1987-07-29", '
-        '"asn_description": "IBM-EI - IBM - Events Infrastructure, US", '
-        '"query": "129.42.38.10", "network": {"handle": "NET-129-42-0-0-1", '
-        '"status": ["active"], "remarks": null, "notices": [{"title": "Terms '
-        'of Service", "description": "By using the ARIN RDAP/Whois service, '
-        'you are agreeing to the RDAP/Whois Terms of Use", "links": '
-        '["https://www.arin.net/resources/registry/whois/tou/"]}, {"title": '
-        '"Whois Inaccuracy Reporting", "description": "If you see inaccuracies '
-        'in the results, please visit: ", "links": '
-        '["https://www.arin.net/resources/registry/whois/inaccuracy_reporting/"]}, '
-        '{"title": "Copyright Notice", "description": "Copyright 1997-2019, '
-        'American Registry for Internet Numbers, Ltd.", "links": null}], '
-        '"links": ["https://rdap.arin.net/registry/ip/129.42.0.0", '
-        '"https://whois.arin.net/rest/net/NET-129-42-0-0-1"], "events": '
-        '[{"action": "last changed", "timestamp": "2015-10-20T16:09:08-04:00", '
-        '"actor": null}, {"action": "registration", "timestamp": '
-        '"1987-07-28T23:00:00-04:00", "actor": null}], "raw": null, '
-        '"start_address": "129.42.0.0", "end_address": "129.42.255.255", '
-        '"cidr": "129.42.0.0/16", "ip_version": "v4", "type": "DIRECT '
-        'ASSIGNMENT", "name": "IBM-RSCH-NET2", "country": null, '
-        '"parent_handle": "NET-129-0-0-0-0"}, "entities": ["IBM-1"], '
-        '"objects": {"IBM-1": {"handle": "IBM-1", "status": null, "remarks": '
-        'null, "notices": null, "links": '
-        '["https://rdap.arin.net/registry/entity/IBM-1", '
-        '"https://whois.arin.net/rest/org/IBM-1"], "events": [{"action": "last '
-        'changed", "timestamp": "2017-11-30T14:46:26-05:00", "actor": null}, '
-        '{"action": "registration", "timestamp": "1992-02-08T00:00:00-05:00", '
-        '"actor": null}], "raw": null, "roles": ["registrant"], "contact": '
-        '{"name": "IBM", "kind": "org", "address": [{"type": null, "value": '
-        '"3039 Cornwallis Road\\nResearch Triangle '
-        'Park\\nNC\\n27709-2195\\nUnited States"}], "phone": null, "email": '
-        'null, "role": null, "title": null}, "events_actor": null, "entities": '
-        '["RAIN-ARIN"]}}, "raw": null, "dns_zone": '
-        '"10.38.42.129.origin.asn.cymru.com", "display_content": "{ '
-        '\\"nir\\":false,\\"asn_registry\\":\\"arin\\",\\"asn\\":\\"16807\\",\\"asn_cidr\\":\\"129.42.38.0/24\\",\\"asn_country_code\\":\\"US\\",\\"asn_date\\":\\"1987-07-29\\",\\"asn_description\\":\\"IBM-EI '
-        '- IBM - Events Infrastructure, '
-        'US\\",\\"query\\":\\"129.42.38.10\\",\\"network\\":{ '
-        '\\"handle\\":\\"NET-129-42-0-0-1\\",\\"remarks\\":false,\\"raw\\":false,\\"start_address\\":\\"129.42.0.0\\",\\"end_address\\":\\"129.42.255.255\\",\\"cidr\\":\\"129.42.0.0/16\\",\\"ip_version\\":\\"v4\\",\\"type\\":\\"DIRECT '
-        'ASSIGNMENT\\",\\"name\\":\\"IBM-RSCH-NET2\\",\\"country\\":false,\\"parent_handle\\":\\"NET-129-0-0-0-0\\" '
-        '},\\"objects\\":{ \\"IBM-1\\":{ '
-        '\\"handle\\":\\"IBM-1\\",\\"status\\":false,\\"remarks\\":false,\\"notices\\":false,\\"raw\\":false,\\"contact\\":{ '
-        '\\"name\\":\\"IBM\\",\\"kind\\":\\"org\\",\\"phone\\":false,\\"email\\":false,\\"role\\":false,\\"title\\":false '
-        '},\\"events_actor\\":false } '
-        '},\\"raw\\":false,\\"dns_zone\\":\\"10.38.42.129.origin.asn.cymru.com\\" '
-        '}"}',
- 'reason': None,
- 'success': True,
- 'version': '1.0'}
+results = {
+  "content": {
+    "asn": "8075",
+    "asn_cidr": "172.200.0.0/13",
+    "asn_country_code": "GB",
+    "asn_date": "2002-02-13",
+    "asn_description": "MICROSOFT-CORP-MSN-AS-BLOCK, US",
+    "asn_registry": "ripencc",
+    "display_content": "{ \"dns_zone\":\"25.147.206.172.origin.asn.cymru.com\" }",
+    "dns_zone": "25.147.206.172.origin.asn.cymru.com",
+    "entities": [
+      "DH5439-RIPE",
+      "MICROSOFT-MAINT",
+      "MRPA3-RIPE",
+      "ORG-MA42-RIPE",
+      "RIPE-NCC-HM-MNT",
+      "MAC274-RIPE"
+    ],
+    "network": {
+      "cidr": "172.128.0.0/10, 172.192.0.0/12, 172.208.0.0/13",
+      "country": "GB",
+      "end_address": "172.215.255.255",
+      "events": [
+        {
+          "action": "registration",
+          "actor": null,
+          "timestamp": "2024-05-16T09:38:13Z"
+        },
+        {
+          "action": "last changed",
+          "actor": null,
+          "timestamp": "2024-05-16T09:38:13Z"
+        }
+      ],
+      "handle": "172.128.0.0 - 172.215.255.255",
+      "ip_version": "v4",
+      "links": [
+        "https://rdap.db.ripe.net/ip/172.206.147.25",
+        "http://www.ripe.net/data-tools/support/documentation/terms"
+      ],
+      "name": "UK-MICROSOFT-20000324",
+      "notices": [
+        {
+          "description": "This output has been filtered.",
+          "links": null,
+          "title": "Filtered"
+        },
+        {
+          "description": "If you see inaccuracies in the results, please visit:",
+          "links": [
+            "https://www.ripe.net/contact-form?topic=ripe_dbm\u0026show_form=true"
+          ],
+          "title": "Whois Inaccuracy Reporting"
+        },
+        {
+          "description": "Objects returned came from source\nRIPE",
+          "links": null,
+          "title": "Source"
+        },
+        {
+          "description": "This is the RIPE Database query service. The objects are in RDAP format.",
+          "links": [
+            "http://www.ripe.net/db/support/db-terms-conditions.pdf"
+          ],
+          "title": "Terms and Conditions"
+        }
+      ],
+      "parent_handle": "0.0.0.0 - 255.255.255.255",
+      "raw": null,
+      "remarks": null,
+      "start_address": "172.128.0.0",
+      "status": [
+        "active"
+      ],
+      "type": "ALLOCATED PA"
+    },
+    "nir": null,
+    "objects": {
+      "DH5439-RIPE": {
+        "contact": {
+          "address": [
+            {
+              "type": null,
+              "value": "One Microsoft Way\nRedmond, WA 98052"
+            }
+          ],
+          "email": null,
+          "kind": "individual",
+          "name": "Divya Quamara",
+          "phone": [
+            {
+              "type": "voice",
+              "value": "+1-425-882-8080"
+            }
+          ],
+          "role": null,
+          "title": null
+        },
+        "entities": null,
+        "events": null,
+        "events_actor": null,
+        "handle": "DH5439-RIPE",
+        "links": [
+          "https://rdap.db.ripe.net/entity/DH5439-RIPE",
+          "http://www.ripe.net/data-tools/support/documentation/terms"
+        ],
+        "notices": null,
+        "raw": null,
+        "remarks": null,
+        "roles": [
+          "administrative"
+        ],
+        "status": null
+      },
+      "MAC274-RIPE": {
+        "contact": {
+          "address": [
+            {
+              "type": null,
+              "value": "One Microsoft Way\nRedmond, WA 98052"
+            }
+          ],
+          "email": [
+            {
+              "type": "abuse",
+              "value": "abuse@microsoft.com"
+            }
+          ],
+          "kind": "group",
+          "name": "Microsoft Abuse Contact",
+          "phone": null,
+          "role": null,
+          "title": null
+        },
+        "entities": [
+          "MICROSOFT-MAINT"
+        ],
+        "events": null,
+        "events_actor": null,
+        "handle": "MAC274-RIPE",
+        "links": null,
+        "notices": null,
+        "raw": null,
+        "remarks": null,
+        "roles": [
+          "abuse"
+        ],
+        "status": null
+      },
+      "MICROSOFT-MAINT": {
+        "contact": {
+          "address": null,
+          "email": null,
+          "kind": "individual",
+          "name": "MICROSOFT-MAINT",
+          "phone": null,
+          "role": null,
+          "title": null
+        },
+        "entities": null,
+        "events": null,
+        "events_actor": null,
+        "handle": "MICROSOFT-MAINT",
+        "links": [
+          "https://rdap.db.ripe.net/entity/MICROSOFT-MAINT",
+          "http://www.ripe.net/data-tools/support/documentation/terms"
+        ],
+        "notices": null,
+        "raw": null,
+        "remarks": null,
+        "roles": [
+          "registrant"
+        ],
+        "status": null
+      },
+      "MRPA3-RIPE": {
+        "contact": {
+          "address": [
+            {
+              "type": null,
+              "value": "One Microsoft Way\nRedmond, WA 98052"
+            }
+          ],
+          "email": null,
+          "kind": "group",
+          "name": "Microsoft Routing, Peering, and DNS",
+          "phone": null,
+          "role": null,
+          "title": null
+        },
+        "entities": null,
+        "events": null,
+        "events_actor": null,
+        "handle": "MRPA3-RIPE",
+        "links": [
+          "https://rdap.db.ripe.net/entity/MRPA3-RIPE",
+          "http://www.ripe.net/data-tools/support/documentation/terms"
+        ],
+        "notices": null,
+        "raw": null,
+        "remarks": null,
+        "roles": [
+          "technical"
+        ],
+        "status": null
+      },
+      "ORG-MA42-RIPE": {
+        "contact": {
+          "address": [
+            {
+              "type": null,
+              "value": "One Microsoft Way\nWA 98052\nRedmond\nUNITED STATES"
+            }
+          ],
+          "email": null,
+          "kind": "org",
+          "name": "Microsoft Limited",
+          "phone": [
+            {
+              "type": "voice",
+              "value": "+1 425 882 8080"
+            },
+            {
+              "type": "fax",
+              "value": "+1 425 936 7329"
+            }
+          ],
+          "role": null,
+          "title": null
+        },
+        "entities": null,
+        "events": null,
+        "events_actor": null,
+        "handle": "ORG-MA42-RIPE",
+        "links": [
+          "https://rdap.db.ripe.net/entity/ORG-MA42-RIPE",
+          "http://www.ripe.net/data-tools/support/documentation/terms"
+        ],
+        "notices": null,
+        "raw": null,
+        "remarks": null,
+        "roles": [
+          "registrant"
+        ],
+        "status": null
+      },
+      "RIPE-NCC-HM-MNT": {
+        "contact": {
+          "address": null,
+          "email": null,
+          "kind": "individual",
+          "name": "RIPE-NCC-HM-MNT",
+          "phone": null,
+          "role": null,
+          "title": null
+        },
+        "entities": null,
+        "events": null,
+        "events_actor": null,
+        "handle": "RIPE-NCC-HM-MNT",
+        "links": [
+          "https://rdap.db.ripe.net/entity/RIPE-NCC-HM-MNT",
+          "http://www.ripe.net/data-tools/support/documentation/terms"
+        ],
+        "notices": null,
+        "raw": null,
+        "remarks": null,
+        "roles": [
+          "registrant"
+        ],
+        "status": null
+      }
+    },
+    "query": "172.206.147.25",
+    "raw": null
+  },
+  "inputs": {
+    "rdap_depth": 0,
+    "rdap_query": "172.206.147.25"
+  },
+  "metrics": {
+    "execution_time_ms": 1470,
+    "host": "my.app.host",
+    "package": "fn-whois-rdap",
+    "package_version": "1.0.5",
+    "timestamp": "2024-09-24 13:56:32",
+    "version": "1.0"
+  },
+  "raw": "",
+  "reason": null,
+  "success": true,
+  "version": "1.0"
+}
 ```
 
 </p>
 </details>
 
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
 ```python
@@ -276,38 +470,58 @@ inputs.rdap_depth = 0
 </p>
 </details>
 
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
 ```python
-try:
-  des = artifact.description.content
-except Exception:
-  des = None
+def format_link(item):
+  if item and ("https://" in item or "http://" in item):
+    return "<a target='blank' href='{0}'>{0}</a>".format(item)
+  else:
+    return item
 
-if results["success"]:
-  if des is None:
-    note = u"""<div><p><br><b>RDAP threat intelligence at {2}:</b></br>\n\n
-    <br><b>{0}</b></br></div></p>\n\n
-    <div><p><br><b> Possible accessible keys:</b></br>\n\n
-    <br><b>{1}</b></br>\n\n""".format(results["content"]["display_content"],results["content"].keys(),results["metrics"]["timestamp"])
-    artifact.description = helper.createRichText(note)
+def expand_list(list_value, separator="<br>"):
+  if not isinstance(list_value, list):
+    return format_link(list_value)
   else:
-    note =des +u"""<div><p><br><b>RDAP threat intelligence at {2}:</b></br>\n\n
-    <br><b>{0}</b></br></div></p>\n\n
-    <div><p><br><b> Possible accessible keys:</b></br>\n\n
-    <br><b>{1}</b></br>\n\n""".format(results["content"]["display_content"],results["content"].keys(),results["metrics"]["timestamp"])
-    artifact.description = helper.createRichText(note)
+    try:
+      items = []
+      for item in list_value:
+        if isinstance(item, dict):
+          items.append("<div style='padding:10px'>{}</div>".format(walk_dict(item)))
+        else:
+          items.append(format_link(item))
+      return separator.join(items)
+    except:
+        pass
+    
+def walk_dict(sub_dict):
+  notes = []
+  for key, value in sub_dict.items():
+    if key not in ['display_content']:
+      if isinstance(value, dict):
+        notes.append(u"<b>{}</b>: <div style='padding:10px'>{}</div>".format(key, walk_dict(value)))
+      else:
+        notes.append(u"<b>{}</b>: {}".format(key, expand_list(value)))
+      
+  return u"<br>".join(notes)
+    
+
+note = u"RDAP Whois for artifact: {}<br><br>".format(artifact.value)
+if results["success"]:
+  note = note + walk_dict(results["content"])
 else:
-  note = u"""RDAP threat intelligence at {}:\n\n  This Artifact has no ans registry information, \n\n so no intelligence was gathered.  \n\n""".format(results["metrics"]["timestamp"])
-  artifact.description = helper.createRichText(note)
+  note = note + u"This Artifact has no ans accessible registry information"
+
+incident.addNote(helper.createRichText(note))
+
 ```
 
 </p>
 </details>
 
 ---
-## Function - WHOIS: Query
+## Function - WHOIS: query
 Using ipwhois library to make general queries in whois format
 
  ![screenshot: fn-whois-query ](./doc/screenshots/fn-rdap-query.png)
@@ -317,7 +531,7 @@ Using ipwhois library to make general queries in whois format
 
 | Name | Type | Required | Example | Tooltip |
 | ---- | :--: | :------: | ------- | ------- |
-| `whois_query` | `text` | Yes | `ibm.com` | IP, URL or DNS value |
+| `whois_query` | `text` | Yes | `ibm.com` | IP, URL or DNS Artifact |
 
 </p>
 </details>
@@ -325,68 +539,84 @@ Using ipwhois library to make general queries in whois format
 <details><summary>Outputs:</summary>
 <p>
 
+> **NOTE:** This example might be in JSON format, but `results` is a Python Dictionary on the SOAR platform.
+
 ```python
-results = {'content': {'asn': '16807',
-             'asn_cidr': '129.42.38.0/24',
-             'asn_country_code': 'US',
-             'asn_date': '1987-07-29',
-             'asn_description': 'IBM-EI - IBM - Events Infrastructure, US',
-             'asn_registry': 'arin',
-             'display_content': '{ '
-                                '"nir":false,"asn_registry":"arin","asn":"16807","asn_cidr":"129.42.38.0/24","asn_country_code":"US","asn_date":"1987-07-29","asn_description":"IBM-EI '
-                                '- IBM - Events Infrastructure, '
-                                'US","query":"129.42.38.10","raw":false,"referral":false,"raw_referral":false,"dns_zone":"10.38.42.129.origin.asn.cymru.com" '
-                                '}',
-             'dns_zone': '10.38.42.129.origin.asn.cymru.com',
-             'nets': [{'address': '3039 Cornwallis Road',
-                       'cidr': '129.42.0.0/16',
-                       'city': 'Research Triangle Park',
-                       'country': 'US',
-                       'created': '1987-07-28',
-                       'description': 'IBM',
-                       'emails': ['ipreg@us.ibm.com'],
-                       'handle': 'NET-129-42-0-0-1',
-                       'name': 'IBM-RSCH-NET2',
-                       'postal_code': '27709-2195',
-                       'range': '129.42.0.0 - 129.42.255.255',
-                       'state': 'NC',
-                       'updated': '2015-10-20'}],
-             'nir': None,
-             'query': '129.42.38.10',
-             'raw': None,
-             'raw_referral': None,
-             'referral': None},
- 'inputs': {'whois_query': 'https://www.ibm.com'},
- 'metrics': {'execution_time_ms': 2362,
-             'host': 'your@hostname.com',
-             'package': 'fn-whois-rdap',
-             'package_version': '1.0.0',
-             'timestamp': '2019-09-26 15:57:35',
-             'version': '1.0'},
- 'raw': '{"nir": null, "asn_registry": "arin", "asn": "16807", "asn_cidr": '
-        '"129.42.38.0/24", "asn_country_code": "US", "asn_date": "1987-07-29", '
-        '"asn_description": "IBM-EI - IBM - Events Infrastructure, US", '
-        '"query": "129.42.38.10", "nets": [{"cidr": "129.42.0.0/16", "name": '
-        '"IBM-RSCH-NET2", "handle": "NET-129-42-0-0-1", "range": "129.42.0.0 - '
-        '129.42.255.255", "description": "IBM", "country": "US", "state": '
-        '"NC", "city": "Research Triangle Park", "address": "3039 Cornwallis '
-        'Road", "postal_code": "27709-2195", "emails": ["ipreg@us.ibm.com"], '
-        '"created": "1987-07-28", "updated": "2015-10-20"}], "raw": null, '
-        '"referral": null, "raw_referral": null, "dns_zone": '
-        '"10.38.42.129.origin.asn.cymru.com", "display_content": "{ '
-        '\\"nir\\":false,\\"asn_registry\\":\\"arin\\",\\"asn\\":\\"16807\\",\\"asn_cidr\\":\\"129.42.38.0/24\\",\\"asn_country_code\\":\\"US\\",\\"asn_date\\":\\"1987-07-29\\",\\"asn_description\\":\\"IBM-EI '
-        '- IBM - Events Infrastructure, '
-        'US\\",\\"query\\":\\"129.42.38.10\\",\\"raw\\":false,\\"referral\\":false,\\"raw_referral\\":false,\\"dns_zone\\":\\"10.38.42.129.origin.asn.cymru.com\\" '
-        '}"}',
- 'reason': None,
- 'success': True,
- 'version': '1.0'}
+results = {
+  "content": {
+    "asn": "8075",
+    "asn_cidr": "172.200.0.0/13",
+    "asn_country_code": "GB",
+    "asn_date": "2002-02-13",
+    "asn_description": "MICROSOFT-CORP-MSN-AS-BLOCK, US",
+    "asn_registry": "ripencc",
+    "display_content": "{ \"dns_zone\":\"25.147.206.172.origin.asn.cymru.com\" }",
+    "dns_zone": "25.147.206.172.origin.asn.cymru.com",
+    "nets": [
+      {
+        "address": "One Microsoft Way\nWA 98052\nRedmond\nUNITED STATES",
+        "cidr": "172.128.0.0/10, 172.192.0.0/12, 172.208.0.0/13",
+        "city": null,
+        "country": "GB",
+        "created": "2024-05-16T09:38:13Z",
+        "description": "Microsoft Corporation AS8075\nTo report suspected security issues specific to\ntraffic emanating from Microsoft online services,\nincluding the distribution of malicious content\nor other illicit or illegal material through a\nMicrosoft online service, please submit reports\nto:\n* https://cert.microsoft.com\nFor SPAM and other abuse issues, such as Microsoft\nAccounts, please contact:\n* abuse@microsoft.com\nTo report security vulnerabilities in Microsoft\nproducts and services, please contact:\n* secure@microsoft.com\nFor legal and law enforcement-related requests,\nplease contact:\n* msndcc@microsoft.com\nFor routing, peering or DNS issues, please\ncontact:\n* IOC@microsoft.com",
+        "emails": [
+          "abuse@microsoft.com",
+          "secure@microsoft.com",
+          "msndcc@microsoft.com",
+          "IOC@microsoft.com"
+        ],
+        "handle": "MRPA3-RIPE",
+        "name": "UK-MICROSOFT-20000324",
+        "postal_code": null,
+        "range": "172.128.0.0 - 172.215.255.255",
+        "state": null,
+        "updated": "2024-05-16T09:38:13Z"
+      },
+      {
+        "address": null,
+        "cidr": "172.200.0.0/13",
+        "city": null,
+        "country": null,
+        "created": "2022-07-08T19:11:00Z",
+        "description": "Microsoft",
+        "emails": null,
+        "handle": null,
+        "name": null,
+        "postal_code": null,
+        "range": "172.200.0.0 - 172.207.255.255",
+        "state": null,
+        "updated": "2022-07-08T19:11:00Z"
+      }
+    ],
+    "nir": null,
+    "query": "172.206.147.25",
+    "raw": null,
+    "raw_referral": null,
+    "referral": null
+  },
+  "inputs": {
+    "whois_query": "172.206.147.25"
+  },
+  "metrics": {
+    "execution_time_ms": 1307,
+    "host": "my.app.host",
+    "package": "fn-whois-rdap",
+    "package_version": "1.0.5",
+    "timestamp": "2024-09-24 13:57:53",
+    "version": "1.0"
+  },
+  "raw": "",
+  "reason": null,
+  "success": true,
+  "version": "1.0"
+}
 ```
 
 </p>
 </details>
 
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 
 ```python
@@ -396,31 +626,51 @@ inputs.whois_query = artifact.value
 </p>
 </details>
 
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
 
 ```python
-try:
-  des = artifact.description.content
-except Exception:
-  des = None
+def format_link(item):
+  if item and ("https://" in item or "http://" in item):
+    return "<a target='blank' href='{0}'>{0}</a>".format(item)
+  else:
+    return item
 
-if results["success"]:
-  if des is None:
-    note = u"""<div><p><br><b>WHOIS threat intelligence at {2}:</b></br>\n\n
-    <br><b>{0}</b></br></div></p>\n\n
-    <div><p><br><b> Possible accessible keys:</b></br>\n\n
-    <br><b>{1}</b></br>\n\n""".format(results["content"]["display_content"],results["content"].keys(),results["metrics"]["timestamp"])
-    artifact.description = helper.createRichText(note)
+def expand_list(list_value, separator="<br>"):
+  if not isinstance(list_value, list):
+    return format_link(list_value)
   else:
-    note =des +u"""<div><p><br><b>WHOIS threat intelligence at {2}:</b></br>\n\n
-    <br><b>{0}</b></br></div></p>\n\n
-    <div><p><br><b> Possible accessible keys:</b></br>\n\n
-    <br><b>{1}</b></br>\n\n""".format(results["content"]["display_content"],results["content"].keys(),results["metrics"]["timestamp"])
-    artifact.description = helper.createRichText(note)
+    try:
+      items = []
+      for item in list_value:
+        if isinstance(item, dict):
+          items.append("<div style='padding:10px'>{}</div>".format(walk_dict(item)))
+        else:
+          items.append(format_link(item))
+      return separator.join(items)
+    except:
+        pass
+    
+def walk_dict(sub_dict):
+  notes = []
+  for key, value in sub_dict.items():
+    if key not in ['display_content']:
+      if isinstance(value, dict):
+        notes.append(u"<b>{}</b>: <div style='padding:10px'>{}</div>".format(key, walk_dict(value)))
+      else:
+        notes.append(u"<b>{}</b>: {}".format(key, expand_list(value)))
+      
+  return u"<br>".join(notes)
+    
+
+note = u"Whois for artifact: {}<br><br>".format(artifact.value)
+if results["success"]:
+  note = note + walk_dict(results["content"])
 else:
-  note = u"""WHOIS threat intelligence at {}:\n\n  This Artifact has no ans registry information, \n\n so no intelligence was gathered.  \n\n""".format(results["metrics"]["timestamp"])
-  artifact.description = helper.createRichText(note)
+  note = note + u"This Artifact has no whois information"
+
+incident.addNote(helper.createRichText(note))
+
 ```
 
 </p>
@@ -428,31 +678,17 @@ else:
 
 ---
 
-## Troubleshooting
-There are several ways to verify the successful operation of a function.
-
-### Resilient Action Status
-* When viewing an incident, use the Actions menu to view **Action Status**.
-* By default, pending and errors are displayed.
-* Modify the filter for actions to also show Completed actions.
-* Clicking on an action displays additional information on the progress made or what error occurred.
-
-### Resilient Scripting Log
-* A separate log file is available to review scripting errors.
-* This is useful when issues occur in the pre-processing or post-processing scripts.
-* The default location for this log file is: `/var/log/resilient-scripting/resilient-scripting.log`.
-
-### Resilient Logs
-* By default, Resilient logs are retained at `/usr/share/co3/logs`.
-* The `client.log` may contain additional information regarding the execution of functions.
-
-### Resilient-Circuits
-* The log is controlled in the `.resilient/app.config` file under the section [resilient] and the property `logdir`.
-* The default file name is `app.log`.
-* Each function will create progress information.
-* Failures will show up as errors and may contain python trace statements.
+## Rules
+| Rule Name | Object | Workflow Triggered | Condition |
+| --------- | ------ | ------------------ | ---------- |
+| Run rdap query against Artifact | artifact | `example_rdap_query` | `artifact.type in ['IP Address', 'DNS Name', 'URL']` |
+| Run whois query against Artifact (RDAP) | artifact | `example_whois_query` | `artifact.type in ['IP Address', 'DNS Name', 'URL']` |
 
 ---
 
-## Support
-View the [community forums](https://ibm.biz/soarcommunity) for help with this app.
\ No newline at end of file
+
+## Troubleshooting & Support
+Refer to the documentation listed in the Requirements section for troubleshooting information.
+ 
+### For Support
+This is a IBM Community provided app. Please search the Community [ibm.biz/soarcommunity](https://ibm.biz/soarcommunity) for assistance.
diff --git a/app_host_files/README.html b/app_host_files/README.html
index 5374d572d..17d5d36cf 100644
--- a/app_host_files/README.html
+++ b/app_host_files/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/base_input_types/README.html b/base_input_types/README.html
index 59eee681a..52e39dfd1 100644
--- a/base_input_types/README.html
+++ b/base_input_types/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/docs/python_api.html b/docs/python_api.html
index 262fe9a46..049af68b8 100644
--- a/docs/python_api.html
+++ b/docs/python_api.html
@@ -3,7 +3,7 @@
   <head><meta charset="utf-8"/>
     <meta name="viewport" content="width=device-width,initial-scale=1"/>
     <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
-<link rel="search" title="Search" href="../search.html" /><link rel="next" title="AbuseIPDB" href="../fn_abuseipdb/README.html" /><link rel="prev" title="Wiz" href="../fn_wiz/README.html" />
+<link rel="search" title="Search" href="../search.html" /><link rel="next" title="IBM SOAR integration for AlgoSec" href="../fn_algosec/README.html" /><link rel="prev" title="Wiz" href="../fn_wiz/README.html" />
 
     <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
         <title>IBM SOAR Python Documentation - QRadar SOAR Apps</title>
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -423,12 +425,12 @@ <h1>IBM SOAR Python Documentation<a class="headerlink" href="#ibm-soar-python-do
       <footer>
         
         <div class="related-pages">
-          <a class="next-page" href="../fn_abuseipdb/README.html">
+          <a class="next-page" href="../fn_algosec/README.html">
               <div class="page-info">
                 <div class="context">
                   <span>Next</span>
                 </div>
-                <div class="title">AbuseIPDB</div>
+                <div class="title">IBM SOAR integration for AlgoSec</div>
               </div>
               <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
             </a>
diff --git a/fn_abuseipdb/README.html b/fn_abuseipdb/README.html
index 5e79a019d..49dfb3952 100644
--- a/fn_abuseipdb/README.html
+++ b/fn_abuseipdb/README.html
@@ -3,7 +3,7 @@
   <head><meta charset="utf-8"/>
     <meta name="viewport" content="width=device-width,initial-scale=1"/>
     <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
-<link rel="search" title="Search" href="../search.html" /><link rel="next" title="AlienVault OTX" href="../fn_alienvault_otx/README.html" /><link rel="prev" title="IBM SOAR Python Documentation" href="../docs/python_api.html" />
+<link rel="search" title="Search" href="../search.html" /><link rel="next" title="AlienVault OTX" href="../fn_alienvault_otx/README.html" /><link rel="prev" title="IBM SOAR integration for AlgoSec" href="../fn_algosec/README.html" />
 
     <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
         <title>AbuseIPDB - QRadar SOAR Apps</title>
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -919,14 +921,14 @@ <h3>For Support<a class="headerlink" href="#for-support" title="Link to this hea
               </div>
               <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
             </a>
-          <a class="prev-page" href="../docs/python_api.html">
+          <a class="prev-page" href="../fn_algosec/README.html">
               <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
               <div class="page-info">
                 <div class="context">
                   <span>Previous</span>
                 </div>
                 
-                <div class="title">IBM SOAR Python Documentation</div>
+                <div class="title">IBM SOAR integration for AlgoSec</div>
                 
               </div>
             </a>
diff --git a/fn_algosec/README.html b/fn_algosec/README.html
new file mode 100644
index 000000000..64d507571
--- /dev/null
+++ b/fn_algosec/README.html
@@ -0,0 +1,1467 @@
+<!doctype html>
+<html class="no-js" lang="en" data-content_root="../">
+  <head><meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width,initial-scale=1"/>
+    <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
+<link rel="search" title="Search" href="../search.html" /><link rel="next" title="AbuseIPDB" href="../fn_abuseipdb/README.html" /><link rel="prev" title="IBM SOAR Python Documentation" href="../docs/python_api.html" />
+
+    <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
+        <title>IBM SOAR integration for AlgoSec - QRadar SOAR Apps</title>
+      <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=a746c00c" />
+    <link rel="stylesheet" type="text/css" href="../_static/styles/furo.css?v=354aac6f" />
+    <link rel="stylesheet" type="text/css" href="../_static/copybutton.css?v=76b2166b" />
+    <link rel="stylesheet" type="text/css" href="../_static/sphinx-design.min.css?v=95c83b7e" />
+    <link rel="stylesheet" type="text/css" href="../_static/styles/furo-extensions.css?v=302659d7" />
+    <link rel="stylesheet" type="text/css" href="../_static/css/custom.css?v=afe95b24" />
+    
+    
+
+
+<style>
+  body {
+    --color-code-background: #f8f8f8;
+  --color-code-foreground: black;
+  
+  }
+  @media not print {
+    body[data-theme="dark"] {
+      --color-code-background: #202020;
+  --color-code-foreground: #d0d0d0;
+  
+    }
+    @media (prefers-color-scheme: dark) {
+      body:not([data-theme="light"]) {
+        --color-code-background: #202020;
+  --color-code-foreground: #d0d0d0;
+  
+      }
+    }
+  }
+</style></head>
+  <body>
+    
+    <script>
+      document.body.dataset.theme = localStorage.getItem("theme") || "auto";
+    </script>
+    
+
+<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
+  <symbol id="svg-toc" viewBox="0 0 24 24">
+    <title>Contents</title>
+    <svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 1024 1024">
+      <path d="M408 442h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8zm-8 204c0 4.4 3.6 8 8 8h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56zm504-486H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 632H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM115.4 518.9L271.7 642c5.8 4.6 14.4.5 14.4-6.9V388.9c0-7.4-8.5-11.5-14.4-6.9L115.4 505.1a8.74 8.74 0 0 0 0 13.8z"/>
+    </svg>
+  </symbol>
+  <symbol id="svg-menu" viewBox="0 0 24 24">
+    <title>Menu</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-menu">
+      <line x1="3" y1="12" x2="21" y2="12"></line>
+      <line x1="3" y1="6" x2="21" y2="6"></line>
+      <line x1="3" y1="18" x2="21" y2="18"></line>
+    </svg>
+  </symbol>
+  <symbol id="svg-arrow-right" viewBox="0 0 24 24">
+    <title>Expand</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-chevron-right">
+      <polyline points="9 18 15 12 9 6"></polyline>
+    </svg>
+  </symbol>
+  <symbol id="svg-sun" viewBox="0 0 24 24">
+    <title>Light mode</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="feather-sun">
+      <circle cx="12" cy="12" r="5"></circle>
+      <line x1="12" y1="1" x2="12" y2="3"></line>
+      <line x1="12" y1="21" x2="12" y2="23"></line>
+      <line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
+      <line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
+      <line x1="1" y1="12" x2="3" y2="12"></line>
+      <line x1="21" y1="12" x2="23" y2="12"></line>
+      <line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
+      <line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
+    </svg>
+  </symbol>
+  <symbol id="svg-moon" viewBox="0 0 24 24">
+    <title>Dark mode</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-moon">
+      <path stroke="none" d="M0 0h24v24H0z" fill="none" />
+      <path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z" />
+    </svg>
+  </symbol>
+  <symbol id="svg-sun-with-moon" viewBox="0 0 24 24">
+    <title>Auto light/dark, in light mode</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
+      class="icon-custom-derived-from-feather-sun-and-tabler-moon">
+      <path style="opacity: 50%" d="M 5.411 14.504 C 5.471 14.504 5.532 14.504 5.591 14.504 C 3.639 16.319 4.383 19.569 6.931 20.352 C 7.693 20.586 8.512 20.551 9.25 20.252 C 8.023 23.207 4.056 23.725 2.11 21.184 C 0.166 18.642 1.702 14.949 4.874 14.536 C 5.051 14.512 5.231 14.5 5.411 14.5 L 5.411 14.504 Z"/>
+      <line x1="14.5" y1="3.25" x2="14.5" y2="1.25"/>
+      <line x1="14.5" y1="15.85" x2="14.5" y2="17.85"/>
+      <line x1="10.044" y1="5.094" x2="8.63" y2="3.68"/>
+      <line x1="19" y1="14.05" x2="20.414" y2="15.464"/>
+      <line x1="8.2" y1="9.55" x2="6.2" y2="9.55"/>
+      <line x1="20.8" y1="9.55" x2="22.8" y2="9.55"/>
+      <line x1="10.044" y1="14.006" x2="8.63" y2="15.42"/>
+      <line x1="19" y1="5.05" x2="20.414" y2="3.636"/>
+      <circle cx="14.5" cy="9.55" r="3.6"/>
+    </svg>
+  </symbol>
+  <symbol id="svg-moon-with-sun" viewBox="0 0 24 24">
+    <title>Auto light/dark, in dark mode</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
+      class="icon-custom-derived-from-feather-sun-and-tabler-moon">
+      <path d="M 8.282 7.007 C 8.385 7.007 8.494 7.007 8.595 7.007 C 5.18 10.184 6.481 15.869 10.942 17.24 C 12.275 17.648 13.706 17.589 15 17.066 C 12.851 22.236 5.91 23.143 2.505 18.696 C -0.897 14.249 1.791 7.786 7.342 7.063 C 7.652 7.021 7.965 7 8.282 7 L 8.282 7.007 Z"/>
+      <line style="opacity: 50%" x1="18" y1="3.705" x2="18" y2="2.5"/>
+      <line style="opacity: 50%" x1="18" y1="11.295" x2="18" y2="12.5"/>
+      <line style="opacity: 50%" x1="15.316" y1="4.816" x2="14.464" y2="3.964"/>
+      <line style="opacity: 50%" x1="20.711" y1="10.212" x2="21.563" y2="11.063"/>
+      <line style="opacity: 50%" x1="14.205" y1="7.5" x2="13.001" y2="7.5"/>
+      <line style="opacity: 50%" x1="21.795" y1="7.5" x2="23" y2="7.5"/>
+      <line style="opacity: 50%" x1="15.316" y1="10.184" x2="14.464" y2="11.036"/>
+      <line style="opacity: 50%" x1="20.711" y1="4.789" x2="21.563" y2="3.937"/>
+      <circle style="opacity: 50%" cx="18" cy="7.5" r="2.169"/>
+    </svg>
+  </symbol>
+  <symbol id="svg-pencil" viewBox="0 0 24 24">
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-pencil-code">
+      <path d="M4 20h4l10.5 -10.5a2.828 2.828 0 1 0 -4 -4l-10.5 10.5v4" />
+      <path d="M13.5 6.5l4 4" />
+      <path d="M20 21l2 -2l-2 -2" />
+      <path d="M17 17l-2 2l2 2" />
+    </svg>
+  </symbol>
+  <symbol id="svg-eye" viewBox="0 0 24 24">
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-eye-code">
+      <path stroke="none" d="M0 0h24v24H0z" fill="none" />
+      <path d="M10 12a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" />
+      <path
+        d="M11.11 17.958c-3.209 -.307 -5.91 -2.293 -8.11 -5.958c2.4 -4 5.4 -6 9 -6c3.6 0 6.6 2 9 6c-.21 .352 -.427 .688 -.647 1.008" />
+      <path d="M20 21l2 -2l-2 -2" />
+      <path d="M17 17l-2 2l2 2" />
+    </svg>
+  </symbol>
+</svg>
+
+<input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation">
+<input type="checkbox" class="sidebar-toggle" name="__toc" id="__toc">
+<label class="overlay sidebar-overlay" for="__navigation">
+  <div class="visually-hidden">Hide navigation sidebar</div>
+</label>
+<label class="overlay toc-overlay" for="__toc">
+  <div class="visually-hidden">Hide table of contents sidebar</div>
+</label>
+
+<a class="skip-to-content muted-link" href="#furo-main-content">Skip to content</a>
+
+
+
+<div class="page">
+  <header class="mobile-header">
+    <div class="header-left">
+      <label class="nav-overlay-icon" for="__navigation">
+        <div class="visually-hidden">Toggle site navigation sidebar</div>
+        <i class="icon"><svg><use href="#svg-menu"></use></svg></i>
+      </label>
+    </div>
+    <div class="header-center">
+      <a href="../index.html"><div class="brand">QRadar SOAR Apps</div></a>
+    </div>
+    <div class="header-right">
+      <div class="theme-toggle-container theme-toggle-header">
+        <button class="theme-toggle">
+          <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div>
+          <svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
+          <svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
+          <svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
+          <svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
+        </button>
+      </div>
+      <label class="toc-overlay-icon toc-header-icon" for="__toc">
+        <div class="visually-hidden">Toggle table of contents sidebar</div>
+        <i class="icon"><svg><use href="#svg-toc"></use></svg></i>
+      </label>
+    </div>
+  </header>
+  <aside class="sidebar-drawer">
+    <div class="sidebar-container">
+      
+      <div class="sidebar-sticky"><a class="sidebar-brand" href="../index.html">
+  
+  <div class="sidebar-logo-container">
+    <img class="sidebar-logo only-light" src="../_static/IBM_Security_Light.png" alt="Light Logo"/>
+    <img class="sidebar-logo only-dark" src="../_static/IBM_Security_Dark.png" alt="Dark Logo"/>
+  </div>
+  
+  <span class="sidebar-brand-text">QRadar SOAR Apps</span>
+  
+</a><form class="sidebar-search-container" method="get" action="../search.html" role="search">
+  <input class="sidebar-search" placeholder="Search" name="q" aria-label="Search">
+  <input type="hidden" name="check_keywords" value="yes">
+  <input type="hidden" name="area" value="default">
+</form>
+<div id="searchbox"></div><div class="sidebar-scroll"><div class="sidebar-tree">
+  <p class="caption" role="heading"><span class="caption-text">New and Recently Updated Apps</span></p>
+<ul>
+<li class="toctree-l1 has-children"><a class="reference internal" href="../fn_service_now/README.html">ServiceNow</a><input class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" role="switch" type="checkbox"/><label for="toctree-checkbox-1"><div class="visually-hidden">Toggle navigation of ServiceNow</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul>
+<li class="toctree-l2"><a class="reference internal" href="../fn_service_now/docs/install_guide/README.html">ServiceNow Installation Guide</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../fn_service_now/docs/customize_snow_guide/README.html">ServiceNow Customization Guide</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../fn_service_now/docs/customize_resilient_guide/README.html">SOAR Customization Guide</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_remedy/README.html">Remedy</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_siemplify/README.html">Siemplify</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_vmware_cbc/README.html">VMware Carbon Black Cloud</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_aws_iam/README.html">AWS IAM</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_symantec_dlp/README.html">Symantec DLP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_resilientfeed/README.html">Data Feeder for SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_wiz/README.html">Wiz</a></li>
+</ul>
+<p class="caption" role="heading"><span class="caption-text">App Development</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../docs/python_api.html">IBM SOAR Python Documentation</a></li>
+</ul>
+<p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
+<ul class="current">
+<li class="toctree-l1 current current-page"><a class="current reference internal" href="#">IBM SOAR integration for AlgoSec</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ansible/README.html">Ansible for SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ansible_tower/README.html">Ansible Tower</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_api_void/README.html">APIVoid Threat Analysis APIs</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_aws_guardduty/README.html">fn_aws_guardduty</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_aws_utilities/README.html">AWS Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_axonius/README.html">Axonius</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_azure_automation_utilities/README.html">Azure Automation Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_bigfix/README.html">BigFix</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_bmc_helix/README.html">BMC Helix</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_calendar_invite/README.html">Calendar Invite</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cisco_amp4ep/README.html">Cisco Secure Endpoint</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cisco_asa/README.html">Cisco ASA</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cisco_enforcement/README.html">Cisco Umbrella Enforcement</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cisco_umbrella_inv/README.html">Cisco Umbrella Investigate</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_clamav/README.html">ClamAV</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cloud_foundry/README.html">Cloud Foundry</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_components/README.html">App Host Components</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_create_webex_meeting/README.html">Cisco WebEx</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_create_zoom_meeting/README.html">Zoom</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cve_search/README.html">CVE Search</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_darktrace/README.html">Darktrace <!-- omit in toc --></a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_datatable_utils/README.html">Datatable Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_elasticsearch/README.html">ElasticSearch</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_email_header_validation/README.html">Email Header Validation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_exchange/README.html">Microsoft Exchange</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_exchange_online/README.html">Microsoft Exchange Online</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_extrahop/README.html">ExtraHop</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_geocoding/README.html">Google Geocoding</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_github/README.html">GitHub</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_google_cloud_dlp/README.html">Google Cloud DLP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_google_cloud_scc/README.html">Google Cloud Security Command Center</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_googlesafebrowsing/README.html">Google Safe Browsing</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_greynoise/README.html">GreyNoise</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_grpc_interface/README.html">gRPC Interface</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_insights_integration/README.html">Guardium Insights Integration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html">Guardium Integration Application for IBM Resilient.</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#table-of-contents">Table of Contents -</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#about-this-package">About this package</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#use-cases">Use Cases</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#prerequisites">Prerequisites</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#installation">Installation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#configuration">Configuration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#resilient-configurations">Resilient Configurations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#rules">Rules</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#run-application">Run Application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#application-usage-and-details">Application Usage and Details</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#guardium-4a-list-parameter-names-by-report-name">Guardium: 4A. List Parameter Names By Report Name :</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#guardium-4b-search-all-guardium-reports">Guardium: 4B. Search All Guardium Reports :</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_hibp/README.html">Have I Been Pwned</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_html2pdf/README.html">HTML to PDF</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_icdx/README.html">Symantec ICDx</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_incident_utils/README.html">Incident Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ioc_parser_v2/README.html">IOC Parser</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ipinfo/README.html">IPInfo</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_isitphishing/README.html">IsItPhishing</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_jira/README.html">Jira</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_joe_sandbox_analysis/README.html">Joe Sandbox Analysis</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_kafka/README.html">Kafka</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ldap_utilities/README.html">IBM SOAR LDAP Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_maas360/README.html">MaaS360</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mandiant/README.html">Mandiant Threat Intelligence</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_atd/README.html">McAfee ATD</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_epo/README.html">McAfee ePO</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_esm/README.html">McAfee ESM</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_opendxl/README.html">McAfee OpenDXL</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_tie/README.html">McAfee TIE</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_microsoft_defender/README.html">Microsoft Defender</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_microsoft_security_graph/README.html">Microsoft Security Graph Integration for SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_microsoft_sentinel/README.html">Microsoft Sentinel</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_misp/README.html">MISP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mitre_integration/README.html">MITRE ATT&amp;CK</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mxtoolbox/README.html">About MxToolBox</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_netdevice/README.html">netMiko</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_network_utilities/README.html">Network Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ocr/README.html">Image OCR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_odbc_query/README.html">ODBC Query</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_outbound_email/README.html">Outbound Email</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pa_panorama/README.html">Palo Alto Panorama</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pagerduty/README.html">PagerDuty</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_parse_utilities/README.html">Parse Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_passivetotal/README.html">PassiveTotal</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pastebin/README.html">PasteBin Creator</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_phish_ai/README.html">Phish.AI</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_phish_tank/README.html">PhishTank Lookup</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pipl/README.html">Pipl</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_playbook_maker/README.html">Playbook Maker</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_playbook_utils/README.html">Playbook Utils</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_proofpoint_tap/README.html">Proofpoint TAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_proofpoint_trap/README.html">Proofpoint TRAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pulsedive/README.html">Pulsedive</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_qradar_advisor/README.html">QRadar Advisor Functions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_qradar_enhanced_data/README.html">QRadar Enhanced Data Migration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_qradar_integration/README.html">QRadar Integration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_query_tor_network/README.html">TOR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_randori/README.html">Randori</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_rapid7_insight_idr/README.html">Rapid7 InsightIDR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_reaqta/README.html">QRadar EDR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_relations/README.html">Parent/Child Relationships</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_rest_api/README.html">REST API Functions for SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_rsa_netwitness/README.html">RSA NetWitness</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_salesforce/README.html">Salesforce</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_soar_utils/README.html">SOAR Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_scheduler/README.html">Scheduler</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_secureworks_ctp/README.html">Secureworks CTP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sentinelone/README.html">SentinelOne</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sep/README.html">Symantec Endpoint Protection</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_shadowserver/README.html">Shadowserver</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_shodan/README.html">Shodan</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_slack/README.html">Slack</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_timer/README.html">Timer Function</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_trusteer_ppd/README.html">Trusteer Pinpoint Detect</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_twilio/README.html">Twilio SMS</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_twitter_most_popular/README.html">Twitter Search API</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_url_to_dns/README.html">URL to DNS</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_urlhaus/README.html">URLhaus</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_urlscanio/README.html">URLScan.io</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_utilities/README.html">Utilities (Deprecated)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_virustotal/README.html">VirusTotal</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_vmray_analyzer/README.html">VMRay Sandbox Analyzer</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_zia/README.html">Zscaler Internet Access Functions for IBM SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed/README.html">Data Feed Extension</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_elasticfeed/README.html">Data Feed Elasticsearch Plugin</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_kafkafeed/README.html">Data Feed KafkaFeed Plugin</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_odbcfeed/README.html">Data Feeder for ODBC Databases</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_splunkfeed/README.html">Data Feed plugin for Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-abuseipdb/README.html">AbuseIPDB Threat Service</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-haveibeenpwned/README.html">Have I Been Pwned Threat Searcher</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-mcafeetie/README.html">McAfee TIE Threat Searcher</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-passivetotal/README.html">RiskIQ PassiveTotal</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-shadowserver/README.html">ShadowServer Threat Service</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-urlscanio/README.html">URLScan IO Threat Searcher</a></li>
+</ul>
+
+</div>
+</div>
+
+      </div>
+      
+    </div>
+  </aside>
+  <div class="main">
+    <div class="content">
+      <div class="article-container">
+        <a href="#" class="back-to-top muted-link">
+          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
+            <path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"></path>
+          </svg>
+          <span>Back to top</span>
+        </a>
+        <div class="content-icon-container">
+          
+
+<div class="theme-toggle-container theme-toggle-content">
+            <button class="theme-toggle">
+              <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div>
+              <svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
+              <svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
+              <svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
+              <svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
+            </button>
+          </div>
+          <label class="toc-overlay-icon toc-content-icon" for="__toc">
+            <div class="visually-hidden">Toggle table of contents sidebar</div>
+            <i class="icon"><svg><use href="#svg-toc"></use></svg></i>
+          </label>
+        </div>
+        <article role="main" id="furo-main-content">
+          <section id="ibm-soar-integration-for-algosec">
+<h1>IBM SOAR integration for AlgoSec<a class="headerlink" href="#ibm-soar-integration-for-algosec" title="Link to this heading">¶</a></h1>
+<section id="table-of-contents">
+<h2>Table of Contents<a class="headerlink" href="#table-of-contents" title="Link to this heading">¶</a></h2>
+<ul class="simple">
+<li><p><a class="reference internal" href="#release-notes"><span class="xref myst">Release Notes</span></a></p></li>
+<li><p><a class="reference internal" href="#overview"><span class="xref myst">Overview</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#key-features"><span class="xref myst">Key Features</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#requirements"><span class="xref myst">Requirements</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#soar-platform"><span class="xref myst">SOAR platform</span></a></p></li>
+<li><p><a class="reference internal" href="#cloud-pak-for-security"><span class="xref myst">Cloud Pak for Security</span></a></p></li>
+<li><p><a class="reference internal" href="#proxy-server"><span class="xref myst">Proxy Server</span></a></p></li>
+<li><p><a class="reference internal" href="#python-environment"><span class="xref myst">Python Environment</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#installation"><span class="xref myst">Installation</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#install"><span class="xref myst">Install</span></a></p></li>
+<li><p><a class="reference internal" href="#app-configuration"><span class="xref myst">App Configuration</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#function---algosec-traffic-change-request"><span class="xref myst">Function - AlgoSec: Traffic Change Request</span></a></p></li>
+<li><p><a class="reference internal" href="#function---algosec-traffic-change-request-details"><span class="xref myst">Function - AlgoSec: Traffic Change Request Details</span></a></p></li>
+<li><p><a class="reference internal" href="#function---algosec-traffic-simulation-query"><span class="xref myst">Function - AlgoSec: Traffic Simulation Query</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#custom-layouts"><span class="xref myst">Custom Layouts</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#data-table---connectivity-to-internet-algosec"><span class="xref myst">Data Table - Connectivity to Internet (AlgoSec)</span></a></p></li>
+<li><p><a class="reference internal" href="#data-table---isolation-change-requests-algosec"><span class="xref myst">Data Table - Isolation Change Requests (AlgoSec)</span></a></p></li>
+<li><p><a class="reference internal" href="#playbooks"><span class="xref myst">Playbooks</span></a></p></li>
+<li><p><a class="reference internal" href="#troubleshooting--support"><span class="xref myst">Troubleshooting &amp; Support</span></a></p></li>
+</ul>
+</section>
+<hr class="docutils" />
+<section id="release-notes">
+<h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this heading">¶</a></h2>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Version</p></th>
+<th class="head"><p>Date</p></th>
+<th class="head"><p>Notes</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>1.0.0</p></td>
+<td><p>02/2019</p></td>
+<td><p>Initial Release</p></td>
+</tr>
+<tr class="row-odd"><td><p>2.0.0</p></td>
+<td><p>08/2024</p></td>
+<td><p>Integration rewritten with latest AlgoSec REST API. Apphost compatible. Converted to playbooks.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+<hr class="docutils" />
+<section id="overview">
+<h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
+<!--
+  Provide a high-level description of the function itself and its remote software or application.
+  The text below is parsed from the "description" and "long_description" attributes in the setup.py file
+-->
+<p><strong>IBM SOAR integration for AlgoSec</strong></p>
+<p><img alt="screenshot: main" src="../_images/main1.png" /></p>
+<p>This integration allows one to make a traffic change request, get the details of a traffic change request, or a traffic simulation query.</p>
+<section id="key-features">
+<h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
+<!--
+  List the Key Features of the Integration
+-->
+<ul class="simple">
+<li><p>Make traffic change requests</p></li>
+<li><p>Get the details of a traffic change request</p></li>
+<li><p>Make a traffic simulation query</p></li>
+</ul>
+</section>
+</section>
+<hr class="docutils" />
+<section id="requirements">
+<h2>Requirements<a class="headerlink" href="#requirements" title="Link to this heading">¶</a></h2>
+<p>This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRadar SOAR for IBM Cloud Pak for Security.</p>
+<section id="soar-platform">
+<h3>SOAR platform<a class="headerlink" href="#soar-platform" title="Link to this heading">¶</a></h3>
+<p>The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.</p>
+<p>If deploying to a SOAR platform with an App Host, the requirements are:</p>
+<ul class="simple">
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0.0.9340</span></code>.</p></li>
+<li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
+</ul>
+<p>If deploying to a SOAR platform with an integration server, the requirements are:</p>
+<ul>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0.0.9340</span></code>.</p></li>
+<li><p>The app is in the older integration format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file which contains a <code class="docutils literal notranslate"><span class="pre">tar.gz</span></code> file).</p></li>
+<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient-circuits&gt;=51.0.0</span></code>.</p></li>
+<li><p>If using an API key account, make sure the account provides the following minimum permissions:</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head"><p>Permissions</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Org Data</p></td>
+<td><p>Read</p></td>
+</tr>
+<tr class="row-odd"><td><p>Function</p></td>
+<td><p>Read</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</li>
+</ul>
+<p>The following SOAR platform guides provide additional information:</p>
+<ul class="simple">
+<li><p><em>Edge Gateway Deployment Guide</em> or <em>App Host Deployment Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings.</p></li>
+<li><p><em>Integration Server Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings.</p></li>
+<li><p><em>System Administrator Guide</em>: provides the procedure to install, configure and deploy apps.</p></li>
+</ul>
+<p>The above guides are available on the IBM Documentation website at <a class="reference external" href="https://ibm.biz/soar-docs">ibm.biz/soar-docs</a>. On this web page, select your SOAR platform version. On the follow-on page, you can find the <em>Edge Gateway Deployment Guide</em>, <em>App Host Deployment Guide</em>, or <em>Integration Server Guide</em> by expanding <strong>Apps</strong> in the Table of Contents pane. The System Administrator Guide is available by expanding <strong>System Administrator</strong>.</p>
+</section>
+<section id="cloud-pak-for-security">
+<h3>Cloud Pak for Security<a class="headerlink" href="#cloud-pak-for-security" title="Link to this heading">¶</a></h3>
+<p>If you are deploying to IBM Cloud Pak for Security, the requirements are:</p>
+<ul class="simple">
+<li><p>IBM Cloud Pak for Security &gt;= <code class="docutils literal notranslate"><span class="pre">1.10.15</span></code>.</p></li>
+<li><p>Cloud Pak is configured with an Edge Gateway.</p></li>
+<li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
+</ul>
+<p>The following Cloud Pak guides provide additional information:</p>
+<ul class="simple">
+<li><p><em>Edge Gateway Deployment Guide</em> or <em>App Host Deployment Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings. From the Table of Contents, select Case Management and Orchestration &amp; Automation &gt; <strong>Orchestration and Automation Apps</strong>.</p></li>
+<li><p><em>System Administrator Guide</em>: provides information to install, configure, and deploy apps. From the IBM Cloud Pak for Security IBM Documentation table of contents, select Case Management and Orchestration &amp; Automation &gt; <strong>System administrator</strong>.</p></li>
+</ul>
+<p>These guides are available on the IBM Documentation website at <a class="reference external" href="https://ibm.biz/cp4s-docs">ibm.biz/cp4s-docs</a>. From this web page, select your IBM Cloud Pak for Security version. From the version-specific IBM Documentation page, select Case Management and Orchestration &amp; Automation.</p>
+</section>
+<section id="proxy-server">
+<h3>Proxy Server<a class="headerlink" href="#proxy-server" title="Link to this heading">¶</a></h3>
+<p>The app <strong>does</strong> support a proxy server.</p>
+</section>
+<section id="python-environment">
+<h3>Python Environment<a class="headerlink" href="#python-environment" title="Link to this heading">¶</a></h3>
+<p>Python 3.9, 3.11, and 3.12 are officially supported. When deployed as an app, the app runs on Python 3.11.
+Additional package dependencies may exist for each of these packages:</p>
+<ul class="simple">
+<li><p>resilient-circuits&gt;=51.0.0</p></li>
+</ul>
+</section>
+</section>
+<hr class="docutils" />
+<section id="installation">
+<h2>Installation<a class="headerlink" href="#installation" title="Link to this heading">¶</a></h2>
+<section id="install">
+<h3>Install<a class="headerlink" href="#install" title="Link to this heading">¶</a></h3>
+<ul class="simple">
+<li><p>To install or uninstall an App or Integration on the <em>SOAR platform</em>, see the documentation at <a class="reference external" href="https://ibm.biz/soar-docs">ibm.biz/soar-docs</a>.</p></li>
+<li><p>To install or uninstall an App on <em>IBM Cloud Pak for Security</em>, see the documentation at <a class="reference external" href="https://ibm.biz/cp4s-docs">ibm.biz/cp4s-docs</a> and follow the instructions above to navigate to Orchestration and Automation.</p></li>
+</ul>
+</section>
+<section id="app-configuration">
+<h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link to this heading">¶</a></h3>
+<p>The following table provides the settings you need to configure the app. These settings are made in the app.config file. See the documentation discussed in the Requirements section for the procedure.</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Config</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Description</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><strong>password</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">algosec</span></code></p></td>
+<td><p><em>The password for the AlgoSec login.</em></p></td>
+</tr>
+<tr class="row-odd"><td><p><strong>server_ip</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">local.algosec.com</span></code></p></td>
+<td><p><em>The address of the AlgoSec server. Either an IP address or fully qualified domain name</em></p></td>
+</tr>
+<tr class="row-even"><td><p><strong>username</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">admin</span></code></p></td>
+<td><p><em>The username for the AlgoSec login.</em></p></td>
+</tr>
+<tr class="row-odd"><td><p><strong>verify</strong></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">true</span></code></p></td>
+<td><p><em>True to connect with SSL.</em></p></td>
+</tr>
+<tr class="row-even"><td><p><strong>https_proxy</strong></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p>``</p></td>
+<td><p><em>Https proxy to use when connecting to the AlgoSec server.</em></p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+</section>
+<hr class="docutils" />
+<section id="function-algosec-traffic-change-request">
+<h2>Function - AlgoSec: Traffic Change Request<a class="headerlink" href="#function-algosec-traffic-change-request" title="Link to this heading">¶</a></h2>
+<p>Create a traffic change request with AlgoSec’s FireFlow</p>
+<p><img alt="screenshot: fn-algosec-traffic-change-request " src="../_images/fn-algosec-traffic-change-request.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_application</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">any</span></code></p></td>
+<td><p>Application(s) for the rule. Multiple values are separated by commas (,). If empty, the query runs on application: ‘any’</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_destination</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">8.8.8.8</span></code></p></td>
+<td><p>Destination(s) IP address for the query. Multiple values are separated by commas (,).</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_service</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">*</span></code></p></td>
+<td><p>Service(s) for the query. Multiple values are separated by commas (,).</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_source</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">1.1.1.1</span></code></p></td>
+<td><p>Source to use. Either a single source or a comma separated list of sources</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_traffic_change_action</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">Drop</span></code></p></td>
+<td><p>Action: Allow or Drop</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_traffic_change_request_description</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">Traffic</span> <span class="pre">Change</span> <span class="pre">Request</span> <span class="pre">initiated</span> <span class="pre">by</span> <span class="pre">the</span> <span class="pre">IBM</span> <span class="pre">SOAR</span> <span class="pre">Integration.</span></code></p></td>
+<td><p>The description of the traffic change request</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_traffic_change_request_devices</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Comma separated list of devices</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_traffic_change_request_subject</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">IBM</span> <span class="pre">SOAR</span> <span class="pre">Traffic</span> <span class="pre">Change</span> <span class="pre">Request</span></code></p></td>
+<td><p>Subject of the traffic change request</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_traffic_change_template</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Name of template to use</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_user</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">any</span></code></p></td>
+<td><p>User(s) who created the rule. Multiple values are separated by commas (,). If empty, the query runs on user: ‘any’</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;data&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;changeRequestId&quot;</span><span class="p">:</span> <span class="mi">11</span><span class="p">,</span>
+      <span class="s2">&quot;redirectUrl&quot;</span><span class="p">:</span> <span class="s2">&quot;https://1.2.3.4/FireFlow/Ticket/Display.html?id=11&quot;</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;messages&quot;</span><span class="p">:</span> <span class="p">[],</span>
+    <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="s2">&quot;Success&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;algosec_destination&quot;</span><span class="p">:</span> <span class="s2">&quot;any, 1.1.1.1&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;algosec_service&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;algosec_source&quot;</span><span class="p">:</span> <span class="s2">&quot;1.1.1.1, any&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;algosec_traffic_change_action&quot;</span><span class="p">:</span> <span class="s2">&quot;Drop&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;algosec_traffic_change_request_description&quot;</span><span class="p">:</span> <span class="s2">&quot;Isolation Request initiated by the IBM SOAR Integration.&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;algosec_traffic_change_request_subject&quot;</span><span class="p">:</span> <span class="s2">&quot;IBM SOAR Isolation Request for 1.1.1.1&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;algosec_traffic_change_template&quot;</span><span class="p">:</span> <span class="s2">&quot;Basic Change Traffic Request&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">9129</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-algosec&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-02 09:26:21&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">algosec_source</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2">, any&quot;</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_traffic_change_action</span> <span class="o">=</span> <span class="s2">&quot;Drop&quot;</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_destination</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;any, </span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2">&quot;</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_service</span> <span class="o">=</span> <span class="s2">&quot;any&quot;</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_traffic_change_request_description</span> <span class="o">=</span> <span class="s2">&quot;Isolation Request initiated by the IBM SOAR Integration.&quot;</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_traffic_change_request_subject</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;IBM SOAR Isolation Request for </span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2">&quot;</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_traffic_change_template</span> <span class="o">=</span> <span class="s2">&quot;Basic Change Traffic Request&quot;</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">json</span> <span class="kn">import</span> <span class="n">dumps</span>
+<span class="c1"># Results from the traffic change request call</span>
+<span class="n">change_request</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">isolate_host_results</span>
+<span class="n">request_data</span> <span class="o">=</span> <span class="n">change_request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="c1"># Results from getting the traffic change request details</span>
+<span class="n">request_details</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">change_request_details</span>
+<span class="n">details_data</span> <span class="o">=</span> <span class="n">request_details</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="p">{})</span>
+
+<span class="k">if</span> <span class="n">change_request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="c1"># Add Row</span>
+  <span class="n">row</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;algosec_isolation_requests&quot;</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_id&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">request_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;changeRequestId&quot;</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;hostname&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_url&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">request_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;redirectUrl&quot;</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_body&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">dumps</span><span class="p">(</span><span class="n">details_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;fields&quot;</span><span class="p">,</span> <span class="p">{}),</span> <span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_original_traffic&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">dumps</span><span class="p">(</span><span class="n">details_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;originalTraffic&quot;</span><span class="p">,</span> <span class="p">{}),</span> <span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_planned_traffic&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">dumps</span><span class="p">(</span><span class="n">details_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;plannedTraffic&quot;</span><span class="p">,</span> <span class="p">{}),</span> <span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Isolate Host from Network on host </span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2"> failed with reason: </span><span class="si">{</span><span class="n">change_request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">,</span><span class="w"> </span><span class="s1">&#39;&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-algosec-traffic-change-request-details">
+<h2>Function - AlgoSec: Traffic Change Request Details<a class="headerlink" href="#function-algosec-traffic-change-request-details" title="Link to this heading">¶</a></h2>
+<p>Returns full details about a specified change request, including custom fields configured for the template.</p>
+<p><img alt="screenshot: fn-algosec-traffic-change-request-details " src="../_images/fn-algosec-traffic-change-request-details.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_change_request_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">3</span></code></p></td>
+<td><p>The ID of the change request you want to return data for.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;data&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;fields&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Owner&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;admin</span><span class="se">\u003c</span><span class="s2">admin@example.com</span><span class="se">\u003e</span><span class="s2">&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Workflow&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;Basic&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Creator&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;admin</span><span class="se">\u003c</span><span class="s2">admin@example.com</span><span class="se">\u003e</span><span class="s2">&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Subject&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;IBM SOAR Isolation Request for 1.1.1.1&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Ticket Template Name&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;Basic Change Traffic Request&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Change Request Description&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;Isolation Request initiated by the IBM SOAR Integration.&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;LastUpdated&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;2024-08-02 09:26:26&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Requestor&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;admin</span><span class="se">\u003c</span><span class="s2">admin@example.com</span><span class="se">\u003e</span><span class="s2">&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Form Type&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;Traffic Change&quot;</span>
+          <span class="p">]</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;status&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;open&quot;</span>
+          <span class="p">]</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="mi">11</span><span class="p">,</span>
+      <span class="s2">&quot;originalTraffic&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;Drop&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;application&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;destination&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">},</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;1.1.1.1&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;fields&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Requested URL Category&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+                <span class="s2">&quot;any&quot;</span>
+              <span class="p">]</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;service&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;source&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;1.1.1.1&quot;</span>
+              <span class="p">},</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;user&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">}</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;plannedTraffic&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;Drop&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;application&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;destination&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">},</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;1.1.1.1&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;fields&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Change URL Category&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
+                <span class="s2">&quot;any&quot;</span>
+              <span class="p">]</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;service&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;*&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;source&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;1.1.1.1&quot;</span>
+              <span class="p">},</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;user&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;items&quot;</span><span class="p">:</span> <span class="p">[</span>
+              <span class="p">{</span>
+                <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span>
+              <span class="p">}</span>
+            <span class="p">]</span>
+          <span class="p">}</span>
+        <span class="p">}</span>
+      <span class="p">]</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;messages&quot;</span><span class="p">:</span> <span class="p">[],</span>
+    <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="s2">&quot;Success&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;algosec_change_request_id&quot;</span><span class="p">:</span> <span class="mi">11</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">8305</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-algosec&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-02 09:26:31&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">data</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">isolate_host_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_change_request_id</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;changeRequestId&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">json</span> <span class="kn">import</span> <span class="n">dumps</span>
+<span class="c1"># Results from the traffic change request call</span>
+<span class="n">change_request</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">isolate_host_results</span>
+<span class="n">request_data</span> <span class="o">=</span> <span class="n">change_request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="c1"># Results from getting the traffic change request details</span>
+<span class="n">request_details</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">change_request_details</span>
+<span class="n">details_data</span> <span class="o">=</span> <span class="n">request_details</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="p">{})</span>
+
+<span class="k">if</span> <span class="n">change_request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="c1"># Add Row</span>
+  <span class="n">row</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;algosec_isolation_requests&quot;</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_id&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">request_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;changeRequestId&quot;</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;hostname&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_url&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">request_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;redirectUrl&quot;</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_body&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">dumps</span><span class="p">(</span><span class="n">details_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;fields&quot;</span><span class="p">,</span> <span class="p">{}),</span> <span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_original_traffic&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">dumps</span><span class="p">(</span><span class="n">details_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;originalTraffic&quot;</span><span class="p">,</span> <span class="p">{}),</span> <span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span>
+  <span class="n">row</span><span class="p">[</span><span class="s1">&#39;traffic_change_request_planned_traffic&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">dumps</span><span class="p">(</span><span class="n">details_data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;plannedTraffic&quot;</span><span class="p">,</span> <span class="p">{}),</span> <span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Isolate Host from Network on host </span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2"> failed with reason: </span><span class="si">{</span><span class="n">change_request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">,</span><span class="w"> </span><span class="s1">&#39;&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-algosec-traffic-simulation-query">
+<h2>Function - AlgoSec: Traffic Simulation Query<a class="headerlink" href="#function-algosec-traffic-simulation-query" title="Link to this heading">¶</a></h2>
+<p>Performs a batch Traffic Simulation Query on a single device or group of devices.</p>
+<p><img alt="screenshot: fn-algosec-traffic-simulation-query " src="../_images/fn-algosec-traffic-simulation-query.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_application</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">any</span></code></p></td>
+<td><p>Application(s) for the rule. Multiple values are separated by commas (,). If empty, the query runs on application: ‘any’</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_destination</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">8.8.8.8</span></code></p></td>
+<td><p>Destination(s) IP address for the query. Multiple values are separated by commas (,).</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_includedevicespaths</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">boolean</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>true: Includes devices paths section in response (devicesInPath).</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_includeruleszones</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">boolean</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>true: Includes source/destination zones of rule of zone-based devices in response (sourceZone, destinationZone).</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_query_target</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">ALL_FIREWALLS</span></code></p></td>
+<td><p>Name of a device or group the query will run on. If empty, the query runs on the entire network and all permitted devices for the user.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_service</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">*</span></code></p></td>
+<td><p>Service(s) for the query. Multiple values are separated by commas (,).</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_source</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">1.1.1.1</span></code></p></td>
+<td><p>Source to use</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">algosec_user</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">any</span></code></p></td>
+<td><p>User(s) who created the rule. Multiple values are separated by commas (,). If empty, the query runs on user: ‘any’</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;queryResult&quot;</span><span class="p">:</span> <span class="p">[</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;finalResult&quot;</span><span class="p">:</span> <span class="s2">&quot;Not routed&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;fipResult&quot;</span><span class="p">:</span> <span class="s2">&quot;Unreachable&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;queryDescription&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.3.5=</span><span class="se">\u003e</span><span class="s2">8.8.8.8:any:any:any&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;queryHTMLPath&quot;</span><span class="p">:</span> <span class="s2">&quot;https://aglosec/fa/query/results/#/work/ALL_FIREWALLS_query-1722608134438/&quot;</span>
+      <span class="p">}</span>
+    <span class="p">],</span>
+    <span class="s2">&quot;queryUIResult&quot;</span><span class="p">:</span> <span class="s2">&quot;https://aglosec/fa/query/results/#/work/ALL_FIREWALLS_query-1722608134438/&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;algosec_destination&quot;</span><span class="p">:</span> <span class="s2">&quot;8.8.8.8&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;algosec_service&quot;</span><span class="p">:</span> <span class="s2">&quot;any&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;algosec_source&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.3.5&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">9827</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-algosec&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-02 09:59:19&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">algosec_source</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_destination</span> <span class="o">=</span> <span class="s2">&quot;8.8.8.8&quot;</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">algosec_service</span> <span class="o">=</span> <span class="s2">&quot;any&quot;</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">inet_check_output</span>
+<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+
+<span class="c1"># Processing if the function is a success</span>
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="k">for</span> <span class="n">queryResult</span> <span class="ow">in</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;queryResult&quot;</span><span class="p">,</span> <span class="p">[]):</span>
+    <span class="c1"># Add Row</span>
+    <span class="n">row</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;algosec_internet_connectivity_queries&quot;</span><span class="p">)</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">artifact_ip</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">query_description</span> <span class="o">=</span> <span class="n">queryResult</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;queryDescription&quot;</span><span class="p">)</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">traffic_simulation_fip_results</span> <span class="o">=</span> <span class="n">queryResult</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;fipResult&quot;</span><span class="p">)</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">traffic_simulation_final_results</span> <span class="o">=</span> <span class="n">queryResult</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;finalResult&quot;</span><span class="p">)</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">query_html_path</span> <span class="o">=</span> <span class="n">queryResult</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;queryHTMLPath&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="playbooks">
+<h2>Playbooks<a class="headerlink" href="#playbooks" title="Link to this heading">¶</a></h2>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Playbook Name</p></th>
+<th class="head"><p>Description</p></th>
+<th class="head"><p>Activation Type</p></th>
+<th class="head"><p>Object</p></th>
+<th class="head"><p>Status</p></th>
+<th class="head"><p>Condition</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>AlgoSec: Check Host Internet Connectivity - Example (PB)</p></td>
+<td><p>Check internet connection for a given “IP Address” artifact using AlgoSec FireFlow. The connectivity query results are updated in the incident’s Data Table called “AlgoSec Internet Connection”</p></td>
+<td><p>Manual</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">in</span> <span class="pre">['IP</span> <span class="pre">Address',</span> <span class="pre">'DNS</span> <span class="pre">Name',</span> <span class="pre">'Network</span> <span class="pre">CIDR</span> <span class="pre">Range']</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>AlgoSec: Isolate from Network - Example (PB)</p></td>
+<td><p>Isolate an “IP Address” artifact using AlgoSec FireFlow. The FireFlow isolation request details are updated in the incident’s Data Table called “AlgoSec Isolation Requests”.</p></td>
+<td><p>Manual</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">in</span> <span class="pre">['IP</span> <span class="pre">Address',</span> <span class="pre">'DNS</span> <span class="pre">Name',</span> <span class="pre">'Network</span> <span class="pre">CIDR</span> <span class="pre">Range']</span></code></p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+<hr class="docutils" />
+<section id="custom-layouts">
+<h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h2>
+<!--
+  Use this section to provide guidance on where the user should add any custom fields and data tables.
+  You may wish to recommend a new incident tab.
+  You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
+-->
+<ul>
+<li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts.png" /></p>
+</li>
+</ul>
+</section>
+<section id="data-table-connectivity-to-internet-algosec">
+<h2>Data Table - Connectivity to Internet (AlgoSec)<a class="headerlink" href="#data-table-connectivity-to-internet-algosec" title="Link to this heading">¶</a></h2>
+<p><img alt="screenshot: dt-connectivity-to-internet-algosec" src="../_images/dt-connectivity-to-internet-algosec.png" /></p>
+<section id="api-name">
+<h3>API Name:<a class="headerlink" href="#api-name" title="Link to this heading">¶</a></h3>
+<p>algosec_internet_connectivity_queries</p>
+</section>
+<section id="columns">
+<h3>Columns:<a class="headerlink" href="#columns" title="Link to this heading">¶</a></h3>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Column Name</p></th>
+<th class="head"><p>API Access Name</p></th>
+<th class="head"><p>Type</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Artifact IP</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact_ip</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>The given address</p></td>
+</tr>
+<tr class="row-odd"><td><p>Final Results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">traffic_simulation_final_results</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
+<td><p>One of the following: allowed, blocked, partially allowed, not routed</p></td>
+</tr>
+<tr class="row-even"><td><p>FIP Results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">traffic_simulation_fip_results</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
+<td><p>One of the following: Unreachable, SameZone, Routed, PartiallyRouted, NotExecuted, Unknown</p></td>
+</tr>
+<tr class="row-odd"><td><p>Query Description</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">query_description</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>Description of query.</p></td>
+</tr>
+<tr class="row-even"><td><p>Traffic Simulation Query HTML Path</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">query_html_path</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
+<td><p>URL to the results in the UI.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+</section>
+<hr class="docutils" />
+<section id="data-table-isolation-change-requests-algosec">
+<h2>Data Table - Isolation Change Requests (AlgoSec)<a class="headerlink" href="#data-table-isolation-change-requests-algosec" title="Link to this heading">¶</a></h2>
+<p><img alt="screenshot: dt-isolation-change-requests-algosec" src="../_images/dt-isolation-change-requests-algosec.png" /></p>
+<section id="id1">
+<h3>API Name:<a class="headerlink" href="#id1" title="Link to this heading">¶</a></h3>
+<p>algosec_isolation_requests</p>
+</section>
+<section id="id2">
+<h3>Columns:<a class="headerlink" href="#id2" title="Link to this heading">¶</a></h3>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Column Name</p></th>
+<th class="head"><p>API Access Name</p></th>
+<th class="head"><p>Type</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Artifact IP</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">hostname</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Original Traffic</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">traffic_change_request_original_traffic</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
+<td><p>The original traffic</p></td>
+</tr>
+<tr class="row-even"><td><p>Planned Traffic</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">traffic_change_request_planned_traffic</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
+<td><p>The planned traffic</p></td>
+</tr>
+<tr class="row-odd"><td><p>Redirect URL</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">traffic_change_request_url</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
+<td><p>The redirect URL for the traffic change request.</p></td>
+</tr>
+<tr class="row-even"><td><p>Request Body</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">traffic_change_request_body</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
+<td><p>The request body of the traffic change request.</p></td>
+</tr>
+<tr class="row-odd"><td><p>Traffic Change Request ID</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">traffic_change_request_id</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
+<td><p>The ID of the traffic change request.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+</section>
+<hr class="docutils" />
+<section id="troubleshooting-support">
+<h2>Troubleshooting &amp; Support<a class="headerlink" href="#troubleshooting-support" title="Link to this heading">¶</a></h2>
+<p>Refer to the documentation listed in the Requirements section for troubleshooting information.</p>
+<section id="for-support">
+<h3>For Support<a class="headerlink" href="#for-support" title="Link to this heading">¶</a></h3>
+<p>This is an IBM supported app. Please search <a class="reference external" href="https://ibm.com/mysupport">ibm.com/mysupport</a> for assistance.</p>
+</section>
+</section>
+</section>
+
+        </article>
+      </div>
+      <footer>
+        
+        <div class="related-pages">
+          <a class="next-page" href="../fn_abuseipdb/README.html">
+              <div class="page-info">
+                <div class="context">
+                  <span>Next</span>
+                </div>
+                <div class="title">AbuseIPDB</div>
+              </div>
+              <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
+            </a>
+          <a class="prev-page" href="../docs/python_api.html">
+              <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
+              <div class="page-info">
+                <div class="context">
+                  <span>Previous</span>
+                </div>
+                
+                <div class="title">IBM SOAR Python Documentation</div>
+                
+              </div>
+            </a>
+        </div>
+        <div class="bottom-of-page">
+          <div class="left-details">
+            <div class="copyright">
+                Copyright &#169; 
+            </div>
+            Made with <a href="https://www.sphinx-doc.org/">Sphinx</a> and <a class="muted-link" href="https://pradyunsg.me">@pradyunsg</a>'s
+            
+            <a href="https://github.com/pradyunsg/furo">Furo</a>
+            
+          </div>
+          <div class="right-details">
+            
+          </div>
+        </div>
+        
+      </footer>
+    </div>
+    <aside class="toc-drawer">
+      
+      
+      <div class="toc-sticky toc-scroll">
+        <div class="toc-title-container">
+          <span class="toc-title">
+            On this page
+          </span>
+        </div>
+        <div class="toc-tree-container">
+          <div class="toc-tree">
+            <ul>
+<li><a class="reference internal" href="#">IBM SOAR integration for AlgoSec</a><ul>
+<li><a class="reference internal" href="#table-of-contents">Table of Contents</a></li>
+<li><a class="reference internal" href="#release-notes">Release Notes</a></li>
+<li><a class="reference internal" href="#overview">Overview</a><ul>
+<li><a class="reference internal" href="#key-features">Key Features</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#requirements">Requirements</a><ul>
+<li><a class="reference internal" href="#soar-platform">SOAR platform</a></li>
+<li><a class="reference internal" href="#cloud-pak-for-security">Cloud Pak for Security</a></li>
+<li><a class="reference internal" href="#proxy-server">Proxy Server</a></li>
+<li><a class="reference internal" href="#python-environment">Python Environment</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#installation">Installation</a><ul>
+<li><a class="reference internal" href="#install">Install</a></li>
+<li><a class="reference internal" href="#app-configuration">App Configuration</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#function-algosec-traffic-change-request">Function - AlgoSec: Traffic Change Request</a></li>
+<li><a class="reference internal" href="#function-algosec-traffic-change-request-details">Function - AlgoSec: Traffic Change Request Details</a></li>
+<li><a class="reference internal" href="#function-algosec-traffic-simulation-query">Function - AlgoSec: Traffic Simulation Query</a></li>
+<li><a class="reference internal" href="#playbooks">Playbooks</a></li>
+<li><a class="reference internal" href="#custom-layouts">Custom Layouts</a></li>
+<li><a class="reference internal" href="#data-table-connectivity-to-internet-algosec">Data Table - Connectivity to Internet (AlgoSec)</a><ul>
+<li><a class="reference internal" href="#api-name">API Name:</a></li>
+<li><a class="reference internal" href="#columns">Columns:</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#data-table-isolation-change-requests-algosec">Data Table - Isolation Change Requests (AlgoSec)</a><ul>
+<li><a class="reference internal" href="#id1">API Name:</a></li>
+<li><a class="reference internal" href="#id2">Columns:</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#troubleshooting-support">Troubleshooting &amp; Support</a><ul>
+<li><a class="reference internal" href="#for-support">For Support</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+
+          </div>
+        </div>
+      </div>
+      
+      
+    </aside>
+  </div>
+</div><script src="../_static/documentation_options.js?v=5929fcd5"></script>
+    <script src="../_static/doctools.js?v=9a2dae69"></script>
+    <script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
+    <script src="../_static/scripts/furo.js?v=5fa4622c"></script>
+    <script src="../_static/clipboard.min.js?v=a7894cd8"></script>
+    <script src="../_static/copybutton.js?v=f281be69"></script>
+    <script src="../_static/design-tabs.js?v=f930bc37"></script>
+    <script src="../_static/js/custom.js?v=a365c389"></script>
+    </body>
+</html>
\ No newline at end of file
diff --git a/fn_alienvault_otx/README.html b/fn_alienvault_otx/README.html
index 581639864..42b32be3f 100644
--- a/fn_alienvault_otx/README.html
+++ b/fn_alienvault_otx/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_anomali_staxx/README.html b/fn_anomali_staxx/README.html
index acca9c8d4..137f0e268 100644
--- a/fn_anomali_staxx/README.html
+++ b/fn_anomali_staxx/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_ansible/README.html b/fn_ansible/README.html
index 39e2df69d..0f497b65a 100644
--- a/fn_ansible/README.html
+++ b/fn_ansible/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -484,7 +486,7 @@ <h2>1.2.0 Changes<a class="headerlink" href="#changes" title="Link to this headi
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Run Ansible Playbooks and Modules</strong></p>
-<p><img alt="screenshot: main" src="../_images/main1.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main2.png" /></p>
 <p>This app runs the Ansible environment to allow the running of playbooks and modules against your enterprise.
 Specify the playbooks, hosts and environment variables necessary for execution.</p>
 <section id="key-features">
diff --git a/fn_ansible_tower/README.html b/fn_ansible_tower/README.html
index e8a3f9320..9ad3e7070 100644
--- a/fn_ansible_tower/README.html
+++ b/fn_ansible_tower/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -487,7 +489,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
 <li><p>List Jobs run filtered by status or date</p></li>
 <li><p>Return Job run results</p></li>
 </ul>
-<p><img alt="screenshot: main" src="../_images/main2.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main3.png" /></p>
 </section>
 <hr class="docutils" />
 <section id="requirements">
@@ -636,7 +638,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts1.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_api_void/README.html b/fn_api_void/README.html
index 7fc9f54f8..4853ac970 100644
--- a/fn_api_void/README.html
+++ b/fn_api_void/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -496,7 +498,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>A IBM QRadar SOAR Function to integrate with the APIVoid API</strong></p>
-<p><img alt="screenshot: main" src="../_images/main3.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main4.png" /></p>
 <p>Provides APIVoid’s threat intelligence to enrich SOAR artifacts</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_apility/README.html b/fn_apility/README.html
index a266dd6da..5cd5b02f2 100644
--- a/fn_apility/README.html
+++ b/fn_apility/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_aws_guardduty/README.html b/fn_aws_guardduty/README.html
index b522d0faf..cc5757c60 100644
--- a/fn_aws_guardduty/README.html
+++ b/fn_aws_guardduty/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -514,7 +516,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Amazon AWS GuardDuty Integration for Resilient.</strong></p>
-<p><img alt="screenshot: main" src="../_images/main4.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main5.png" /></p>
 <p>Amazon AWS GuardDuty is a continuous security monitoring service that identifies unexpected and potentially unauthorized and malicious activity within an AWS environment.
 GuardDuty informs the user of the status of their AWS environment by producing security findings that can be viewed in the GuardDuty console.
 A finding is a potential security issue discovered by GuardDuty.</p>
diff --git a/fn_aws_iam/README.html b/fn_aws_iam/README.html
index dc9c245f8..0e5ce8251 100644
--- a/fn_aws_iam/README.html
+++ b/fn_aws_iam/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_aws_utilities/README.html b/fn_aws_utilities/README.html
index 0306e1576..be6b605d0 100644
--- a/fn_aws_utilities/README.html
+++ b/fn_aws_utilities/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_axonius/README.html b/fn_axonius/README.html
index fa72735a9..a62ded4a4 100644
--- a/fn_axonius/README.html
+++ b/fn_axonius/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -522,7 +524,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
 -->
 <p><strong>Axonius Cybersecurity Asset Management</strong></p>
 <p>This app provide Axonius device data enrichment to SOAR cases.</p>
-<p><img alt="screenshot: main" src="../_images/main5.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main6.png" /></p>
 <p>Provide Axonius device data enrichment to SOAR cases.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -1823,7 +1825,7 @@ <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
   You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
 -->
 <p>The app automatically creates a custom <code class="docutils literal notranslate"><span class="pre">Axonius</span></code> tab on first run of either the <code class="docutils literal notranslate"><span class="pre">axonius_get_device_by_query</span></code> or <code class="docutils literal notranslate"><span class="pre">axonius_get_device_count</span></code> functions:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts1.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts2.png" /></p>
 </section>
 <section id="data-table-axonius-devices">
 <h2>Data Table - Axonius Devices<a class="headerlink" href="#data-table-axonius-devices" title="Link to this heading">¶</a></h2>
diff --git a/fn_azure_automation_utilities/README.html b/fn_azure_automation_utilities/README.html
index 32317c37e..a21592a55 100644
--- a/fn_azure_automation_utilities/README.html
+++ b/fn_azure_automation_utilities/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -491,7 +493,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR App for Azure Automation</strong></p>
-<p><img alt="screenshot: main" src="../_images/main6.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main7.png" /></p>
 <p>This app allows interaction with the following Azure Automation resources:</p>
 <ul class="simple">
 <li><p>Automation Accounts</p></li>
@@ -673,7 +675,7 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts2.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts3.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_bigfix/README.html b/fn_bigfix/README.html
index 0161795c7..209bcce60 100644
--- a/fn_bigfix/README.html
+++ b/fn_bigfix/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -489,7 +491,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>SOAR Components for BigFix</strong></p>
-<p><img alt="screenshot: main" src="../_images/main7.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main8.png" /></p>
 <p>BigFix is a systems-management platform for managing a large numbers of endpoints.
 The BigFix integration with the SOAR platform allows for the querying and updating of a BigFix deployment. The integration includes a function to query for IOCs in the BigFix environment. Returned results can be used to remediate issues or hits, such as a malicious path or filename, a service or process name, or a registry key. The integration can also be used to query properties of an endpoint.</p>
 <section id="key-features">
@@ -657,7 +659,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts3.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts4.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_bmc_helix/README.html b/fn_bmc_helix/README.html
index 9228a6826..0a468101d 100644
--- a/fn_bmc_helix/README.html
+++ b/fn_bmc_helix/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -469,7 +471,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>BMC Helix for IBM SOAR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main8.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main9.png" /></p>
 <p>This integration provides the capability to create new incidents in BMC Helix from SOAR tasks and cases via the HPD:IncidentInterface_Create form over the REST API. Once the task or case is complete, this integration also provides the capability to close existing BMC Helix Incidents.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -633,7 +635,7 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts4.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts5.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_calendar_invite/README.html b/fn_calendar_invite/README.html
index 9bd6abb2c..b02cfc744 100644
--- a/fn_calendar_invite/README.html
+++ b/fn_calendar_invite/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_cb_protection/README.html b/fn_cb_protection/README.html
index c5dce8c46..d336be904 100644
--- a/fn_cb_protection/README.html
+++ b/fn_cb_protection/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_cisco_amp4ep/README.html b/fn_cisco_amp4ep/README.html
index ec0b65c90..ef1cd575d 100644
--- a/fn_cisco_amp4ep/README.html
+++ b/fn_cisco_amp4ep/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -512,7 +514,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR Components for Cisco Secure Endpoint</strong></p>
-<p><img alt="screenshot: main" src="../_images/main9.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main10.png" /></p>
 <p>The Cisco Secure Endpoint (formerly, Cisco AMP for Endpoints) integration with the SOAR platform allows for the querying and updating of an AMP for Endpoints deployment. The integration includes functions that return results which show security events for endpoints in the deployment. The returned results can be used to make customized updates to the SOAR platform, such as updating incidents, artifacts, data tables and so on. The integration can also be used to make changes to a deployment including adding or removing a hash to a blacklist and moving an endpoint to a different group.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -3549,7 +3551,7 @@ <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Create a Cisco tab for an incident and add the Data Tables like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts5.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts6.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_cisco_asa/README.html b/fn_cisco_asa/README.html
index 7c2f31945..4093f23a3 100644
--- a/fn_cisco_asa/README.html
+++ b/fn_cisco_asa/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_cisco_enforcement/README.html b/fn_cisco_enforcement/README.html
index 36607c5aa..8324d41e4 100644
--- a/fn_cisco_enforcement/README.html
+++ b/fn_cisco_enforcement/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_cisco_umbrella_inv/README.html b/fn_cisco_umbrella_inv/README.html
index 96243642c..c2055a67c 100644
--- a/fn_cisco_umbrella_inv/README.html
+++ b/fn_cisco_umbrella_inv/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_clamav/README.html b/fn_clamav/README.html
index e30bbba1b..7b5b90bde 100644
--- a/fn_clamav/README.html
+++ b/fn_clamav/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_cloud_foundry/README.html b/fn_cloud_foundry/README.html
index 5fe4e26c8..4c08d0768 100644
--- a/fn_cloud_foundry/README.html
+++ b/fn_cloud_foundry/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_components/README.html b/fn_components/README.html
index cbf0de355..2356e46ed 100644
--- a/fn_components/README.html
+++ b/fn_components/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_create_webex_meeting/README.html b/fn_create_webex_meeting/README.html
index 8cb68dd42..b0513bce8 100644
--- a/fn_create_webex_meeting/README.html
+++ b/fn_create_webex_meeting/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_create_zoom_meeting/README.html b/fn_create_zoom_meeting/README.html
index f1bbaed36..5ae3aa1a9 100644
--- a/fn_create_zoom_meeting/README.html
+++ b/fn_create_zoom_meeting/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_crowdstrike_falcon/README.html b/fn_crowdstrike_falcon/README.html
index 1baa42f50..e6d918b6a 100644
--- a/fn_crowdstrike_falcon/README.html
+++ b/fn_crowdstrike_falcon/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_cve_search/README.html b/fn_cve_search/README.html
index 1322fbe62..54a2e7a71 100644
--- a/fn_cve_search/README.html
+++ b/fn_cve_search/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_darktrace/README.html b/fn_darktrace/README.html
index e106a9d7a..e083c85b9 100644
--- a/fn_darktrace/README.html
+++ b/fn_darktrace/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -514,7 +516,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>IBM SOAR app for bi-directional synchronization with Darktrace Threat Visualizer</strong></p>
-<p><img alt="screenshot: main" src="../_images/main10.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main11.png" /></p>
 <p>Bi-directional poller app for Darktrace. A poller provides near real-time pulls of AI Analyst Events as they are created and creates
 a case in SOAR for each group of events.</p>
 <p>As new events are added to a group, the case automatically updates with the new data.</p>
@@ -736,7 +738,7 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <ul>
 <li><p>The app automatically creates a custom “Darktrace Incident” tab on first install. But more customization can be made in that tab:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts6.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts7.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_datatable_utils/README.html b/fn_datatable_utils/README.html
index 0a4f8a56e..941e800fe 100644
--- a/fn_datatable_utils/README.html
+++ b/fn_datatable_utils/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -495,7 +497,7 @@ <h2><img alt="screenshot: main" src="../_images/playbooks.png" /><a class="heade
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Functions manipulate data in a Datatable</strong></p>
-<p><img alt="screenshot: main" src="../_images/main11.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main12.png" /></p>
 <p>This package contains 8 functions that help you manipulate IBM SOAR Data Tables: Add Row, Clear Datatable, Get Row, Get All Data Table Rows, Get Rows, Update Row, Delete Row, Delete Rows and Convert CSV Data to a datatable.</p>
 </section>
 <section id="requirements">
diff --git a/fn_digital_shadows_search/README.html b/fn_digital_shadows_search/README.html
index 8a8ed09a5..9d083b7f0 100644
--- a/fn_digital_shadows_search/README.html
+++ b/fn_digital_shadows_search/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_docker/README.html b/fn_docker/README.html
index 75f991054..e1506bba1 100644
--- a/fn_docker/README.html
+++ b/fn_docker/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_elasticsearch/README.html b/fn_elasticsearch/README.html
index 31d81dc0f..09eb2247c 100644
--- a/fn_elasticsearch/README.html
+++ b/fn_elasticsearch/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -519,7 +521,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>The app queries Elasticsearch using SOAR incident or artifact data.</strong></p>
-<p><img alt="screenshot: main" src="../_images/main12.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main13.png" /></p>
 <p>Allows users of the SOAR to connect to and query an ElasticSearch database. Users can specify the location of a remote ElasticSearch instance and query this instance for data within SOAR.</p>
 <p>Queries provided to the function must be properly formed to work. Please review the <a class="reference external" href="https://www.elastic.co/guide/en/elasticsearch/reference/6.3/search-request-body.html">ElasticSearch documentation</a> for examples on how to form your query. A number of example queries are available when setting up the function in a workflow.</p>
 <p><strong>Important caveat: Your ElasticSearch library version must match the major ElasticSearch version since changes might be introduced with each release. This app supports the recent version changes.</strong></p>
diff --git a/fn_email_header_validation/README.html b/fn_email_header_validation/README.html
index 525dde804..4965d095f 100644
--- a/fn_email_header_validation/README.html
+++ b/fn_email_header_validation/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_exchange/README.html b/fn_exchange/README.html
index 28eb329e5..31e6212d5 100644
--- a/fn_exchange/README.html
+++ b/fn_exchange/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -520,7 +522,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Integrate with Microsoft Exchange email and meeting functionality</strong></p>
-<p><img alt="screenshot: main" src="../_images/main13.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main14.png" /></p>
 <p>This application extends the capabilities of the SOAR platform with Microsoft Exchange On-prem services and functionality. Emails from an exchange mailbox can now be read, written, sent, queried, deleted, and moved from within the platform. Both Online and in-person meetings can be scheduled and invites can be sent using this application. All extracted information is now tabulated and neatly displayed in a separate incident tab. <br></p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_exchange_online/README.html b/fn_exchange_online/README.html
index 10d78ca6e..ddb72e00e 100644
--- a/fn_exchange_online/README.html
+++ b/fn_exchange_online/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -604,7 +606,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
 <p>The integration contains the following functions:
 <img alt="screenshot: main" src="../_images/EXO-functions.png" />
 <strong>Resilient Circuits Components for ‘fn_exchange_online’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main14.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main15.png" /></p>
 <p>QRadar SOAR Integration with Exchange Online provides the capability to access and manipulate Microsoft Exchange Online messages from QRadar SOAR.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -831,7 +833,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts7.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts8.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_extrahop/README.html b/fn_extrahop/README.html
index 83724a249..c8943b053 100644
--- a/fn_extrahop/README.html
+++ b/fn_extrahop/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -533,7 +535,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM Security SOAR app for ExtraHop</strong></p>
-<p><img alt="screenshot: main" src="../_images/main15.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main16.png" /></p>
 <p>ExtraHop is a cybersecurity cloud-native solution that provides AI-based network intelligence to help enterprises detect and respond to advanced threats.</p>
 <p>The ExtraHop App for IBM SOAR escalates ExtraHop detections into IBM Security SOAR as an incident/case and facilitates manual enrichment and remediation actions against an ExtraHop RevealX 360 environment in the IBM SOAR Platform.</p>
 <section id="key-features">
@@ -823,7 +825,7 @@ <h3>Custom Layout<a class="headerlink" href="#custom-layout" title="Link to this
 <li><p>Click Save.</p></li>
 </ol>
 <p>The following screenshot shows the ExtraHop properties and data tables added to the ExtraHop tab:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts8.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts9.png" /></p>
 </section>
 </section>
 <hr class="docutils" />
diff --git a/fn_floss/README.html b/fn_floss/README.html
index f4847fbf6..75ff2020e 100644
--- a/fn_floss/README.html
+++ b/fn_floss/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_geocoding/README.html b/fn_geocoding/README.html
index 0849f43d5..08369062b 100644
--- a/fn_geocoding/README.html
+++ b/fn_geocoding/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_github/README.html b/fn_github/README.html
index ca255dd1f..704608309 100644
--- a/fn_github/README.html
+++ b/fn_github/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -504,7 +506,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>SOAR Functions for GitHub</strong></p>
-<p><img alt="screenshot: main" src="../_images/main16.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main17.png" /></p>
 <p>Perform actions on GitHub repositories, branches, files, releases, commits and repositories.</p>
 <br>
 <p>Links:</p>
diff --git a/fn_google_cloud_dlp/README.html b/fn_google_cloud_dlp/README.html
index 38a2fcba7..2941322d8 100644
--- a/fn_google_cloud_dlp/README.html
+++ b/fn_google_cloud_dlp/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -514,7 +516,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Resilient Circuits Components for ‘fn_google_cloud_dlp’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main17.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main18.png" /></p>
 <p>The Resilient Integration with Google Cloud DLP provides tools to integrate into your Incident Response Plan. The integration brings Automation and Orchestration capabilities for either identifying, redacting or de-identifying Personally identifiable information (PII) in a body of text.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_google_cloud_functions/README.html b/fn_google_cloud_functions/README.html
index 7e17293aa..a6cf8fa39 100644
--- a/fn_google_cloud_functions/README.html
+++ b/fn_google_cloud_functions/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_google_cloud_scc/README.html b/fn_google_cloud_scc/README.html
index bcbc99829..2481ff314 100644
--- a/fn_google_cloud_scc/README.html
+++ b/fn_google_cloud_scc/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -509,7 +511,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR app with bidirectional synchronization and functions for Google Cloud SCC</strong></p>
-<p><img alt="screenshot: main" src="../_images/main18.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main19.png" /></p>
 <p>Bidirectional synchronization of Google Cloud Security Command Center findings. Additional functions are provided for manual synchronization, manually updating findings, and listing cloud assets monitored in Google SCC.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -718,7 +720,7 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <ul>
 <li><p>The app automatically creates a custom “Google SCC” incident tab on first install. But more customization can be made in that tab:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts9.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts10.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_google_maps_directions/README.html b/fn_google_maps_directions/README.html
index 762a6ed5a..b26cc5f5f 100644
--- a/fn_google_maps_directions/README.html
+++ b/fn_google_maps_directions/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_googlesafebrowsing/README.html b/fn_googlesafebrowsing/README.html
index 901df9d76..236679686 100644
--- a/fn_googlesafebrowsing/README.html
+++ b/fn_googlesafebrowsing/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -494,7 +496,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM Security SOAR app for ‘fn_googlesafebrowsing’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main19.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main20.png" /></p>
 <p>This app uses Google Safe Browsing to check artifacts with a URL type and adds a hit if the site is potentially unsafe. The hits contains a link to Google Transparency Report that gives information on the potentially unsafe url.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_greynoise/README.html b/fn_greynoise/README.html
index 16b3d6491..8627ccc28 100644
--- a/fn_greynoise/README.html
+++ b/fn_greynoise/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_grpc_interface/README.html b/fn_grpc_interface/README.html
index 09d9e8439..b060edce8 100644
--- a/fn_grpc_interface/README.html
+++ b/fn_grpc_interface/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_grr_search/README.html b/fn_grr_search/README.html
index b2dd13b93..0ab93ca2b 100644
--- a/fn_grr_search/README.html
+++ b/fn_grr_search/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_guardium_insights_integration/README.html b/fn_guardium_insights_integration/README.html
index 26d95527d..0d699c28f 100644
--- a/fn_guardium_insights_integration/README.html
+++ b/fn_guardium_insights_integration/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -872,7 +874,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts10.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts11.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_guardium_integration/README.html b/fn_guardium_integration/README.html
index f4bffd9d2..d171f570d 100644
--- a/fn_guardium_integration/README.html
+++ b/fn_guardium_integration/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_hibp/README.html b/fn_hibp/README.html
index 255b10d9f..5efa14f1d 100644
--- a/fn_hibp/README.html
+++ b/fn_hibp/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_html2pdf/README.html b/fn_html2pdf/README.html
index 1bd2d0d91..3d1bb0e7f 100644
--- a/fn_html2pdf/README.html
+++ b/fn_html2pdf/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_icdx/README.html b/fn_icdx/README.html
index fe2f0661d..093444e98 100644
--- a/fn_icdx/README.html
+++ b/fn_icdx/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_incident_utils/README.html b/fn_incident_utils/README.html
index 9dc0ddaf7..a4317bb98 100644
--- a/fn_incident_utils/README.html
+++ b/fn_incident_utils/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -513,7 +515,7 @@ <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this h
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Close Incident Function for IBM SOAR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main20.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main21.png" /></p>
 <p>This package contains a function that enables you to close an Incident: Close Incident</p>
 </section>
 </section>
diff --git a/fn_ioc_parser_v2/README.html b/fn_ioc_parser_v2/README.html
index 983ac0dfe..59abd7acd 100644
--- a/fn_ioc_parser_v2/README.html
+++ b/fn_ioc_parser_v2/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -471,7 +473,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>This function extracts Indicators of Compromise (IOCs) from Resilient attachments and files</strong></p>
-<p><img alt="screenshot: main" src="../_images/main21.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main22.png" /></p>
 <p>Uses the IOCParser Python Library to extract IOCs from Resilient Attachments and Artifacts. All unique IOCs that are found are added to the Resilient Incident as an Artifact</p>
 </section>
 <hr class="docutils" />
diff --git a/fn_ipinfo/README.html b/fn_ipinfo/README.html
index 790df3286..e488179b9 100644
--- a/fn_ipinfo/README.html
+++ b/fn_ipinfo/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_isitphishing/README.html b/fn_isitphishing/README.html
index f135aebe4..0c4422419 100644
--- a/fn_isitphishing/README.html
+++ b/fn_isitphishing/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_jira/README.html b/fn_jira/README.html
index c8bc2f196..93842f728 100644
--- a/fn_jira/README.html
+++ b/fn_jira/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -538,7 +540,7 @@ <h3>Version 3.1.0 Changes<a class="headerlink" href="#version-3-1-0-changes" tit
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Provides integration with JIRA for Issue Creation, Issue Transition and Comment Creation</strong></p>
-<p><img alt="screenshot: main" src="../_images/main22.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main23.png" /></p>
 <p>This app allows for the tracking of SOAR Incidents and Tasks as Jira Issues. Bidirectional links are saved to allow for easy navigation between the applications.</p>
 <div class="highlight-none notranslate"><div class="highlight"><pre><span></span>                    It also allows for the transitioning of Jira issues when the corresponding incident is closed and adds comments to the Jira issue when a Note is created in SOAR.
 
diff --git a/fn_joe_sandbox_analysis/README.html b/fn_joe_sandbox_analysis/README.html
index 56058e4c0..e20447de3 100644
--- a/fn_joe_sandbox_analysis/README.html
+++ b/fn_joe_sandbox_analysis/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -485,7 +487,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Joe Sandbox Analysis Function for IBM SOAR</strong></p>
 <p><em>This package contains a function that executes a Joe Sandbox Analysis of an Attachment or Artifact and returns the Analysis Report to IBM SOAR.</em></p>
-<p><img alt="screenshot: main" src="../_images/main23.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main24.png" /></p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
 <ul class="simple">
diff --git a/fn_kafka/README.html b/fn_kafka/README.html
index 7878cac2e..472398163 100644
--- a/fn_kafka/README.html
+++ b/fn_kafka/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -495,7 +497,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Resilient Circuits Components for ‘fn_kafka’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main24.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main25.png" /></p>
 <p>Support the ability to produce and consume Kafka messages over a number of brokers.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_ldap_utilities/README.html b/fn_ldap_utilities/README.html
index dde2894d4..4a3dc145f 100644
--- a/fn_ldap_utilities/README.html
+++ b/fn_ldap_utilities/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -526,7 +528,7 @@ <h2>2.1.0 Changes<a class="headerlink" href="#changes" title="Link to this headi
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p>These LDAP Utility integrations allow multiple activities to be initiated from workflows in the IBM SOAR platform to an external LDAP server. Functions include: search, update, set password, toggle access, and add user.
 <strong>SOAR LDAP Utilities’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main25.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main26.png" /></p>
 <p>IBM SOAR components to allow reading and manipulation of your LDAP Server’</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_log_capture/README.html b/fn_log_capture/README.html
index 440d6ea53..bb302f721 100644
--- a/fn_log_capture/README.html
+++ b/fn_log_capture/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -464,7 +466,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Resilient Circuits Components for ‘fn_log_capture</strong></p>
-<p><img alt="screenshot: main" src="../_images/main26.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main27.png" /></p>
 <p>Resilient Circuits Components for fn_log_capture</p>
 </section>
 <hr class="docutils" />
diff --git a/fn_maas360/README.html b/fn_maas360/README.html
index f1f625454..20a396689 100644
--- a/fn_maas360/README.html
+++ b/fn_maas360/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -485,7 +487,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>This package enables Mobile Device Management (MDM) actions from IBM Resilient.</strong></p>
-<p><img alt="screenshot: main" src="../_images/main27.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main28.png" /></p>
 <p>The MaaS360 function package enables users to perform the following Mobile Device Management (MDM) actions:<br></p>
 <ul class="simple">
 <li><p>Basic device search.<br></p></li>
@@ -656,7 +658,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>A new incident tab is needed in the Layouts section of the Resilient platform to contain two custom data tables like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts11.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts12.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_machine_learning/README.html b/fn_machine_learning/README.html
index 1858563a9..b059f9621 100644
--- a/fn_machine_learning/README.html
+++ b/fn_machine_learning/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_machine_learning_nlp/README.html b/fn_machine_learning_nlp/README.html
index 49edf6343..d40941058 100644
--- a/fn_machine_learning_nlp/README.html
+++ b/fn_machine_learning_nlp/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_mandiant/README.html b/fn_mandiant/README.html
index 3041c21f3..ac6b00354 100644
--- a/fn_mandiant/README.html
+++ b/fn_mandiant/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -493,7 +495,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <hr class="docutils" />
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
-<p><img alt="screenshot: main.png" src="../_images/main28.png" /></p>
+<p><img alt="screenshot: main.png" src="../_images/main29.png" /></p>
 <p><strong>Automatically search Mandiant for information on artifacts</strong> <br />
 Investigate publicly known threats with insights from Mandiant. Upon artifact creation, the application is shipped with a disabled playbook which when activated, automatically scans Mandiant for any related information.</p>
 <section id="supported-artifacts">
diff --git a/fn_mcafee_atd/README.html b/fn_mcafee_atd/README.html
index 3c3f2c06e..3eac7be43 100644
--- a/fn_mcafee_atd/README.html
+++ b/fn_mcafee_atd/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_mcafee_epo/README.html b/fn_mcafee_epo/README.html
index 1e75a9edb..afa768e74 100644
--- a/fn_mcafee_epo/README.html
+++ b/fn_mcafee_epo/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -528,7 +530,7 @@ <h2>2.1.0 Changes<a class="headerlink" href="#changes" title="Link to this headi
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p>The McAfee ePO functions allow for manipulation of tags, systems, users, issues, policies and permission sets on the McAfee ePO server.</p>
 <p><strong>IBM Security SOAR app for McAfee ePO</strong></p>
-<p><img alt="screenshot: main" src="../_images/main29.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main30.png" /></p>
 <p>The McAfee ePO functions allow for manipulation of tags, systems, users, issues, policies and permission sets.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -694,7 +696,7 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts12.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts13.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_mcafee_esm/README.html b/fn_mcafee_esm/README.html
index d17de2a1e..b6378a54f 100644
--- a/fn_mcafee_esm/README.html
+++ b/fn_mcafee_esm/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -468,7 +470,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Resilient Circuits Components for ‘fn_mcafee_esm’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main30.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main31.png" /></p>
 <p>The McAfee ESM integration with the Resilient platform allows for the escalation and enrichment
 of cases from McAfee ESM to the Resilient platform.</p>
 <section id="key-features">
@@ -597,7 +599,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul class="simple">
 <li><p>To use the functions, create a new Incident tab containing the data tables. Drag the McAfee ESM data tables on to the layout and click Save as shown in the screenshot below:
-<img alt="screenshot: custom_layouts" src="../_images/custom_layouts13.png" /></p></li>
+<img alt="screenshot: custom_layouts" src="../_images/custom_layouts14.png" /></p></li>
 </ul>
 </section>
 </section>
diff --git a/fn_mcafee_opendxl/README.html b/fn_mcafee_opendxl/README.html
index 1a3a96b84..28f9ffe05 100644
--- a/fn_mcafee_opendxl/README.html
+++ b/fn_mcafee_opendxl/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_mcafee_tie/README.html b/fn_mcafee_tie/README.html
index 4b4fc03f4..5deadbd4e 100644
--- a/fn_mcafee_tie/README.html
+++ b/fn_mcafee_tie/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -523,7 +525,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Resilient Circuits Components for McAfee TIE Functions</strong></p>
-<p><img alt="screenshot: main" src="../_images/main31.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main32.png" /></p>
 <p>The  McAfee TIE Functions for IBM Resilient provides the ability to search and set file reputation within McAfee Threat Intelligence Exchange (TIE) server for information on a specific file hash.  This information can come from any of the providers:</p>
 <ul class="simple">
 <li><p>Enterprise</p></li>
@@ -659,7 +661,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Table, TIE Results, like the screenshot below. Your setup may use a different tab:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts14.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts15.png" /></p>
 </li>
 </ul>
 <section id="custom-artifact-type">
diff --git a/fn_microsoft_defender/README.html b/fn_microsoft_defender/README.html
index 27b4c0dae..08bda423b 100644
--- a/fn_microsoft_defender/README.html
+++ b/fn_microsoft_defender/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -529,7 +531,7 @@ <h2>See section <a class="reference internal" href="#app-configuration"><span cl
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Resilient Circuits Components for ‘fn_microsoft_defender’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main32.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main33.png" /></p>
 <p>Perform operations against Defender such as synchronize incidents and alerts, set indicators, isolate and quarantine machines, and block file execution.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -734,7 +736,7 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts15.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts16.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_microsoft_security_graph/README.html b/fn_microsoft_security_graph/README.html
index c1c969b62..ddcabb257 100644
--- a/fn_microsoft_security_graph/README.html
+++ b/fn_microsoft_security_graph/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -511,7 +513,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Sync alerts from MS Security Graph with IBM SOAR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main33.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main34.png" /></p>
 <p>The package contains a polling component and 3 functions.</p>
 <div class="highlight-none notranslate"><div class="highlight"><pre><span></span>                The poller queries for alerts to be brought into the SOAR platform as new incidents, 
 
diff --git a/fn_microsoft_sentinel/README.html b/fn_microsoft_sentinel/README.html
index 851c264ff..c943c2722 100644
--- a/fn_microsoft_sentinel/README.html
+++ b/fn_microsoft_sentinel/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -535,7 +537,7 @@ <h3>v2.1.0<a class="headerlink" href="#v2-1-0" title="Link to this heading">¶</
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>SOAR integration for ‘fn_microsoft_sentinel’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main34.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main35.png" /></p>
 <p>This app allows bi-directional synchronization between IBM SOAR and Microsoft Sentinel.
 Sentinel entities are exposed as artifacts for further investigation.</p>
 <section id="key-features">
@@ -1616,7 +1618,7 @@ <h2>Playbooks<a class="headerlink" href="#playbooks" title="Link to this heading
 <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h2>
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts16.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts17.png" /></p>
 <p>The Sentinel fields are used to capture information specific on a Sentinel Incident, including close incident information (Classification). The datatable, Sentinel Entities, is used to capture specific entity information. Another datatable, Sentinel Comment IDs, is used for tracking purposes and need not be added to a layout.</p>
 </li>
 </ul>
diff --git a/fn_misp/README.html b/fn_misp/README.html
index fb7d64033..7b21f13e5 100644
--- a/fn_misp/README.html
+++ b/fn_misp/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_mitre_integration/README.html b/fn_mitre_integration/README.html
index 45ca0757a..bef8da53d 100644
--- a/fn_mitre_integration/README.html
+++ b/fn_mitre_integration/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -1271,7 +1273,7 @@ <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts17.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts18.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_mxtoolbox/README.html b/fn_mxtoolbox/README.html
index 8cd14adda..73383ab10 100644
--- a/fn_mxtoolbox/README.html
+++ b/fn_mxtoolbox/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_netdevice/README.html b/fn_netdevice/README.html
index 13f628ff3..d617525cf 100644
--- a/fn_netdevice/README.html
+++ b/fn_netdevice/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_network_utilities/README.html b/fn_network_utilities/README.html
index 5c2f5af14..141c6aed7 100644
--- a/fn_network_utilities/README.html
+++ b/fn_network_utilities/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -520,7 +522,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Useful network related workflow/playbook functions for common automation and integration activities in the SOAR platform.</strong></p>
-<p><img alt="screenshot: main" src="../_images/main35.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main36.png" /></p>
 <p>This app contains useful functions that allows your workflows/playbooks to execute shell-scripts remotely and locally,</p>
 <div class="highlight-none notranslate"><div class="highlight"><pre><span></span> gain information about URLs, and extract SSL certificates from URLs.
 </pre></div>
diff --git a/fn_ocr/README.html b/fn_ocr/README.html
index 2a1883eea..4d6a4b632 100644
--- a/fn_ocr/README.html
+++ b/fn_ocr/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -482,7 +484,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>IBM SOAR app for text recognition in images</strong></p>
-<p><img alt="screenshot: main" src="../_images/main36.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main37.png" /></p>
 <p>An App that introduces OCR (Optical Character Recognition) functionality to SOAR, which can parse text from images. Uses Tesseract OCR, an open-source package with python bindings, to parse an image and return each line with an attached confidence metric.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_odbc_query/README.html b/fn_odbc_query/README.html
index 8a50710ca..28beee879 100644
--- a/fn_odbc_query/README.html
+++ b/fn_odbc_query/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -490,7 +492,7 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p>The ODBC Query Function establishes an OBDC connection to the desired SQL database server and executes SELECT, INSERT, UPDATE or DELETE SQL statements.</p>
 <p><strong>SOAR Components for ‘fn_odbc_query’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main37.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main38.png" /></p>
 <p>ODBC Functions for SOAR</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -674,7 +676,7 @@ <h4>1.1.0 Changes<a class="headerlink" href="#changes" title="Link to this headi
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts18.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts19.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_outbound_email/README.html b/fn_outbound_email/README.html
index 3c89005f1..973be0ba9 100644
--- a/fn_outbound_email/README.html
+++ b/fn_outbound_email/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -559,7 +561,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM QRadar SOAR app for Outbound Email</strong></p>
-<p><img alt="screenshot: main" src="../_images/main38.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main39.png" /></p>
 <p>The Outbound Email App for IBM SOAR provides a way of sending email from the SOAR platform. The email message contains information about the incident that the email action was performed on.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_pa_panorama/README.html b/fn_pa_panorama/README.html
index 38447f156..dec8416ff 100644
--- a/fn_pa_panorama/README.html
+++ b/fn_pa_panorama/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -436,6 +438,7 @@ <h2>Table of Contents<a class="headerlink" href="#table-of-contents" title="Link
 <li><p><a class="reference internal" href="#app-configuration"><span class="xref myst">App Configuration</span></a></p></li>
 </ul>
 </li>
+<li><p><a class="reference internal" href="#function---panorama-commit"><span class="xref myst">Function - Panorama Commit</span></a></p></li>
 <li><p><a class="reference internal" href="#function---panorama-create-address"><span class="xref myst">Function - Panorama Create Address</span></a></p></li>
 <li><p><a class="reference internal" href="#function---panorama-edit-address-group"><span class="xref myst">Function - Panorama Edit Address Group</span></a></p></li>
 <li><p><a class="reference internal" href="#function---panorama-edit-users-in-a-group"><span class="xref myst">Function - Panorama Edit Users in a Group</span></a></p></li>
@@ -460,27 +463,31 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p>1.4.0</p></td>
+<tr class="row-even"><td><p>1.5.0</p></td>
+<td><p>08/2024</p></td>
+<td><p>Add function to commit changes. Update example playbooks to auto commit.</p></td>
+</tr>
+<tr class="row-odd"><td><p>1.4.0</p></td>
 <td><p>02/2024</p></td>
 <td><p>Add ability to use location=device-group</p></td>
 </tr>
-<tr class="row-odd"><td><p>1.3.0</p></td>
+<tr class="row-even"><td><p>1.3.0</p></td>
 <td><p>04/2023</p></td>
 <td><p>Convert from rules/workflows to playbooks and update Panorama api version to v9.1</p></td>
 </tr>
-<tr class="row-even"><td><p>1.2.0</p></td>
+<tr class="row-odd"><td><p>1.2.0</p></td>
 <td><p>10/2022</p></td>
 <td><p>Multi-tenancy support added</p></td>
 </tr>
-<tr class="row-odd"><td><p>1.1.0</p></td>
+<tr class="row-even"><td><p>1.1.0</p></td>
 <td><p>04/2021</p></td>
 <td><p>Support for different API versions. See app.config <code class="docutils literal notranslate"><span class="pre">api_version</span></code> setting</p></td>
 </tr>
-<tr class="row-even"><td><p>1.0.1</p></td>
+<tr class="row-odd"><td><p>1.0.1</p></td>
 <td><p>07/2019</p></td>
 <td><p>App Host support</p></td>
 </tr>
-<tr class="row-odd"><td><p>1.0.0</p></td>
+<tr class="row-even"><td><p>1.0.0</p></td>
 <td><p>10/2020</p></td>
 <td><p>Initial release</p></td>
 </tr>
@@ -505,7 +512,7 @@ <h2>1.3.0 Changes<a class="headerlink" href="#id1" title="Link to this heading">
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>SOAR Components to Integrate with the Panorama Platform</strong></p>
-<p><img alt="screenshot: main" src="../_images/main39.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main40.png" /></p>
 <p>This integration contains Functions to interact with address groups, addresses, and user groups within Palo Alto Panorama. This integration can be configured to work with one or multiple Panorama instances.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -515,6 +522,7 @@ <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this h
 <li><p>Get addresses from Panorama and PanOS</p></li>
 <li><p>Get users from Panorama</p></li>
 <li><p>Create a new address in Panorama and PanOS</p></li>
+<li><p>Commit changes to Panorama and PanOS</p></li>
 </ul>
 </section>
 </section>
@@ -527,14 +535,14 @@ <h3>SOAR platform<a class="headerlink" href="#soar-platform" title="Link to this
 <p>The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.</p>
 <p>If deploying to a SOAR platform with an App Host, the requirements are:</p>
 <ul class="simple">
-<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">49.0.0</span></code>.</p></li>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0</span></code>.</p></li>
 <li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
 </ul>
 <p>If deploying to a SOAR platform with an integration server, the requirements are:</p>
 <ul>
-<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">49.0.0</span></code>.</p></li>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0</span></code>.</p></li>
 <li><p>The app is in the older integration format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file which contains a <code class="docutils literal notranslate"><span class="pre">tar.gz</span></code> file).</p></li>
-<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient_circuits&gt;=49.0.0</span></code>.</p></li>
+<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient_circuits&gt;=51.0.0</span></code>.</p></li>
 <li><p>If using an API key account, make sure the account provides the following minimum permissions:</p>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
@@ -587,8 +595,8 @@ <h3>Python Environment<a class="headerlink" href="#python-environment" title="Li
 <p>Python 3.9 and Python 3.11 are supported.
 Additional package dependencies may exist for each of these packages:</p>
 <ul class="simple">
-<li><p>resilient-lib&gt;=49.0.0</p></li>
-<li><p>resilient_circuits&gt;=49.0.0</p></li>
+<li><p>resilient-lib&gt;=51.0.0</p></li>
+<li><p>resilient_circuits&gt;=51.0.0</p></li>
 <li><p>xmltodict&gt;=0.12.0</p></li>
 </ul>
 </section>
@@ -675,9 +683,109 @@ <h4>1.2.0 Changes<a class="headerlink" href="#id2" title="Link to this heading">
 <p>Starting in version 1.2.0, more than one Panorama instance can be configured for SOAR case data synchronization. For enterprises with only one Panorama instance, your app.config file will continue to define the Panorama instance under the <code class="docutils literal notranslate"><span class="pre">[fn_pa_panorama]</span></code> section header.</p>
 <p>For enterprises with more than one Panorama instance, each instance will have it’s own section header, such as <code class="docutils literal notranslate"><span class="pre">[fn_pa_panorama:panorama_label1]</span></code> where <code class="docutils literal notranslate"><span class="pre">panorama_label1</span></code> represents any label helpful to define your Panorama environment.</p>
 <p>Be aware that modifications to the workflows will be needed to correctly pass this label through the <code class="docutils literal notranslate"><span class="pre">panorama_label</span></code> function input field if the Panorama server/servers in the app.config have labels.</p>
-<p>If you have existing custom workflows, see <a class="reference internal" href="#creating-workflows-when-serverservers-in-appconfig-are-labeled"><span class="xref myst">Creating workflows when server/servers in app.config are labeled</span></a> for more information about changing them to reference the <code class="docutils literal notranslate"><span class="pre">panorama_label</span></code> function input field.</p>
+<p>If you have existing custom playbooks, see <a class="reference internal" href="#creating-playbooks-when-serverservers-in-appconfig-are-labeled"><span class="xref myst">Creating playbooks when server/servers in app.config are labeled</span></a> for more information about changing them to reference the <code class="docutils literal notranslate"><span class="pre">panorama_label</span></code> function input field.</p>
+</section>
 </section>
 </section>
+<hr class="docutils" />
+<section id="function-panorama-commit">
+<h2>Function - Panorama Commit<a class="headerlink" href="#function-panorama-commit" title="Link to this heading">¶</a></h2>
+<p>Commit changes that have been made on the Panorama server</p>
+<p><img alt="screenshot: fn-panorama-commit " src="../_images/fn-panorama-commit.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">panorama_label</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Label of the server to use</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">panorama_location</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The location of the entry</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;@code&quot;</span><span class="p">:</span> <span class="s2">&quot;19&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;@status&quot;</span><span class="p">:</span> <span class="s2">&quot;success&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;result&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;job&quot;</span><span class="p">:</span> <span class="s2">&quot;8&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;msg&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;line&quot;</span><span class="p">:</span> <span class="s2">&quot;Commit job enqueued with jobid 8&quot;</span>
+      <span class="p">}</span>
+    <span class="p">}</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;panorama_label&quot;</span><span class="p">:</span> <span class="s2">&quot;panOS&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;panorama_location&quot;</span><span class="p">:</span> <span class="s2">&quot;vsys&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1245</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-pa-panorama&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.5.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-09 09:01:22&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="k">if</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="p">,</span> <span class="s2">&quot;panorama_label&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">):</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">panorama_label</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="p">,</span> <span class="s2">&quot;panorama_label&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">panorama_location</span> <span class="o">=</span> <span class="s2">&quot;vsys&quot;</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">note</span> <span class="o">=</span> <span class="s2">&quot;&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">commit_output</span>
+<span class="n">edit_addresses</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">edit_addresses_results</span>
+<span class="k">if</span> <span class="n">edit_addresses</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="n">note</span> <span class="o">+=</span> <span class="sa">f</span><span class="s2">&quot;Panorama IP Address: </span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2"> was unblocked.</span><span class="se">\n</span><span class="s2">&quot;</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note</span> <span class="o">+=</span> <span class="sa">f</span><span class="s2">&quot;Panorama Unblock IP address failed with reason: </span><span class="si">{</span><span class="n">edit_addresses</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">)</span><span class="si">}</span><span class="se">\n</span><span class="s2">&quot;</span>
+
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="n">note</span> <span class="o">+=</span> <span class="nb">str</span><span class="p">(</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;result&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;msg&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;line&quot;</span><span class="p">))</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">note</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
 </section>
 <hr class="docutils" />
 <section id="function-panorama-create-address">
@@ -1816,6 +1924,7 @@ <h3>For Support<a class="headerlink" href="#for-support" title="Link to this hea
 </li>
 </ul>
 </li>
+<li><a class="reference internal" href="#function-panorama-commit">Function - Panorama Commit</a></li>
 <li><a class="reference internal" href="#function-panorama-create-address">Function - Panorama Create Address</a></li>
 <li><a class="reference internal" href="#function-panorama-edit-address-group">Function - Panorama Edit Address Group</a></li>
 <li><a class="reference internal" href="#function-panorama-edit-users-in-a-group">Function - Panorama Edit Users in a Group</a></li>
diff --git a/fn_pagerduty/README.html b/fn_pagerduty/README.html
index 1a7c45bce..598c8bcfe 100644
--- a/fn_pagerduty/README.html
+++ b/fn_pagerduty/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_parse_utilities/README.html b/fn_parse_utilities/README.html
index d8f41d3ff..dc274c921 100644
--- a/fn_parse_utilities/README.html
+++ b/fn_parse_utilities/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -516,7 +518,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Useful workflow/playbook functions to use for common parsing in the SOAR platform</strong></p>
-<p><img alt="screenshot: main" src="../_images/main40.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main41.png" /></p>
 <p>This package contains functions to parse information from emails, ssl certificates, and PDFs as well as a function to transform an XML document using a preexisting xsl stylesheet.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_passivetotal/README.html b/fn_passivetotal/README.html
index 3bdde6144..58ca13162 100644
--- a/fn_passivetotal/README.html
+++ b/fn_passivetotal/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -490,7 +492,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM Security SOAR app for PassiveTotal</strong></p>
-<p><img alt="screenshot: main" src="../_images/main41.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main42.png" /></p>
 <p>This app uses <a class="reference external" href="https://community.riskiq.com/home">RiskIQ PassiveTotal</a> to check artifacts with the type DNS Name or IP address and adds a hit if the site is deemed compromised by your predefined definition.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_pastebin/README.html b/fn_pastebin/README.html
index fcf28fb7a..4ae0c6f9d 100644
--- a/fn_pastebin/README.html
+++ b/fn_pastebin/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_phish_ai/README.html b/fn_phish_ai/README.html
index 8033b47b4..3b1ac0e07 100644
--- a/fn_phish_ai/README.html
+++ b/fn_phish_ai/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_phish_tank/README.html b/fn_phish_tank/README.html
index 03d6d22cd..d32c62ba7 100644
--- a/fn_phish_tank/README.html
+++ b/fn_phish_tank/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -426,7 +428,7 @@ <h1>PhishTank Lookup<a class="headerlink" href="#phishtank-lookup" title="Link t
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>PhishTank Lookup URL Function for IBM Resilient</strong></p>
-<p><img alt="screenshot: main" src="../_images/main42.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main43.png" /></p>
 <p>Searches the PhishTank database (https://www.phishtank.com/) to determine if a URL is a phishing URL or not. The information returned from PhishTank is used to update the Artifacts description and add a note to the incident</p>
 <section id="note-on-partial-url-support">
 <h3>Note on Partial URL Support<a class="headerlink" href="#note-on-partial-url-support" title="Link to this heading">¶</a></h3>
diff --git a/fn_pipl/README.html b/fn_pipl/README.html
index eb87f3653..8b82bad6f 100644
--- a/fn_pipl/README.html
+++ b/fn_pipl/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -516,7 +518,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Resilient Circuits Functions to query Pipl Data API</strong></p>
-<p><img alt="screenshot: main" src="../_images/main43.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main44.png" /></p>
 <p>This package contains one function that enriches your leads (name, email address, phone number, or social media username) with Pipl and gets their personal, professional, demographic, and contact information. The response from Pipl is saved in Pipl possible person datatable. The package also contains a script for creating an artifact from a selected row in the datatable.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_playbook_maker/README.html b/fn_playbook_maker/README.html
index 40fa696e8..21e5d598c 100644
--- a/fn_playbook_maker/README.html
+++ b/fn_playbook_maker/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -489,7 +491,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p>**Generate playbooks from function definitions for fast prototyping or business processing **</p>
-<p><img alt="screenshot: main" src="../_images/main44.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main45.png" /></p>
 <p>This app gives you the ability quickly generate a complete playbook from functions to use in your business processing or to quickly prototype playbook access.
 Given that many apps are not distributed with example rules/workflows or playbooks, this capability is a fast way to get started with the use of a function.</p>
 <p>Specify an app to include all it’s functions in playbooks, or name the functions individually to create playbooks as a starting point for playbook creation. The resulting playbooks have the necessary ‘bones’ to execute a function and process it’s output. Some work remains to fill out the logic to process the function’s output.</p>
diff --git a/fn_playbook_utils/README.html b/fn_playbook_utils/README.html
index 276cd62de..44c763382 100644
--- a/fn_playbook_utils/README.html
+++ b/fn_playbook_utils/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -509,7 +511,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p>This app includes functions to mine information about workflow and playbook usage across incidents so that an enterprise can learn the best practices on past threat intelligence and actions performed.</p>
-<p><img alt="screenshot: main" src="../_images/main45.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main46.png" /></p>
 <p>Resilient Circuits Components for ‘fn_playbook_utils’</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -673,7 +675,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the ‘Playbook usage’ datatable to the tab of your choice. Here’s an example of adding to your artifact tab:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts19.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts20.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_proofpoint_tap/README.html b/fn_proofpoint_tap/README.html
index 7d01c0072..947416216 100644
--- a/fn_proofpoint_tap/README.html
+++ b/fn_proofpoint_tap/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -541,7 +543,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p>Proofpoint Targeted Attack Protection (TAP) helps you stay ahead of attackers with an innovative approach that detects, analyzes and blocks advanced threats before they reach your inbox. This includes ransomware and other advanced email threats delivered through malicious attachments and URLs.</p>
-<p><img alt="screenshot: main" src="../_images/main46.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main47.png" /></p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
 <!--
@@ -755,7 +757,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
   You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
 -->
 <p>Create a Proofpoint TAP custom layout and drag the custom fields and the data table like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts20.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts21.png" /></p>
 </section>
 </section>
 <hr class="docutils" />
diff --git a/fn_proofpoint_trap/README.html b/fn_proofpoint_trap/README.html
index d2aadc558..eef647f3f 100644
--- a/fn_proofpoint_trap/README.html
+++ b/fn_proofpoint_trap/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -611,7 +613,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul class="simple">
 <li><p>The package customizations includes the following custom field and data tables:
-<img alt="screenshot: custom_layouts" src="../_images/custom_layouts21.png" /></p></li>
+<img alt="screenshot: custom_layouts" src="../_images/custom_layouts22.png" /></p></li>
 <li><p>In the Layouts tab, add the data table to the Artifacts tab and save:
 <img alt="screenshot: custom_layouts" src="../_images/custom_layout_datatable.png" /></p></li>
 <li><p>In the Layouts tab, add the custom field to the Details tab and save:
diff --git a/fn_pulsedive/README.html b/fn_pulsedive/README.html
index a3b0b0c11..d275337b4 100644
--- a/fn_pulsedive/README.html
+++ b/fn_pulsedive/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_qradar_advisor/README.html b/fn_qradar_advisor/README.html
index 94ece31fd..819b5b198 100644
--- a/fn_qradar_advisor/README.html
+++ b/fn_qradar_advisor/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -527,7 +529,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR QRadar Advisor Functions</strong></p>
-<p><img alt="screenshot: main" src="../_images/main47.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main48.png" /></p>
 <p>The QRadar Advisor integration with IBM QRadar SOAR enables SOAR users to gather Cyber MITRE ATT&amp;CK information from QRadar Advisor. The integration supports QRadar Advisor quick search, full search, map a rule, and retrieve offense insights and analysis.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -1635,7 +1637,7 @@ <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts22.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts23.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_qradar_enhanced_data/README.html b/fn_qradar_enhanced_data/README.html
index 60d0fab81..7bea20aaa 100644
--- a/fn_qradar_enhanced_data/README.html
+++ b/fn_qradar_enhanced_data/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -584,7 +586,7 @@ <h3>fn_qradar_enhanced_data 2.5.0 Changes<a class="headerlink" href="#fn-qradar-
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p>The QRadar Enhanced Offense Data Migration (EDM) app fetches a more complete view of data associated with a QRadar offense and provides live links within the SOAR case back to QRadar, thereby simplifying case management.</p>
-<p><img alt="screenshot: main" src="../_images/main48.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main49.png" /></p>
 <p>This app fetches the data associated with the QRadar Offense and provides live links back to QRadar, thereby simplifying case management.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -797,7 +799,7 @@ <h3>MSSP Configuration<a class="headerlink" href="#mssp-configuration" title="Li
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts23.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts24.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_qradar_integration/README.html b/fn_qradar_integration/README.html
index 21f81e36e..6c22b38ee 100644
--- a/fn_qradar_integration/README.html
+++ b/fn_qradar_integration/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -565,7 +567,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM QRadar SOAR Components for ‘fn_qradar_integration’</strong></p>
-<p><img alt="screenshot: main" src="../_images/main49.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main50.png" /></p>
 <p>fn_qradar_integration supports performing ariel search to retrieve data from QRadar. It also provide functions to find/add/delete reference set items.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -744,7 +746,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts24.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts25.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_query_tor_network/README.html b/fn_query_tor_network/README.html
index 121b05e5f..246c59aa5 100644
--- a/fn_query_tor_network/README.html
+++ b/fn_query_tor_network/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_randori/README.html b/fn_randori/README.html
index d5cb517a5..5286424f5 100644
--- a/fn_randori/README.html
+++ b/fn_randori/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -531,7 +533,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
 -->
 <p><strong>IBM SOAR app bidirectional synchronization and functions for Randori</strong></p>
 <p>Randori Recon is an Attack Surface Management (ASM) solution which helps to identify externally-facing customer assets that could be targeted and lead to a breach.</p>
-<p><img alt="screenshot: main" src="../_images/main50.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main51.png" /></p>
 <p>Bidirectional app for Randori for IBM SOAR. Query Randori for targets based on user-defined query parameters and create and update cases in SOAR.  The app will poll Randori for Targets that meet one of the two criteria:</p>
 <ol class="arabic simple">
 <li><p>Net new Targets on the customer attack surface</p></li>
@@ -768,7 +770,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
   You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
 -->
 <p>The following Randori Tab custom layout is included in the app:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts25.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts26.png" /></p>
 </section>
 </section>
 <section id="poller-considerations">
diff --git a/fn_rapid7_insight_idr/README.html b/fn_rapid7_insight_idr/README.html
index eda8ab752..3eb62a2a3 100644
--- a/fn_rapid7_insight_idr/README.html
+++ b/fn_rapid7_insight_idr/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -538,7 +540,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR app - bidirectional synchronization and functions for Rapid7 InsightIDR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main51.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main52.png" /></p>
 <p>Bi-directional App for Rapid7 InsightIDR. Query Rapid7 InsightIDR for Investigations based on user-defined query parameters and create and update cases in SOAR. The app polls Rapid7 InsightIDR for new or updated investigations.  Information on alerts that triggered an investigation are displayed in the Rapid7 InsightIDR Alerts data table in SOAR, including the alert evidence.</p>
 <p>
 Rapid7’s InsightIDR is your security center for incident detection and response, authentication monitoring, and endpoint visibility. Together, these form Extended Detection and Response (XDR). InsightIDR identifies unauthorized access from external and internal threats and highlights suspicious activity so you don’t have to weed through thousands of data streams. XDR accelerates more comprehensive threat detection and response. This cloud-native, cloud-scalable security solution can unify and transform multiple telemetry sources.
diff --git a/fn_reaqta/README.html b/fn_reaqta/README.html
index 5bc867739..cde979bb9 100644
--- a/fn_reaqta/README.html
+++ b/fn_reaqta/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -531,7 +533,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR app bidirectional synchronization and functions for QRadar EDR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main52.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main53.png" /></p>
 <p>Bidirectional synchronization of QRadar EDR (formally known as ReaQta) Alerts to IBM SOAR.</p>
 <p>Additional functions exists to list and kill endpoint processes, isolate the endpoint and synchronize notes and close events.</p>
 <p><img alt="screenshot: functions" src="../_images/functions2.png" /></p>
@@ -794,7 +796,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts26.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts27.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_relations/README.html b/fn_relations/README.html
index 44e53f186..eaf0aa8f0 100644
--- a/fn_relations/README.html
+++ b/fn_relations/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -497,7 +499,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
 <p>The Relations app is meant to provide the ability to allow parent/child relations levels within QRadar SOAR to link incidents “manually”. This package consists of 9 functions, and 11 playbooks along with 2 new fields and 1 new data table.</p>
 <p>This document outlines the functionality of function as it relates to QRadar SOAR.</p>
 <p><strong>Builds Relationships of Incidents within IBM Security SOAR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main53.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main54.png" /></p>
 <p>App used within the QRadar SOAR platform allowing the relationship building of incidents as Children and Parents.</p>
 <p>The app will also allow syncing of notes between the incidents with a relationship, auto closing child incidents of a closed parent, and syncing changes in child status with the parent Datatable that shows all children.</p>
 <section id="key-features">
diff --git a/fn_remedy/README.html b/fn_remedy/README.html
index 1b593b512..da62b613e 100644
--- a/fn_remedy/README.html
+++ b/fn_remedy/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -505,7 +507,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Remedy for IBM SOAR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main54.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main55.png" /></p>
 <p>Remedy for IBM SOAR This integration provides the capability to create new incidents in Remedy from SOAR tasks via the HPD:IncidentInterface_Create form over the REST API. Once the task is complete, this integration also provides the capability to close existing Remedy Incidents.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -944,7 +946,7 @@ <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts27.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts28.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_rest_api/README.html b/fn_rest_api/README.html
index 16dec2063..189717895 100644
--- a/fn_rest_api/README.html
+++ b/fn_rest_api/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -503,7 +505,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Function to call REST web services in the SOAR Platform</strong></p>
-<p><img alt="screenshot: main" src="../_images/main55.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main56.png" /></p>
 <p>This application is based on the <code class="docutils literal notranslate"><span class="pre">call_rest_api</span></code> function from the <code class="docutils literal notranslate"><span class="pre">fn_utilities</span></code>, which is expected to be deprecated in the future. It’s purpose is to enable the ability to connect with external web services by sending REST API requests. The function supports commonly used REST methods such as GET, HEAD, POST, PUT, DELETE, OPTIONS, and PATCH. The specific details of the request, such as the type of request, URL, and other options like headers, cookies, and the request body, can be specified through the function parameters. Once a response is received from the service, it is presented in both text and JSON format. Additionally, other details about the response, such as the response status code, reason, cookies, headers, time elapsed, and links, are also provided.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_rsa_netwitness/README.html b/fn_rsa_netwitness/README.html
index bffcefab3..7710ee823 100644
--- a/fn_rsa_netwitness/README.html
+++ b/fn_rsa_netwitness/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_salesforce/README.html b/fn_salesforce/README.html
index 9c58761d9..b6466e083 100644
--- a/fn_salesforce/README.html
+++ b/fn_salesforce/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -541,7 +543,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR app - bidirectional synchronization and functions for Salesforce</strong></p>
-<p><img alt="screenshot: main" src="../_images/main56.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main57.png" /></p>
 <p>Bi-directional App for Salesforce. Query Salesforce for Cases based
 on user-defined query parameters and create and update cases in SOAR.</p>
 <section id="key-features">
diff --git a/fn_scheduler/README.html b/fn_scheduler/README.html
index 76abd4aa9..5e662f532 100644
--- a/fn_scheduler/README.html
+++ b/fn_scheduler/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -587,7 +589,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
 <li><p>Pause and resume scheduled Playbooks/Rules</p></li>
 <li><p>Removing a scheduled Playbook/Rule</p></li>
 </ol>
-<p><img alt="screenshot: main.png" src="../_images/main57.png" /></p>
+<p><img alt="screenshot: main.png" src="../_images/main58.png" /></p>
 </section>
 <hr class="docutils" />
 <section id="requirements">
diff --git a/fn_secureworks_ctp/README.html b/fn_secureworks_ctp/README.html
index 681a5316d..f0d7023e5 100644
--- a/fn_secureworks_ctp/README.html
+++ b/fn_secureworks_ctp/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_sentinelone/README.html b/fn_sentinelone/README.html
index ad31a7d78..6c3dd3777 100644
--- a/fn_sentinelone/README.html
+++ b/fn_sentinelone/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -535,7 +537,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR app - bidirectional synchronization and functions for SentinelOne</strong></p>
-<p><img alt="screenshot: main" src="../_images/main58.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main59.png" /></p>
 <p>The SentinelOne platform provides AI-powered prevention, detection, response, and threat hunting across user endpoints, containers, cloud workloads, and IoT devices.</p>
 <p>This app escalates SentinelOne threat incidents into IBM Security SOAR as an incident/case.</p>
 <section id="key-features">
@@ -814,7 +816,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>A SentinelOne incident tab is included in the app and appears in any incident that has a SentinelOne Threat ID. The default tab contains the SentinelOne custom fields and agent data table. The screenshot below shows SentinelOne custom incident fields included on the tab:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts28.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts29.png" /></p>
 </li>
 <li><p>Create a Close Incident tab so that when a SOAR case corresponding to a SentinelOne threat is closed in SOAR, the user can select a SentinelOne Threat Analyst Verdict to send to SentinelOne. The SentinelOne threat cannot be closed if the Analyst Verdict is <strong>undefined</strong>.<br />
 <img alt="screenshot: custom_layouts_close" src="../_images/custom_layouts_close.png" />
diff --git a/fn_sep/README.html b/fn_sep/README.html
index 31319b83d..1cd135026 100644
--- a/fn_sep/README.html
+++ b/fn_sep/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -410,24 +412,7 @@
           </label>
         </div>
         <article role="main" id="furo-main-content">
-          <!--
-  This README.md is generated by running:
-  "resilient-sdk docgen -p fn_sep"
-
-  It is best edited using a Text Editor with a Markdown Previewer. VS Code
-  is a good example. Checkout https://guides.github.com/features/mastering-markdown/
-  for tips on writing with Markdown
-
-  All fields followed by "::CHANGE_ME::"" should be manually edited
-
-  If you make manual edits and run docgen again, a .bak file will be created
-
-  Store any screenshots in the "doc/screenshots" directory and reference them like:
-  ![screenshot: screenshot_1](./screenshots/screenshot_1.png)
-
-  NOTE: If your app is available in the container-format only, there is no need to mention the integration server in this readme.
--->
-<section id="symantec-endpoint-protection">
+          <section id="symantec-endpoint-protection">
 <h1>Symantec Endpoint Protection<a class="headerlink" href="#symantec-endpoint-protection" title="Link to this heading">¶</a></h1>
 <section id="table-of-contents">
 <h2>Table of Contents<a class="headerlink" href="#table-of-contents" title="Link to this heading">¶</a></h2>
@@ -456,84 +441,88 @@ <h2>Table of Contents<a class="headerlink" href="#table-of-contents" title="Link
 </li>
 <li><p><a class="reference internal" href="#function---sep---add-fingerprint-list"><span class="xref myst">Function - SEP - Add Fingerprint List</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---assign-fingerprint-list-to-group"><span class="xref myst">Function - SEP - Assign Fingerprint List to Group</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sep---cancel-a-command"><span class="xref myst">Function - SEP - Cancel a Command</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---delete-fingerprint-list"><span class="xref myst">Function - SEP - Delete Fingerprint List</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---get-command-status"><span class="xref myst">Function - SEP - Get Command Status</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---get-computers"><span class="xref myst">Function - SEP - Get Computers</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sep---get-critical-events-info"><span class="xref myst">Function - SEP - Get Critical Events Info</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---get-domains"><span class="xref myst">Function - SEP - Get Domains</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sep---get-exceptions-policy"><span class="xref myst">Function - SEP - Get Exceptions Policy</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---get-file-content-as-base64"><span class="xref myst">Function - SEP - Get File Content as Base64</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---get-fingerprint-list"><span class="xref myst">Function - SEP - Get Fingerprint List</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sep---get-firewall-policy"><span class="xref myst">Function - SEP - Get Firewall Policy</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---get-groups"><span class="xref myst">Function - SEP - Get Groups</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sep---get-policy-summary"><span class="xref myst">Function - SEP - Get Policy Summary</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---move-endpoint"><span class="xref myst">Function - SEP - Move endpoint</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---quarantine-endpoints"><span class="xref myst">Function - SEP - Quarantine Endpoints</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---scan-endpoints"><span class="xref myst">Function - SEP - Scan Endpoints</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---update-fingerprint-list"><span class="xref myst">Function - SEP - Update Fingerprint List</span></a></p></li>
 <li><p><a class="reference internal" href="#function---sep---upload-file-to-sepm"><span class="xref myst">Function - SEP - Upload File to SEPM</span></a></p></li>
-<li><p><a class="reference internal" href="#function---sep-cancel-a-command"><span class="xref myst">Function - SEP: Cancel a Command</span></a></p></li>
-<li><p><a class="reference internal" href="#function---sep-get-critical-events-info"><span class="xref myst">Function - SEP: Get Critical Events Info</span></a></p></li>
-<li><p><a class="reference internal" href="#function---sep-get-exceptions-policy"><span class="xref myst">Function - SEP: Get Exceptions Policy</span></a></p></li>
-<li><p><a class="reference internal" href="#function---sep-get-firewall-policy"><span class="xref myst">Function - SEP: Get Firewall Policy</span></a></p></li>
-<li><p><a class="reference internal" href="#function---sep-get-policy-summary"><span class="xref myst">Function - SEP: Get Policy Summary</span></a></p></li>
 <li><p><a class="reference internal" href="#script---scr_sep_add_artifact_from_scan_results"><span class="xref myst">Script - scr_sep_add_artifact_from_scan_results</span></a></p></li>
 <li><p><a class="reference internal" href="#script---scr_sep_parse_email_notification"><span class="xref myst">Script - scr_sep_parse_email_notification</span></a></p></li>
+<li><p><a class="reference internal" href="#data-table---symantec-sep---critical-events"><span class="xref myst">Data Table - Symantec SEP - Critical Events</span></a></p></li>
 <li><p><a class="reference internal" href="#data-table---symantec-sep---endpoint-details"><span class="xref myst">Data Table - Symantec SEP - Endpoint details</span></a></p></li>
 <li><p><a class="reference internal" href="#data-table---symantec-sep---endpoint-status-summary"><span class="xref myst">Data Table - Symantec SEP - Endpoint status summary</span></a></p></li>
 <li><p><a class="reference internal" href="#data-table---symantec-sep---eoc-scan-results"><span class="xref myst">Data Table - Symantec SEP - EOC scan results</span></a></p></li>
 <li><p><a class="reference internal" href="#data-table---symantec-sep---fingerprint-lists"><span class="xref myst">Data Table - Symantec SEP - Fingerprint lists</span></a></p></li>
 <li><p><a class="reference internal" href="#data-table---symantec-sep---groups"><span class="xref myst">Data Table - Symantec SEP - Groups</span></a></p></li>
 <li><p><a class="reference internal" href="#data-table---symantec-sep---non-compliant-endpoints-status-details"><span class="xref myst">Data Table - Symantec SEP - Non-compliant Endpoints status details</span></a></p></li>
-<li><p><a class="reference internal" href="#rules"><span class="xref myst">Rules</span></a></p></li>
+<li><p><a class="reference internal" href="#playbooks"><span class="xref myst">Playbooks</span></a></p></li>
 <li><p><a class="reference internal" href="#troubleshooting--support"><span class="xref myst">Troubleshooting &amp; Support</span></a></p></li>
 </ul>
 </section>
 <hr class="docutils" />
 <section id="release-notes">
 <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this heading">¶</a></h2>
-<!--
-  Specify all changes in this release. Do not remove the release
-  notes of a previous release
--->
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
 <thead>
-<tr class="row-odd"><th class="head text-right"><p>Date</p></th>
-<th class="head text-center"><p>Version</p></th>
-<th class="head text-left"><p>Notes</p></th>
+<tr class="row-odd"><th class="head"><p>Version</p></th>
+<th class="head"><p>Date</p></th>
+<th class="head"><p>Notes</p></th>
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td class="text-right"><p>11/2023</p></td>
-<td class="text-center"><p>1.1.1</p></td>
-<td class="text-left"><p>Convert Workflow/Script to Python3</p></td>
+<tr class="row-even"><td><p>06/2024</p></td>
+<td><p>1.2.0</p></td>
+<td><p>Add support for SHA256 hashes. Convert rules/workflows to playbooks.</p></td>
+</tr>
+<tr class="row-odd"><td><p>11/2023</p></td>
+<td><p>1.1.1</p></td>
+<td><p>Convert Workflow/Script to Python3</p></td>
 </tr>
-<tr class="row-odd"><td class="text-right"><p>01/2023</p></td>
-<td class="text-center"><p>1.1.0</p></td>
-<td class="text-left"><p>Five more functions added (Cancel a command, Get critical event information, Get all policy summary, Get firewall policy, Get exceptions policy) and relevant test functions implemented. Payload, ReadMe added and bug fix for patch import.</p></td>
+<tr class="row-even"><td><p>01/2023</p></td>
+<td><p>1.1.0</p></td>
+<td><p>Five more functions added (Cancel a command, Get critical event information, Get all policy summary, Get firewall policy, Get exceptions policy) and relevant test functions implemented. Payload, ReadMe added and bug fix for patch import.</p></td>
 </tr>
-<tr class="row-even"><td class="text-right"><p>12/2022</p></td>
-<td class="text-center"><p>1.0.2</p></td>
-<td class="text-left"><p>Bug fix for osname and selftest</p></td>
+<tr class="row-odd"><td><p>12/2022</p></td>
+<td><p>1.0.2</p></td>
+<td><p>Bug fix for osname and selftest</p></td>
 </tr>
-<tr class="row-odd"><td class="text-right"><p>11/2020</p></td>
-<td class="text-center"><p>1.0.1</p></td>
-<td class="text-left"><p>Support added for App Host</p></td>
+<tr class="row-even"><td><p>11/2020</p></td>
+<td><p>1.0.1</p></td>
+<td><p>Support added for App Host</p></td>
 </tr>
-<tr class="row-even"><td class="text-right"><p>08/2019</p></td>
-<td class="text-center"><p>1.0.0</p></td>
-<td class="text-left"><p>Initial Release</p></td>
+<tr class="row-odd"><td><p>08/2019</p></td>
+<td><p>1.0.0</p></td>
+<td><p>Initial Release</p></td>
 </tr>
 </tbody>
 </table>
 </div>
 </section>
+<hr class="docutils" />
+<section id="changes">
+<h2>1.2.0 Changes<a class="headerlink" href="#changes" title="Link to this heading">¶</a></h2>
+<p>In v1.2, the existing rules and workflows have been replaced with playbooks. This change is made to support the ongoing, newer capabilities of playbooks. Each playbook has the same functionality as the previous, corresponding rule/workflow.</p>
+<p>If upgrading from a previous release, you’ll noticed that the previous release’s rules/workflows remain in place. Both sets of rules and playbooks are active. For manual actions, playbooks will have the same name as it’s corresponding rule, but with “(PB)” added at the end. For automatic actions, the playbooks will be disabled by default.</p>
+<p>You can continue to use the rules/workflows. But migrating to playbooks will provide greater functionality along with future app enhancements and bug fixes.</p>
+</section>
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
-<!--
-  Provide a high-level description of the function itself and its remote software or application.
-  The text below is parsed from the "description" and "long_description" attributes in the setup.py file
--->
 <p><strong>Symantec Endpoint Protection Integration for IBM SOAR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main59.png" />
-Integration with Symantec Endpoint Protection to facilitate manual enrichment and targeted remediation actions. Teams can investigate an attack by hunting for IOCs or suspect Endpoints across an enterprise, and quickly respond to attacks by executing endpoint remediation actions, such as deleting or blacklisting suspicious files from within the IBM SOAR platform.</p>
+<p><img alt="screenshot: main" src="../_images/main60.png" /></p>
+<p>Integration with Symantec Endpoint Protection to facilitate manual enrichment and targeted remediation actions. Teams can investigate an attack by hunting for IOCs or suspect Endpoints across an enterprise, and quickly respond to attacks by executing endpoint remediation actions, such as deleting or blacklisting suspicious files from within the IBM SOAR platform.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
 <p>•	Execute an Evidence of Compromise (EOC) scan for artifacts of type file (name or path) and hash (MD5, SHA1 or SHA256).
@@ -544,13 +533,13 @@ <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this h
 •	Get groups.
 •	Get fingerprint lists.
 •	Add or delete an MD5 hash value from a fingerprint list, which can be used to blacklist files.
-•	Assign a fingerprint list to a group for system lockdown.
+•	Assign a fingerprint list to a group for system lock down.
 •	Delete a fingerprint list.
 •	Move an endpoint to a new group.
 •	Quarantine an endpoint.
 •	Cancel a command
 •	Get critical event information
-• 	Get all policy summary
+• Get all policy summary
 •	Get firewall policy
 •	Get exceptions policy</p>
 </section>
@@ -558,23 +547,20 @@ <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this h
 <hr class="docutils" />
 <section id="requirements">
 <h2>Requirements<a class="headerlink" href="#requirements" title="Link to this heading">¶</a></h2>
-<!--
-  List any Requirements
--->
 <p>This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRadar SOAR for IBM Cloud Pak for Security.</p>
 <section id="soar-platform">
 <h3>SOAR platform<a class="headerlink" href="#soar-platform" title="Link to this heading">¶</a></h3>
-<p>The SOAR platform supports two app deployment mechanisms, Edge Gateway (formerly App Host) and integration server.</p>
-<p>If deploying to a SOAR platform with an Edge Gateway, the requirements are:</p>
+<p>The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.</p>
+<p>If deploying to a SOAR platform with an App Host, the requirements are:</p>
 <ul class="simple">
-<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">45.0.7899</span></code>.</p></li>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0.0.9340</span></code>.</p></li>
 <li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
 </ul>
 <p>If deploying to a SOAR platform with an integration server, the requirements are:</p>
 <ul>
-<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">45.0.7899</span></code>.</p></li>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0.0.9340</span></code>.</p></li>
 <li><p>The app is in the older integration format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file which contains a <code class="docutils literal notranslate"><span class="pre">tar.gz</span></code> file).</p></li>
-<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient_circuits&gt;=47.1.0</span></code>.</p></li>
+<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient_circuits&gt;=51.0.0</span></code>.</p></li>
 <li><p>If using an API key account, make sure the account provides the following minimum permissions:</p>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
@@ -607,7 +593,7 @@ <h3>SOAR platform<a class="headerlink" href="#soar-platform" title="Link to this
 <h3>Cloud Pak for Security<a class="headerlink" href="#cloud-pak-for-security" title="Link to this heading">¶</a></h3>
 <p>If you are deploying to IBM Cloud Pak for Security, the requirements are:</p>
 <ul class="simple">
-<li><p>IBM Cloud Pak for Security &gt;= <code class="docutils literal notranslate"><span class="pre">1.10</span></code>.</p></li>
+<li><p>IBM Cloud Pak for Security &gt;= <code class="docutils literal notranslate"><span class="pre">1.10.15</span></code>.</p></li>
 <li><p>Cloud Pak is configured with an Edge Gateway.</p></li>
 <li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
 </ul>
@@ -624,12 +610,12 @@ <h3>Proxy Server<a class="headerlink" href="#proxy-server" title="Link to this h
 </section>
 <section id="python-environment">
 <h3>Python Environment<a class="headerlink" href="#python-environment" title="Link to this heading">¶</a></h3>
-<p>Python &gt;= 3.6 is supported.
+<p>Python 3.9, 3.11, and 3.12 are officially supported. When deployed as an app, the app runs on Python 3.11.
 Additional package dependencies may exist for each of these packages:</p>
 <ul class="simple">
-<li><p>resilient_circuits&gt;=46.0.0</p></li>
-<li><p>resilient_lib&gt;=46.0.0</p></li>
 <li><p>defusedxml==0.7.1</p></li>
+<li><p>resilient_circuits&gt;=51.0.0</p></li>
+<li><p>resilient_lib&gt;=51.0.0</p></li>
 </ul>
 </section>
 <section id="endpoint-developed-with">
@@ -686,12 +672,12 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 <tr class="row-odd"><td><p><strong>sep_port</strong></p></td>
 <td class="text-center"><p>Yes</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">8446</span></code></p></td>
-<td><p>*The port on which the app is accessible *</p></td>
+<td><p><em>The port on which the app is accessible</em></p></td>
 </tr>
 <tr class="row-even"><td><p><strong>sep_auth_path</strong></p></td>
 <td class="text-center"><p>Yes</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">/sepm/api/v1/identity/authenticate</span></code></p></td>
-<td><p><em>Authentiaction Path for SEP api.</em></p></td>
+<td><p><em>Authentication Path for SEP api.</em></p></td>
 </tr>
 <tr class="row-odd"><td><p><strong>sep_base_path</strong></p></td>
 <td class="text-center"><p>Yes</p></td>
@@ -744,11 +730,6 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 </section>
 <section id="custom-layouts">
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
-<!--
-  Use this section to provide guidance on where the user should add any custom fields and data tables.
-  You may wish to recommend a new incident tab.
-  You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
--->
 <ul class="simple">
 <li><p>To use the functions, create new Incident tabs e.g. Symantec SEP - Threats, Symantec SEP - Blacklists and Symantec SEP - Status. Drag the SEP data tables on to the layouts and click Save as shown in the screenshots below:
 <img alt="screenshot: custom_layouts_1" src="../_images/custom_layouts_1.png" />
@@ -762,6 +743,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 <h2>Function - SEP - Add Fingerprint List<a class="headerlink" href="#function-sep-add-fingerprint-list" title="Link to this heading">¶</a></h2>
 <p>Add an MD5 hash to a new fingerprint list.
 Note: Currently only supports MD5 hash type.</p>
+<p><img alt="screenshot: fn-sep---add-fingerprint-list " src="fn_sep/doc/screenshots/fn-sep---add-fingerprint-list.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -811,100 +793,77 @@ <h2>Function - SEP - Add Fingerprint List<a class="headerlink" href="#function-s
 </div></blockquote>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
   <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span>
+    <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;44BB68279D984220AD60A069DCF6079F&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_description&quot;</span><span class="p">:</span> <span class="s2">&quot;This is test of adding files in blacklist.&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test Blacklist 13&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_hash_value&quot;</span><span class="p">:</span> <span class="s2">&quot;hash_value&quot;</span>
+    <span class="s2">&quot;sep_description&quot;</span><span class="p">:</span> <span class="s2">&quot;Fingerprint list </span><span class="se">\u0027</span><span class="s2">Blacklist2</span><span class="se">\u0027</span><span class="s2">&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">:</span> <span class="s2">&quot;Blacklist2&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_hash_value&quot;</span><span class="p">:</span> <span class="s2">&quot;e4ac4548eeebdba19817b5c47322f0c95a17a9ef6af4099088d6e552f34038d9&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2322</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">226915</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 06:33:51&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-15 08:34:13&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">}&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
 <span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">domain_content_results</span> <span class="o">=</span>  <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get_domains_results</span>
-<span class="n">content</span> <span class="o">=</span> <span class="n">domain_content_results</span><span class="o">.</span><span class="n">content</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">content</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_domains_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">[])</span>
+
 <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">content</span><span class="p">)):</span>
-  <span class="k">if</span> <span class="n">content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;name&quot;</span><span class="p">]</span> <span class="o">==</span>  <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_domainid</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
+  <span class="k">if</span> <span class="n">content</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;name&quot;</span><span class="p">)</span> <span class="o">==</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
+    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_domainid</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
     <span class="k">break</span>
+
 <span class="n">inputs</span><span class="o">.</span><span class="n">sep_hash_value</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span> <span class="o">=</span> <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span>
 <span class="n">inputs</span><span class="o">.</span><span class="n">sep_description</span> <span class="o">=</span> <span class="s2">&quot;Fingerprint list &#39;</span><span class="si">{}</span><span class="s2">&#39;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">inputs</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">))</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_add_fingerprint_list script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: {&#39;inputs&#39;: {u&#39;sep_description&#39;: u&#39;Hash of type Malware MD5 Hash&#39;,</span>
-<span class="sd">                   u&#39;sep_fingerprintlist_name&#39;: u&#39;Blacklist&#39;,</span>
-<span class="sd">                   u&#39;sep_hash_value&#39;: u&#39;482F9B6E0CC4C1DBBD772AAAF088CB3A&#39;,</span>
-<span class="sd">                   u&#39;sep_domainid&#39;: u&#39;A9B4B7160946C25D24B6AA458EF5557F&#39;</span>
-<span class="sd">                   },</span>
-<span class="sd">        &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-14 12:02:37&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;,</span>
-<span class="sd">                    &#39;host&#39;: &#39;myhost.ibm.com&#39;, &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1417</span>
-<span class="sd">                    },</span>
-<span class="sd">        &#39;success&#39;: True,</span>
-<span class="sd">        &#39;content&#39;: {u&#39;id&#39;: u&#39;AB29BEA5333C488694B9533E65858BF2&#39;},</span>
-<span class="sd">        &#39;raw&#39;: &#39;{&quot;id&quot;: &quot;AB29BEA5333C488694B9533E65858BF2&quot;}&#39;,</span>
-<span class="sd">        &#39;reason&#39;: None,</span>
-<span class="sd">        &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd">}</span>
-<span class="sd">&quot;&quot;&quot;</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_add_fingerprint_list script ##</span>
 <span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;Add Hash to Fingerprint List&quot;</span>
 <span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_add_fingerprint_list&quot;</span>
-<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="k">if</span> <span class="n">CONTENT</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="c1"># If we got here we assume we are successsful.</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: Successfully added MD5 hash &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; to new fingerprint list &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &quot;</span> \
-                   <span class="s2">&quot;&lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">],</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There was &lt;b&gt;no&lt;/b&gt; results returned for Resilient &quot;</span> \
-                     <span class="s2">&quot;function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">add_fingerprintlist_results</span>
+<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">)</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="kc">None</span>
+<span class="n">hash_type</span> <span class="o">=</span> <span class="s2">&quot;MD5&quot;</span>
+<span class="k">if</span> <span class="n">artifact</span><span class="o">.</span><span class="n">type</span> <span class="o">==</span> <span class="s2">&quot;Malware SHA-256 Hash&quot;</span><span class="p">:</span>
+  <span class="n">hash_type</span> <span class="o">=</span> <span class="s2">&quot;SHA256&quot;</span>
 
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="c1"># If we got here we assume we are successful.</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{</span><span class="n">WF_NAME</span><span class="si">}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Successfully added </span><span class="si">{</span><span class="n">hash_type</span><span class="si">}</span><span class="s2"> hash &lt;b&gt;</span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2">&lt;/b&gt; to new fingerprint &quot;</span>\
+              <span class="sa">f</span><span class="s2">&quot;list &lt;b&gt;</span><span class="si">{</span><span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;sep_fingerprintlist_name&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{</span><span class="n">FN_NAME</span><span class="si">}</span><span class="s2">&lt;/b&gt;&quot;</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{</span><span class="n">WF_NAME</span><span class="si">}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Failed with reason: </span><span class="si">{</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span>
 
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_domainid": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_domainid</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-domains"><span class="xref myst">Function - SEP - Get Domains</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
 </section>
 <hr class="docutils" />
 <section id="function-sep-assign-fingerprint-list-to-group">
 <h2>Function - SEP - Assign Fingerprint List to Group<a class="headerlink" href="#function-sep-assign-fingerprint-list-to-group" title="Link to this heading">¶</a></h2>
 <p>Assign a fingerprint list to a group for lock-down.</p>
+<p><img alt="screenshot: fn-sep---assign-fingerprint-list-to-group " src="fn_sep/doc/screenshots/fn-sep---assign-fingerprint-list-to-group.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -963,77 +922,124 @@ <h2>Function - SEP - Assign Fingerprint List to Group<a class="headerlink" href=
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">content</span> <span class="o">=</span> <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get_fingerprintlist_results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_id</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">content</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_fingerprintlist_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_id</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
 <span class="n">inputs</span><span class="o">.</span><span class="n">sep_groupid</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">group_id</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_assign_fingerprint_list_to_group ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result:{&#39;inputs&#39;: {u&#39;sep_fingerprintlist_id&#39;: u&#39;E60B061FDD844EBF9778D4BD2AC3942A&#39;, u&#39;sep_groupid&#39;: u&#39;7E4BB119A9FE9DC526EDABFB1EE261B8&#39;},</span>
-<span class="sd">        &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-28 17:53:52&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;, &#39;host&#39;: &#39;myhost&#39;,</span>
-<span class="sd">                   &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1225},</span>
-<span class="sd">        &#39;success&#39;: True,</span>
-<span class="sd">        &#39;content&#39;: &#39;&#39;,</span>
-<span class="sd">        &#39;raw&#39;: &#39;&quot;&quot;&#39;,</span>
-<span class="sd">        &#39;reason&#39;: None,</span>
-<span class="sd">        &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd"> }</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_assign_fingerprint_list_to_group ##</span>
+<span class="c1"># Globals</span>
 <span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_assign_fingerprint_list_to_group&quot;</span>
 <span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Assign Fingerprint List to lockdown group&quot;</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;domain_name&quot;</span><span class="p">,</span> <span class="s2">&quot;list_name&quot;</span><span class="p">,</span> <span class="s2">&quot;list_id&quot;</span><span class="p">,</span> <span class="s2">&quot;list_description&quot;</span><span class="p">,</span> <span class="s2">&quot;hash_values&quot;</span><span class="p">,</span> <span class="s2">&quot;hash_type&quot;</span><span class="p">,</span> <span class="s2">&quot;group_ids&quot;</span><span class="p">]</span>
-<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">assign_fingerprintlist_to_group_results</span>
+<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
 
 <span class="c1"># Processing</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+  <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">content</span><span class="p">,</span> <span class="nb">dict</span><span class="p">)</span> <span class="ow">and</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;errorCode&quot;</span><span class="p">)</span> <span class="ow">and</span> <span class="nb">int</span><span class="p">(</span><span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;errorCode&quot;</span><span class="p">))</span> <span class="o">==</span> <span class="mi">400</span><span class="p">:</span>
+    <span class="c1"># The finger print list doesn&#39;t exist.</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">The fingerprint list &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; does not exist or is invalid &quot;</span> \
+                <span class="s2">&quot;for domain id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">),</span> <span class="n">row</span><span class="o">.</span><span class="n">domain_id</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Successfully assigned fingerprint list with id &quot;</span> \
+                <span class="s2">&quot;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; to group with id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">),</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_groupid&quot;</span><span class="p">),</span> <span class="n">FN_NAME</span><span class="p">)</span>
 
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-
-    <span class="k">if</span> <span class="n">CONTENT</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="k">if</span> <span class="s2">&quot;errorCode&quot;</span> <span class="ow">in</span> <span class="n">CONTENT</span> <span class="ow">and</span> <span class="nb">int</span><span class="p">(</span><span class="n">CONTENT</span><span class="p">[</span><span class="s2">&quot;errorCode&quot;</span><span class="p">])</span> <span class="o">==</span> <span class="mi">400</span><span class="p">:</span>
-            <span class="c1"># The finger print list doesn&#39;t exist.</span>
-            <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: The fingerprint list &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; does not exist or is invalid &quot;</span> \
-                        <span class="s2">&quot;for domain id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-                <span class="o">.</span><span class="n">format</span><span class="p">(</span> <span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">],</span> <span class="n">row</span><span class="o">.</span><span class="n">domain_id</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-        <span class="k">else</span><span class="p">:</span>
-            <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: Successfully assigned fingerprint list  with id &quot;</span> \
-                        <span class="s2">&quot;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; to group with id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-                <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">],</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_groupid&quot;</span><span class="p">],</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There were &lt;b&gt;no&lt;/b&gt; results returned &quot;</span> \
-                     <span class="s2">&quot;with fingerprint id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; and group id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">],</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_groupid&quot;</span><span class="p">],</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There were &lt;b&gt;no&lt;/b&gt; results returned &quot;</span> \
+               <span class="s2">&quot;with fingerprint id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; and group id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">),</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_groupid&quot;</span><span class="p">),</span> <span class="n">FN_NAME</span><span class="p">)</span>
 
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sep-cancel-a-command">
+<h2>Function - SEP - Cancel a Command<a class="headerlink" href="#function-sep-cancel-a-command" title="Link to this heading">¶</a></h2>
+<p>Cancels an existing command by creating a new cancel command for clients for which the command is still pending.</p>
+<p><img alt="screenshot: fn-sep---cancel-a-command " src="fn_sep/doc/screenshots/fn-sep---cancel-a-command.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_command_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The command ID for which details are needed.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;commandID&quot;</span><span class="p">:</span> <span class="s2">&quot;4C697374D15C433880A56800BAC25E56&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_command_id&quot;</span><span class="p">:</span> <span class="s2">&quot;367F5DE4A7F346E4A40B3475DFD93B06&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1322</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-17 10:59:14&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_groupid": </summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_groupid</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-groups"><span class="xref myst">Function - SEP - Get Groups</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;id</span></code>.</p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_command_id</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_command_id</span>
+</pre></div>
+</div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_fingerprintlist_id": </summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_id</span></code> field can be refered from <a class="reference internal" href="#function---sep---add-fingerprint-list"><span class="xref myst">Function - SEP - Add Fingerprint List</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">cancel_command_results</span>
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;SEP Command </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_command_id</span><span class="si">}</span><span class="s2"> was canceled.&quot;</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;SEP Command </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_command_id</span><span class="si">}</span><span class="s2"> was not canceled. Reason: </span><span class="si">{</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
 </p>
 </details>
 </section>
@@ -1041,6 +1047,7 @@ <h2>Function - SEP - Assign Fingerprint List to Group<a class="headerlink" href=
 <section id="function-sep-delete-fingerprint-list">
 <h2>Function - SEP - Delete Fingerprint List<a class="headerlink" href="#function-sep-delete-fingerprint-list" title="Link to this heading">¶</a></h2>
 <p>Delete  a  fingerprint list.</p>
+<p><img alt="screenshot: fn-sep---delete-fingerprint-list " src="fn_sep/doc/screenshots/fn-sep---delete-fingerprint-list.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -1092,75 +1099,56 @@ <h2>Function - SEP - Delete Fingerprint List<a class="headerlink" href="#functio
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_id</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">list_id</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_delete_fingerprint_list ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result:{&#39;inputs&#39;: {u&#39;sep_fingerprintlist_id&#39;: u&#39;E60B061FDD844EBF9778D4BD2AC3942A&#39;},</span>
-<span class="sd">         &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-29 10:36:53&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;, &#39;host&#39;: &#39;myhost&#39;,</span>
-<span class="sd">                     &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1744},</span>
-<span class="sd">         &#39;success&#39;: True,</span>
-<span class="sd">         &#39;content&#39;: &#39;&#39;,</span>
-<span class="sd">         &#39;raw&#39;: &#39;&quot;&quot;&#39;,</span>
-<span class="sd">         &#39;reason&#39;: None,</span>
-<span class="sd">         &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd"> }</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_delete_fingerprint_list ##</span>
+<span class="c1"># Globals</span>
 <span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_delete_fingerprint_list&quot;</span>
 <span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Delete Fingerprint List&quot;</span>
-<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">delete_fingerprintlist_results</span>
+<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
 
 <span class="c1"># Processing</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+  <span class="k">if</span> <span class="s2">&quot;errorCode&quot;</span> <span class="ow">in</span> <span class="n">content</span> <span class="ow">and</span> <span class="nb">int</span><span class="p">(</span><span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;errorCode&quot;</span><span class="p">))</span> <span class="o">==</span> <span class="mi">410</span><span class="p">:</span>
+    <span class="c1"># The finger print list doesn&#39;t exist.</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbooks &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">The fingerprint list &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; does not exist or is invalid &quot;</span> \
+                <span class="s2">&quot;for SOAR function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+        <span class="o">.</span><span class="n">format</span><span class="p">(</span> <span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">),</span> <span class="n">FN_NAME</span><span class="p">)</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Successfully deleted fingerprint list with id &quot;</span> \
+                <span class="s2">&quot;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">),</span> <span class="n">FN_NAME</span><span class="p">)</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">list_description</span> <span class="o">=</span> <span class="s2">&quot;Fingerprint list deleted&quot;</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">hash_values</span> <span class="o">=</span> <span class="s2">&quot;Fingerprint list deleted&quot;</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">list_id</span> <span class="o">=</span> <span class="s2">&quot;Fingerprint list deleted&quot;</span>
 
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-
-    <span class="k">if</span> <span class="n">CONTENT</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="k">if</span> <span class="s2">&quot;errorCode&quot;</span> <span class="ow">in</span> <span class="n">CONTENT</span> <span class="ow">and</span> <span class="nb">int</span><span class="p">(</span><span class="n">CONTENT</span><span class="p">[</span><span class="s2">&quot;errorCode&quot;</span><span class="p">])</span> <span class="o">==</span> <span class="mi">410</span><span class="p">:</span>
-            <span class="c1"># The finger print list doesn&#39;t exist.</span>
-            <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: The fingerprint list &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; does not exist or is invalid &quot;</span> \
-                        <span class="s2">&quot;for Resilient function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-                <span class="o">.</span><span class="n">format</span><span class="p">(</span> <span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">],</span> <span class="n">FN_NAME</span><span class="p">)</span>
-        <span class="k">else</span><span class="p">:</span>
-            <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: Successfully deleted fingerprint list  with id &quot;</span> \
-                        <span class="s2">&quot;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-                <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">],</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There were &lt;b&gt;no&lt;/b&gt; results returned &quot;</span> \
-                     <span class="s2">&quot;with fingerprint id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">],</span>  <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There were &lt;b&gt;no&lt;/b&gt; results returned &quot;</span> \
+               <span class="s2">&quot;with fingerprint id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">),</span>  <span class="n">FN_NAME</span><span class="p">)</span>
 
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_fingerprintlist_id": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_id</span></code> field can be refered from <a class="reference internal" href="#function---sep---add-fingerprint-list"><span class="xref myst">Function - SEP - Add Fingerprint List</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
 </section>
 <hr class="docutils" />
 <section id="function-sep-get-command-status">
 <h2>Function - SEP - Get Command Status<a class="headerlink" href="#function-sep-get-command-status" title="Link to this heading">¶</a></h2>
 <p>Gets the details of a command status from a command id.</p>
+<p><img alt="screenshot: fn-sep---get-command-status " src="fn_sep/doc/screenshots/fn-sep---get-command-status.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -1184,7 +1172,7 @@ <h2>Function - SEP - Get Command Status<a class="headerlink" href="#function-sep
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
 <td class="text-center"><p>No</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The IBM SOAR incident id.</p></td>
+<td><p>The IBM SOAR incident ID.</p></td>
 </tr>
 <tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_matching_endpoint_ids</span></code></p></td>
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">boolean</span></code></p></td>
@@ -1242,18 +1230,18 @@ <h2>Function - SEP - Get Command Status<a class="headerlink" href="#function-sep
   <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
     <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
       <span class="p">{</span>
-        <span class="s2">&quot;beginTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06T09:51:09Z&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;binaryFileId&quot;</span><span class="p">:</span> <span class="s2">&quot;binaryFileId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;computerId&quot;</span><span class="p">:</span> <span class="s2">&quot;computerId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;computerIp&quot;</span><span class="p">:</span> <span class="s2">&quot;000.00.00.00&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;computerName&quot;</span><span class="p">:</span> <span class="s2">&quot;computerName&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;currentLoginUserName&quot;</span><span class="p">:</span> <span class="s2">&quot;Testuser&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;beginTime&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;binaryFileId&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;computerId&quot;</span><span class="p">:</span> <span class="s2">&quot;01ECF4E8092E5BB91E4D52E45C3ABE4D&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;computerIp&quot;</span><span class="p">:</span> <span class="s2">&quot;9.37.29.102&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;computerName&quot;</span><span class="p">:</span> <span class="s2">&quot;WIN-N5KGH4CP3N3&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;currentLoginUserName&quot;</span><span class="p">:</span> <span class="s2">&quot;Administrator&quot;</span><span class="p">,</span>
         <span class="s2">&quot;domainName&quot;</span><span class="p">:</span> <span class="s2">&quot;Default&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;hardwareKey&quot;</span><span class="p">:</span> <span class="s2">&quot;hardwareKey&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastUpdateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06T09:51:09Z&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;resultInXML&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;stateId&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
-        <span class="s2">&quot;subStateDesc&quot;</span><span class="p">:</span> <span class="s2">&quot;C:</span><span class="se">\\</span><span class="s2">Users</span><span class="se">\\</span><span class="s2">Public</span><span class="se">\\</span><span class="s2">Documents</span><span class="se">\\</span><span class="s2">sample.exe&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;hardwareKey&quot;</span><span class="p">:</span> <span class="s2">&quot;8DACE2559C1C951E09CC0BF71D973BB7&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastUpdateTime&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;resultInXML&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;stateId&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;subStateDesc&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;subStateId&quot;</span><span class="p">:</span> <span class="mi">0</span>
       <span class="p">}</span>
     <span class="p">],</span>
@@ -1261,7 +1249,7 @@ <h2>Function - SEP - Get Command Status<a class="headerlink" href="#function-sep
     <span class="s2">&quot;lastPage&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
     <span class="s2">&quot;number&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
     <span class="s2">&quot;numberOfElements&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-    <span class="s2">&quot;overall_command_state&quot;</span><span class="p">:</span> <span class="s2">&quot;Completed&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;overall_command_state&quot;</span><span class="p">:</span> <span class="s2">&quot;In progress&quot;</span><span class="p">,</span>
     <span class="s2">&quot;remediate_artifact_value&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
     <span class="s2">&quot;scan_artifact_value&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
     <span class="s2">&quot;size&quot;</span><span class="p">:</span> <span class="mi">20</span><span class="p">,</span>
@@ -1278,116 +1266,100 @@ <h2>Function - SEP - Get Command Status<a class="headerlink" href="#function-sep
     <span class="s2">&quot;total_fail_remediation_count&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
     <span class="s2">&quot;total_match_count&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
     <span class="s2">&quot;total_match_ep_count&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-    <span class="s2">&quot;total_not_completed&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+    <span class="s2">&quot;total_not_completed&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
     <span class="s2">&quot;total_remediation_count&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
     <span class="s2">&quot;total_remediation_ep_count&quot;</span><span class="p">:</span> <span class="mi">0</span>
   <span class="p">},</span>
   <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_commandid&quot;</span><span class="p">:</span> <span class="s2">&quot;commandid&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_commandid&quot;</span><span class="p">:</span> <span class="s2">&quot;1CA9D4F37DD94CA88A9D93D09402E3D3&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_incident_id&quot;</span><span class="p">:</span> <span class="mi">2133</span><span class="p">,</span>
     <span class="s2">&quot;sep_status_type&quot;</span><span class="p">:</span> <span class="s2">&quot;quarantine&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2060</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">765</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 13:56:03&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-21 08:40:33&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">content</span><span class="se">\&quot;</span><span class="s2">: [{</span><span class="se">\&quot;</span><span class="s2">beginTime</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">2023-01-06T09:51:09Z</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">lastUpdateTime</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">2023-01-06T09:51:09Z</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">computerName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">EC2AMAZ-O9BT872</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">computerIp</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">172.31.37.22</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">domainName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Default</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">currentLoginUserName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Administrator</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">stateId</span><span class="se">\&quot;</span><span class="s2">: 3, </span><span class="se">\&quot;</span><span class="s2">subStateId</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">subStateDesc</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">C:</span><span class="se">\\\\</span><span class="s2">Users</span><span class="se">\\\\</span><span class="s2">Public</span><span class="se">\\\\</span><span class="s2">Documents</span><span class="se">\\\\</span><span class="s2">sample.exe</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">binaryFileId</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">F1568E3BAC1F211B397E2DAC71FD6BF7</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">resultInXML</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">computerId</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">CD08C63EAC1F211B1B6FD4039B293000</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">hardwareKey</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">E4A30FDB287F7B23F9BF22166FD54BF1</span><span class="se">\&quot;</span><span class="s2">}], </span><span class="se">\&quot;</span><span class="s2">totalPages</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">firstPage</span><span class="se">\&quot;</span><span class="s2">: true, </span><span class="se">\&quot;</span><span class="s2">lastPage</span><span class="se">\&quot;</span><span class="s2">: true, </span><span class="se">\&quot;</span><span class="s2">totalElements</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">size</span><span class="se">\&quot;</span><span class="s2">: 20, </span><span class="se">\&quot;</span><span class="s2">number</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">sort</span><span class="se">\&quot;</span><span class="s2">: [{</span><span class="se">\&quot;</span><span class="s2">direction</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">ASC</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">property</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Begintime</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">ascending</span><span class="se">\&quot;</span><span class="s2">: true}], </span><span class="se">\&quot;</span><span class="s2">numberOfElements</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">total_match_count</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">total_match_ep_count</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">total_remediation_count</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">total_fail_remediation_count</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">total_remediation_ep_count</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">total_not_completed</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">total_ep_count</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">scan_artifact_value</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">remediate_artifact_value</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">overall_command_state</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Completed</span><span class="se">\&quot;</span><span class="s2">}&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
 <span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_commandid</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">quarantine_commandid</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_status_type</span> <span class="o">=</span> <span class="s2">&quot;quarantine&quot;</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_incident_id</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">id</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_commandid</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">remediation_commandid</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_status_type</span> <span class="o">=</span> <span class="s2">&quot;remediation&quot;</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_get_command_status script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: { &#39;inputs&#39;: {u&#39;sep_status_type&#39;: u&#39;quarantine&#39;, u&#39;sep_commandid&#39;: u&#39;7D3670DDF5A64A99B3721BF8A375B302&#39;},</span>
-<span class="sd">          &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-04-26 15:25:55&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;,</span>
-<span class="sd">                      &#39;host&#39;: &#39;myhost&#39;, &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1256},</span>
-<span class="sd">          &#39;success&#39;: True,</span>
-<span class="sd">          &#39;content&#39;: {u&#39;sort&#39;: [{u&#39;direction&#39;: u&#39;ASC&#39;, u&#39;property&#39;: u&#39;Begintime&#39;, u&#39;ascending&#39;: True}], &#39;command_state&#39;: &#39;Completed&#39;, u&#39;number&#39;: 0, u&#39;firstPage&#39;: True, &#39;: 0, u&#39;content&#39;: [{u&#39;computerName&#39;: u&#39;WIN-N5KGH4CP3N3&#39;, u&#39;subStateId u&#39;binaryFileId&#39;: None, u&#39;lastUpdateTime&#39;:</span>
-<span class="sd">                        u&#39;2019-04-26T11:05:27Z&#39;, u&#39;domainName&#39;: u&#39;Default&#39;, u&#39;hardwareKey&#39;: u&#39;DC7D24D6465566D2941F35BC8D17801E&#39;,</span>
-<span class="sd">                        u&#39;subStateDesc&#39;: u&#39;&#39;, u&#39;stateId&#39;: 3, u&#39;computerId&#39;: u&#39;89AD1BBB0946C25D25E6C0984E971D8A&#39;, u&#39;computerIp&#39;: u&#39;9.70.194.94&#39;, u&#39;beginTime&#39;: u&#39;2019-04-26T11:05:27Z&#39;, u&#39;currentLoginUserName&#39;: u&#39;Administrator&#39;, u&#39;resultInXML&#39;: u&#39;&#39;, &#39;command_status_id&#39;: 3}], u&#39;lastPage&#39;: True, u&#39;totalPages&#39;: 1, u&#39;numberOfElements&#39;: 1, u&#39;totalElements&#39;: 1, u&#39;size&#39;: 20},</span>
-<span class="sd">          &#39;raw&#39;: &#39;{&quot;sort&quot;: [{&quot;direction&quot;: &quot;ASC&quot;, &quot;property&quot;: &quot;Begintime&quot;, &quot;ascending&quot;: true}], &quot;command_state&quot;: &quot;Completed&quot;, &quot;number&quot;: 0, &quot;firstPage&quot;: true, &quot;content&quot;: [{&quot;computerName&quot;: &quot;WIN-N5KGH4CP3N3&quot;, &quot;subStateId&quot;: 0, &quot;binaryFileId&quot;: null, &quot;lastUpdateTime&quot;: &quot;2019-04-26T11:05:27Z&quot;, &quot;domainName&quot;: &quot;Default&quot;, &quot;hardwareKey&quot;: &quot;DC7D24D6465566D2941F35BC8D17801E&quot;, &quot;subStateDesc&quot;: &quot;&quot;, &quot;stateId&quot;: 3, &quot;computerId&quot;: &quot;89AD1BBB0946C25D25E6C0984E971D8A&quot;, &quot;computerIp&quot;: &quot;9.70.194.94&quot;, &quot;beginTime&quot;: &quot;2019-04-26T11:05:27Z&quot;, &quot;currentLoginUserName&quot;: &quot;Administrator&quot;, &quot;resultInXML&quot;: &quot;&quot;, &quot;command_status_id&quot;: 3}], &quot;lastPage&quot;: true, &quot;totalPages&quot;: 1, &quot;numberOfElements&quot;: 1, &quot;totalElements&quot;: 1, &quot;size&quot;: 20}&#39;, &#39;reason&#39;: None, &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd">}</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_get_command_status script ##</span>
+<span class="c1"># Globals</span>
 <span class="c1"># List of fields in datatable fn_sep_get_command_status script</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;quarantine_status&quot;</span><span class="p">,</span> <span class="s2">&quot;quarantine_command_state&quot;</span><span class="p">,</span> <span class="s2">&quot;endpoint_quarantine_status&quot;</span><span class="p">]</span>
+<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;query_execution_date&quot;</span><span class="p">,</span> <span class="s2">&quot;remediation_status&quot;</span><span class="p">]</span>
 <span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_get_command_status&quot;</span>
-<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Quarantine Endpoint&quot;</span>
-<span class="n">STATUS_TYPE</span> <span class="o">=</span> <span class="s2">&quot;quarantine&quot;</span>
-<span class="n">FINAL_STATUSES</span> <span class="o">=</span> <span class="p">{</span>
-    <span class="mi">0</span><span class="p">:</span> <span class="s2">&quot;Not received&quot;</span><span class="p">,</span>
-    <span class="mi">1</span><span class="p">:</span> <span class="s2">&quot;Received&quot;</span><span class="p">,</span>
-    <span class="mi">2</span><span class="p">:</span> <span class="s2">&quot;In progress&quot;</span><span class="p">,</span>
-    <span class="mi">3</span><span class="p">:</span> <span class="s2">&quot;Completed&quot;</span><span class="p">,</span>
-    <span class="mi">4</span><span class="p">:</span> <span class="s2">&quot;Rejected&quot;</span><span class="p">,</span>
-    <span class="mi">5</span><span class="p">:</span> <span class="s2">&quot;Canceled&quot;</span><span class="p">,</span>
-    <span class="mi">6</span><span class="p">:</span> <span class="s2">&quot;Failed&quot;</span>
-<span class="p">}</span>
+<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Get Remediation status&quot;</span>
+<span class="n">STATUS_TYPE</span> <span class="o">=</span> <span class="s2">&quot;remediate&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_command_results</span>
+<span class="n">REMEDIATE_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
+<span class="n">C_OUTER</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
 
-<span class="n">C_OUTER</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
 <span class="c1"># Processing</span>
+<span class="n">remediation_command_state</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;overall_command_state&quot;</span><span class="p">)</span>
+<span class="n">total_remediation_count</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;total_remediation_count&quot;</span><span class="p">)</span>
+<span class="n">total_remediation_ep_count</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;total_remediation_ep_count&quot;</span><span class="p">)</span>
+<span class="n">total_fail_remediation_count</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;total_fail_remediation_count&quot;</span><span class="p">)</span>
+<span class="n">total_ep_count</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;total_ep_count&quot;</span><span class="p">)</span>
+<span class="n">att_name</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;att_name&quot;</span><span class="p">)</span>
 
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-
-    <span class="n">endpoint_quarantine_status</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">endpoint_quarantine_status</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">]</span>
-    <span class="n">status_msg</span> <span class="o">=</span> <span class="s2">&quot;Un-quarantine&quot;</span> <span class="k">if</span> <span class="n">endpoint_quarantine_status</span> <span class="o">==</span> <span class="s2">&quot;Quarantined&quot;</span> <span class="k">else</span> <span class="s2">&quot;Quarantine&quot;</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-    <span class="n">quarantine_command_state</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="p">[</span><span class="s2">&quot;overall_command_state&quot;</span><span class="p">]</span>
-
-    <span class="k">if</span> <span class="n">C_OUTER</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span> <span class="ow">and</span> <span class="nb">len</span><span class="p">(</span><span class="n">C_OUTER</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">])</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span>
-        <span class="n">row</span><span class="o">.</span><span class="n">quarantine_command_state</span> <span class="o">=</span> <span class="n">quarantine_command_state</span>
-        <span class="n">row</span><span class="o">.</span><span class="n">query_execution_date</span> <span class="o">=</span> <span class="n">QUERY_EXECUTION_DATE</span>
-        <span class="n">computer</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; command status for command id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; &quot;</span> \
-                    <span class="s2">&quot;for computer &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; was &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{5}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">status_msg</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">quarantine_commandid</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">computerName</span><span class="p">,</span> <span class="n">FINAL_STATUSES</span><span class="p">[</span><span class="n">computer</span><span class="p">[</span><span class="s2">&quot;stateId&quot;</span><span class="p">]],</span> <span class="n">FN_NAME</span><span class="p">)</span>
-        <span class="k">if</span> <span class="n">quarantine_command_state</span> <span class="o">==</span> <span class="s2">&quot;Completed&quot;</span><span class="p">:</span>
-            <span class="n">row</span><span class="o">.</span><span class="n">quarantine_command_state</span> <span class="o">=</span> <span class="n">FINAL_STATUSES</span><span class="p">[</span><span class="n">computer</span><span class="p">[</span><span class="s2">&quot;stateId&quot;</span><span class="p">]]</span>
-        <span class="k">else</span><span class="p">:</span>
-            <span class="n">row</span><span class="o">.</span><span class="n">quarantine_command_state</span> <span class="o">=</span> <span class="n">quarantine_command_state</span>
-
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There were &lt;b&gt;no&lt;/b&gt; results returned for Resilient function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span> \
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="n">att_note</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="k">if</span> <span class="n">C_OUTER</span><span class="p">:</span>
+  <span class="k">if</span> <span class="n">total_remediation_count</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span>
+    <span class="n">att_note</span> <span class="o">=</span> <span class="s2">&quot;&lt;br&gt;Added full result as an attachment. Attachment name: &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;.&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">att_name</span><span class="p">)</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Remediate artifact returned &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; remediated &quot;</span> \
+              <span class="s2">&quot;artifacts on &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; out of a total of &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; endpoints for artifact with type &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt; &quot;</span> \
+              <span class="s2">&quot;and value &lt;b&gt;</span><span class="si">{5}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{7}</span><span class="s2">&lt;/b&gt;.</span><span class="si">{6}</span><span class="s2">&quot;</span> \
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">total_remediation_count</span><span class="p">,</span> <span class="n">total_remediation_ep_count</span><span class="p">,</span> <span class="n">total_ep_count</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">artifact_type</span><span class="p">,</span>
+              <span class="n">row</span><span class="o">.</span><span class="n">artifact_value</span><span class="p">,</span> <span class="n">att_note</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
 
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+  <span class="k">if</span> <span class="n">remediation_command_state</span> <span class="o">==</span> <span class="s2">&quot;Completed&quot;</span><span class="p">:</span>
+    <span class="k">if</span> <span class="n">total_fail_remediation_count</span> <span class="o">==</span> <span class="mi">0</span> <span class="ow">and</span> <span class="n">total_remediation_count</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span>
+      <span class="n">row</span><span class="o">.</span><span class="n">remediation_status</span> <span class="o">=</span> <span class="s2">&quot;</span><span class="si">{0}</span><span class="s2"> at </span><span class="si">{1}</span><span class="s2">. For remediation results see note/attachment.&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">remediation_command_state</span><span class="p">,</span> <span class="n">REMEDIATE_EXECUTION_DATE</span><span class="p">)</span>
+    <span class="k">elif</span> <span class="n">total_fail_remediation_count</span> <span class="o">==</span> <span class="mi">0</span> <span class="ow">and</span> <span class="n">total_remediation_count</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span>
+      <span class="n">row</span><span class="o">.</span><span class="n">remediation_status</span> <span class="o">=</span> <span class="s2">&quot;No match found&quot;</span>
+    <span class="k">elif</span> <span class="n">total_fail_remediation_count</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span>
+      <span class="n">row</span><span class="o">.</span><span class="n">remediation_status</span> <span class="o">=</span> <span class="s2">&quot;Failed&quot;</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">remediation_status</span> <span class="o">=</span> <span class="n">remediation_command_state</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">row</span><span class="o">.</span><span class="n">remediation_status</span> <span class="o">=</span> <span class="n">remediation_command_state</span>
+  <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Remediate artifact returned &lt;b&gt;no&lt;/b&gt; results for &quot;</span> \
+               <span class="s2">&quot;for artifact with type &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; and value &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">artifact_type</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">artifact_value</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
 
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_commandid": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_commandid</span></code> field can be refered from the output of some of the functions like <a class="reference internal" href="#function---sep---scan-endpoints"><span class="xref myst">Function - SEP - Scan Endpoints</span></a>,  <a class="reference internal" href="#function---sep---upload-file-to-sepm"><span class="xref myst">Function - SEP - Upload File to SEPM</span></a> etc. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">commandID/commandID_group/commandID_computer</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;commandID/commandID_group/commandID_computer</span></code>.</p>
-</p>
-</details>
 </section>
 <hr class="docutils" />
 <section id="function-sep-get-computers">
 <h2>Function - SEP - Get Computers<a class="headerlink" href="#function-sep-get-computers" title="Link to this heading">¶</a></h2>
 <p>Gets the information about the computers in a specified domain.</p>
+<p><img alt="screenshot: fn-sep---get-computers " src="fn_sep/doc/screenshots/fn-sep---get-computers.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -1481,50 +1453,51 @@ <h2>Function - SEP - Get Computers<a class="headerlink" href="#function-sep-get-
   <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
     <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
       <span class="p">{</span>
-        <span class="s2">&quot;agentId&quot;</span><span class="p">:</span> <span class="s2">&quot;agentId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;agentTimeStamp&quot;</span><span class="p">:</span> <span class="mi">1673003005980</span><span class="p">,</span>
+        <span class="s2">&quot;agentId&quot;</span><span class="p">:</span> <span class="s2">&quot;FC50D87A092E5BB91E4D52E4CB82C6CF&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;agentTimeStamp&quot;</span><span class="p">:</span> <span class="mi">1724243995817</span><span class="p">,</span>
         <span class="s2">&quot;agentType&quot;</span><span class="p">:</span> <span class="s2">&quot;105&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;agentUsn&quot;</span><span class="p">:</span> <span class="mi">252331</span><span class="p">,</span>
-        <span class="s2">&quot;agentVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;14.3.9205.6000&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;apOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+        <span class="s2">&quot;agentUsn&quot;</span><span class="p">:</span> <span class="mi">1228250</span><span class="p">,</span>
+        <span class="s2">&quot;agentVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;14.3.9717.7000&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;apOnOff&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
         <span class="s2">&quot;atpDeviceId&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;atpServer&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;attributeExtension&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;avDefsetRevision&quot;</span><span class="p">:</span> <span class="s2">&quot;23&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;avDefsetSequence&quot;</span><span class="p">:</span> <span class="s2">&quot;225331&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;avDefsetVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;230105023&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;avDefsetRevision&quot;</span><span class="p">:</span> <span class="s2">&quot;21&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;avDefsetSequence&quot;</span><span class="p">:</span> <span class="s2">&quot;236155&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;avDefsetVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;240820021&quot;</span><span class="p">,</span>
         <span class="s2">&quot;avEngineOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
         <span class="s2">&quot;bashStatus&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;biosVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;Xen - 0 Revision: 1.221&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;behavioralAnalysisDefsetVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;240820001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;biosVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;INTEL  - 6040000 PhoenixBIOS 4.0 Release 6.0&quot;</span><span class="p">,</span>
         <span class="s2">&quot;bwf&quot;</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span>
         <span class="s2">&quot;cidsBrowserFfOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
         <span class="s2">&quot;cidsBrowserIeOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;cidsDefsetVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;230105073&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;cidsDefsetVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;240820081&quot;</span><span class="p">,</span>
         <span class="s2">&quot;cidsDrvMulfCode&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;cidsDrvOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;cidsEngineVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;17.2.10.7&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;cidsEngineVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;17.2.11.37&quot;</span><span class="p">,</span>
         <span class="s2">&quot;cidsSilentMode&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;computerDescription&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;computerName&quot;</span><span class="p">:</span> <span class="s2">&quot;computerName&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;computerTimeStamp&quot;</span><span class="p">:</span> <span class="mi">1673001224119</span><span class="p">,</span>
-        <span class="s2">&quot;computerUsn&quot;</span><span class="p">:</span> <span class="mi">252244</span><span class="p">,</span>
+        <span class="s2">&quot;computerName&quot;</span><span class="p">:</span> <span class="s2">&quot;WIN-N5KGH4CP3N3&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;computerTimeStamp&quot;</span><span class="p">:</span> <span class="mi">1724243995822</span><span class="p">,</span>
+        <span class="s2">&quot;computerUsn&quot;</span><span class="p">:</span> <span class="mi">1228250</span><span class="p">,</span>
         <span class="s2">&quot;contentUpdate&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;creationTime&quot;</span><span class="p">:</span> <span class="mi">1670855079127</span><span class="p">,</span>
-        <span class="s2">&quot;currentClientId&quot;</span><span class="p">:</span> <span class="s2">&quot;currentClientId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;daOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+        <span class="s2">&quot;creationTime&quot;</span><span class="p">:</span> <span class="mi">1721051528927</span><span class="p">,</span>
+        <span class="s2">&quot;currentClientId&quot;</span><span class="p">:</span> <span class="s2">&quot;76B1CFBD092E5BB91E4D52E426621842&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;daOnOff&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
         <span class="s2">&quot;deleted&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;department&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;deploymentMessage&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;deploymentPreVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;deploymentRunningVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;14.3.9205.6000&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;deploymentRunningVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;14.3.9717.7000&quot;</span><span class="p">,</span>
         <span class="s2">&quot;deploymentStatus&quot;</span><span class="p">:</span> <span class="s2">&quot;302456832&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;deploymentTargetVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;14.3.9205.6000&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;deploymentTargetVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;14.3.9717.7000&quot;</span><span class="p">,</span>
         <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;dhcpServer&quot;</span><span class="p">:</span> <span class="s2">&quot;000.00.00.1&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;dhcpServer&quot;</span><span class="p">:</span> <span class="s2">&quot;0.0.0.0&quot;</span><span class="p">,</span>
         <span class="s2">&quot;diskDrive&quot;</span><span class="p">:</span> <span class="s2">&quot;C:</span><span class="se">\\</span><span class="s2">&quot;</span><span class="p">,</span>
         <span class="s2">&quot;dnsServers&quot;</span><span class="p">:</span> <span class="p">[</span>
-          <span class="s2">&quot;0.0.0.0&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;0.0.0.0&quot;</span>
+          <span class="s2">&quot;9.42.106.2&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;9.42.106.3&quot;</span>
         <span class="p">],</span>
         <span class="s2">&quot;domainOrWorkgroup&quot;</span><span class="p">:</span> <span class="s2">&quot;WORKGROUP&quot;</span><span class="p">,</span>
         <span class="s2">&quot;edrStatus&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -1535,54 +1508,53 @@ <h2>Function - SEP - Get Computers<a class="headerlink" href="#function-sep-get-
         <span class="s2">&quot;encryptedDevicePassword&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;fbwf&quot;</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span>
         <span class="s2">&quot;firewallOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;freeDisk&quot;</span><span class="p">:</span> <span class="mi">33266442240</span><span class="p">,</span>
-        <span class="s2">&quot;freeMem&quot;</span><span class="p">:</span> <span class="mi">2616713216</span><span class="p">,</span>
+        <span class="s2">&quot;freeDisk&quot;</span><span class="p">:</span> <span class="mi">57622753280</span><span class="p">,</span>
+        <span class="s2">&quot;freeMem&quot;</span><span class="p">:</span> <span class="mi">1404067840</span><span class="p">,</span>
         <span class="s2">&quot;fullName&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;gateways&quot;</span><span class="p">:</span> <span class="p">[</span>
-          <span class="s2">&quot;000.00.00.1&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;000.00.00.1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;9.37.29.1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;0.0.0.0&quot;</span><span class="p">,</span>
           <span class="s2">&quot;0.0.0.0&quot;</span><span class="p">,</span>
           <span class="s2">&quot;0.0.0.0&quot;</span>
         <span class="p">],</span>
         <span class="s2">&quot;group&quot;</span><span class="p">:</span> <span class="p">{</span>
           <span class="s2">&quot;domain&quot;</span><span class="p">:</span> <span class="p">{</span>
-            <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
             <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Default&quot;</span>
           <span class="p">},</span>
           <span class="s2">&quot;externalReferenceId&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
           <span class="s2">&quot;fullPathName&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;My Company&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;E5E684A6092E5BB90F46E84BB6F35BBC&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;My Company</span><span class="se">\\</span><span class="s2">Group1&quot;</span><span class="p">,</span>
           <span class="s2">&quot;source&quot;</span><span class="p">:</span> <span class="n">null</span>
         <span class="p">},</span>
         <span class="s2">&quot;groupUpdateProvider&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-        <span class="s2">&quot;hardwareKey&quot;</span><span class="p">:</span> <span class="s2">&quot;hardwareKey&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;hardwareKey&quot;</span><span class="p">:</span> <span class="s2">&quot;8DACE2559C1C951E09CC0BF71D973BB7&quot;</span><span class="p">,</span>
         <span class="s2">&quot;homePhone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;hypervisorVendorId&quot;</span><span class="p">:</span> <span class="s2">&quot;3&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;hypervisorVendorId&quot;</span><span class="p">:</span> <span class="s2">&quot;1&quot;</span><span class="p">,</span>
         <span class="s2">&quot;idsChecksum&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;idsSerialNo&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;idsVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;infected&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;infected&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
         <span class="s2">&quot;installType&quot;</span><span class="p">:</span> <span class="s2">&quot;0&quot;</span><span class="p">,</span>
         <span class="s2">&quot;ipAddresses&quot;</span><span class="p">:</span> <span class="p">[</span>
-          <span class="s2">&quot;000.00.00.00&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;0000:0000:0000:0000:0000:0000:C3BE:E313&quot;</span>
+          <span class="s2">&quot;9.37.29.102&quot;</span>
         <span class="p">],</span>
         <span class="s2">&quot;isGrace&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;isNpvdiClient&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;jobTitle&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;kernel&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;lastConnectedIpAddr&quot;</span><span class="p">:</span> <span class="s2">&quot;000.00.00.00&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastDeploymentTime&quot;</span><span class="p">:</span> <span class="mi">1670855163000</span><span class="p">,</span>
-        <span class="s2">&quot;lastDownloadTime&quot;</span><span class="p">:</span> <span class="mi">1670855103022</span><span class="p">,</span>
+        <span class="s2">&quot;lastConnectedIpAddr&quot;</span><span class="p">:</span> <span class="s2">&quot;9.37.29.102&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastDeploymentTime&quot;</span><span class="p">:</span> <span class="mi">1721052502000</span><span class="p">,</span>
+        <span class="s2">&quot;lastDownloadTime&quot;</span><span class="p">:</span> <span class="mi">1721051552300</span><span class="p">,</span>
         <span class="s2">&quot;lastHeuristicThreatTime&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;lastScanTime&quot;</span><span class="p">:</span> <span class="mi">1672980342000</span><span class="p">,</span>
-        <span class="s2">&quot;lastServerId&quot;</span><span class="p">:</span> <span class="s2">&quot;lastServerId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastServerName&quot;</span><span class="p">:</span> <span class="s2">&quot;lastServerName&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastSiteId&quot;</span><span class="p">:</span> <span class="s2">&quot;lastSiteId&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastScanTime&quot;</span><span class="p">:</span> <span class="mi">1724225880000</span><span class="p">,</span>
+        <span class="s2">&quot;lastServerId&quot;</span><span class="p">:</span> <span class="s2">&quot;477D0222092E5BB91EC14117B8C56C14&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastServerName&quot;</span><span class="p">:</span> <span class="s2">&quot;c95648v1&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastSiteId&quot;</span><span class="p">:</span> <span class="s2">&quot;C18D5D63092E5BB937BFAB713E75E3E9&quot;</span><span class="p">,</span>
         <span class="s2">&quot;lastSiteName&quot;</span><span class="p">:</span> <span class="s2">&quot;My Site&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastUpdateTime&quot;</span><span class="p">:</span> <span class="mi">1673003005980</span><span class="p">,</span>
-        <span class="s2">&quot;lastVirusTime&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;lastUpdateTime&quot;</span><span class="p">:</span> <span class="mi">1724243995809</span><span class="p">,</span>
+        <span class="s2">&quot;lastVirusTime&quot;</span><span class="p">:</span> <span class="mi">1723561216000</span><span class="p">,</span>
         <span class="s2">&quot;licenseExpiry&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;licenseId&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;licenseStatus&quot;</span><span class="p">:</span> <span class="o">-</span><span class="mi">1</span><span class="p">,</span>
@@ -1590,51 +1562,49 @@ <h2>Function - SEP - Get Computers<a class="headerlink" href="#function-sep-get-
         <span class="s2">&quot;loginDomain&quot;</span><span class="p">:</span> <span class="s2">&quot;LocalComputer&quot;</span><span class="p">,</span>
         <span class="s2">&quot;logonUserName&quot;</span><span class="p">:</span> <span class="s2">&quot;Administrator&quot;</span><span class="p">,</span>
         <span class="s2">&quot;macAddresses&quot;</span><span class="p">:</span> <span class="p">[</span>
-          <span class="s2">&quot;02-00-00-00-00-80&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;02-00-00-00-00-80&quot;</span>
+          <span class="s2">&quot;00-50-56-B4-75-BA&quot;</span>
         <span class="p">],</span>
         <span class="s2">&quot;majorVersion&quot;</span><span class="p">:</span> <span class="mi">14</span><span class="p">,</span>
-        <span class="s2">&quot;memory&quot;</span><span class="p">:</span> <span class="mi">4294557696</span><span class="p">,</span>
+        <span class="s2">&quot;memory&quot;</span><span class="p">:</span> <span class="mi">4294430720</span><span class="p">,</span>
         <span class="s2">&quot;minorVersion&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
         <span class="s2">&quot;mobilePhone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;officePhone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;onlineStatus&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;operatingSystem&quot;</span><span class="p">:</span> <span class="s2">&quot;Windows Server 2019 Datacenter Edition&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;operatingSystem&quot;</span><span class="p">:</span> <span class="s2">&quot;Windows Server 2012 Standard Edition&quot;</span><span class="p">,</span>
         <span class="s2">&quot;osBitness&quot;</span><span class="p">:</span> <span class="s2">&quot;x64&quot;</span><span class="p">,</span>
         <span class="s2">&quot;osElamStatus&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;osFlavorNumber&quot;</span><span class="p">:</span> <span class="mi">8</span><span class="p">,</span>
+        <span class="s2">&quot;osFlavorNumber&quot;</span><span class="p">:</span> <span class="mi">7</span><span class="p">,</span>
         <span class="s2">&quot;osFunction&quot;</span><span class="p">:</span> <span class="s2">&quot;Server&quot;</span><span class="p">,</span>
         <span class="s2">&quot;osLanguage&quot;</span><span class="p">:</span> <span class="s2">&quot;en-US&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;osMajor&quot;</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span>
-        <span class="s2">&quot;osMinor&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;osName&quot;</span><span class="p">:</span> <span class="s2">&quot;Windows Server 2019&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;osServicePack&quot;</span><span class="p">:</span> <span class="s2">&quot;17763&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;osVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;patternIdx&quot;</span><span class="p">:</span> <span class="s2">&quot;patternIdx&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;osMajor&quot;</span><span class="p">:</span> <span class="mi">6</span><span class="p">,</span>
+        <span class="s2">&quot;osMinor&quot;</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span>
+        <span class="s2">&quot;osName&quot;</span><span class="p">:</span> <span class="s2">&quot;Windows Server 2012&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;osServicePack&quot;</span><span class="p">:</span> <span class="s2">&quot;9200&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;osVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;6.2&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;patternIdx&quot;</span><span class="p">:</span> <span class="s2">&quot;B47B44938636895A503D54AEEB825207&quot;</span><span class="p">,</span>
         <span class="s2">&quot;pepOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;physicalCpus&quot;</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span>
-        <span class="s2">&quot;processorClock&quot;</span><span class="p">:</span> <span class="mi">2300</span><span class="p">,</span>
-        <span class="s2">&quot;processorType&quot;</span><span class="p">:</span> <span class="s2">&quot;Intel64 Family 6 Model 79 Stepping 1&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;physicalCpus&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+        <span class="s2">&quot;processorClock&quot;</span><span class="p">:</span> <span class="mi">2400</span><span class="p">,</span>
+        <span class="s2">&quot;processorType&quot;</span><span class="p">:</span> <span class="s2">&quot;Intel64 Family 6 Model 45 Stepping 7&quot;</span><span class="p">,</span>
         <span class="s2">&quot;profileChecksum&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;profileSerialNo&quot;</span><span class="p">:</span> <span class="s2">&quot;AAAA-12/28/2022 14:30:24 853&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;profileVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;14.3.9205&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;profileSerialNo&quot;</span><span class="p">:</span> <span class="s2">&quot;E5E6-08/21/2024 12:38:31 900&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;profileVersion&quot;</span><span class="p">:</span> <span class="s2">&quot;14.3.25029&quot;</span><span class="p">,</span>
         <span class="s2">&quot;pskVersion&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;ptpOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;publicKey&quot;</span><span class="p">:</span> <span class="s2">&quot;publicKey&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;publicKey&quot;</span><span class="p">:</span> <span class="s2">&quot;BgIAAACkAABSU0ExAAgAAAEAAQDJQWPswlLrapkfkrrHE/GXPhvoJcmLbLXPs13mDC6PMI5zPm0p1FkQQMXuP3B7226OSac4j+WOqtQvTUy4poQwWn6ijUNuOmQE8AhjJGQeWbuN18jsUuu24T9S3xCcUUrGMPd5v8DIqAWZuXEZ5sjIXMhYI1hvTVmzKZNczXXw64kRvoc7/yDtC98uJfQxxWpIaa+oppPvtp8kYrdBTqwppDppJhocK+Jjs1l85Hkp7qdrNs+eZ33zMxUrlW/j8jvpOtcfIPLpqXD8FaClh7httfydwQqCeRZ2HBLVYIIZocOAuqKqGMvCpbdQAs/ypP5dH7zztwL4CunXJqMKeUy4&quot;</span><span class="p">,</span>
         <span class="s2">&quot;quarantineCode&quot;</span><span class="p">:</span> <span class="mi">105</span><span class="p">,</span>
         <span class="s2">&quot;quarantineDesc&quot;</span><span class="p">:</span> <span class="s2">&quot;Host Integrity check is disabled.</span><span class="se">\n</span><span class="s2"> Host Integrity policy has been disabled by the administrator.&quot;</span><span class="p">,</span>
         <span class="s2">&quot;quarantineStatus&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
-        <span class="s2">&quot;readableLastScanTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 04:45:42&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;readableLastUpdateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 11:03:25&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;readableLastVirusTime&quot;</span><span class="p">:</span> <span class="s2">&quot;1970-01-01 00:00:00&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;readableLastScanTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-21 03:38:00&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;readableLastUpdateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-21 08:39:55&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;readableLastVirusTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-13 11:00:16&quot;</span><span class="p">,</span>
         <span class="s2">&quot;rebootReason&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
         <span class="s2">&quot;rebootRequired&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;securityVirtualAppliance&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;serialNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;serialNumber1&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;serialNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;VMware-42 34 52 a5 74 32 c7 6d-a9 27 aa 84 04 d4 a1 29&quot;</span><span class="p">,</span>
         <span class="s2">&quot;snacLicenseId&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;subnetMasks&quot;</span><span class="p">:</span> <span class="p">[</span>
-          <span class="s2">&quot;000.000.000.0&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;64&quot;</span>
+          <span class="s2">&quot;255.255.255.0&quot;</span>
         <span class="p">],</span>
         <span class="s2">&quot;svaId&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;tamperOnOff&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
@@ -1642,27 +1612,27 @@ <h2>Function - SEP - Get Computers<a class="headerlink" href="#function-sep-get-
         <span class="s2">&quot;tdadGlobalDataProcessingDoneTime&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
         <span class="s2">&quot;tdadOnOff&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
         <span class="s2">&quot;tdadStatusId&quot;</span><span class="p">:</span> <span class="mi">127</span><span class="p">,</span>
-        <span class="s2">&quot;telemetryHwid&quot;</span><span class="p">:</span> <span class="s2">&quot;telemetryHwid&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;telemetryMid&quot;</span><span class="p">:</span> <span class="s2">&quot;telemetryMid&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;timeZone&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;timediffLastScanTime&quot;</span><span class="p">:</span> <span class="mf">22878.328934907913</span><span class="p">,</span>
-        <span class="s2">&quot;timediffLastUpdateTime&quot;</span><span class="p">:</span> <span class="mf">214.34893488883972</span><span class="p">,</span>
-        <span class="s2">&quot;timediffLastVirusTime&quot;</span><span class="p">:</span> <span class="mf">1673003220.328935</span><span class="p">,</span>
+        <span class="s2">&quot;telemetryHwid&quot;</span><span class="p">:</span> <span class="s2">&quot;8E76E0DA-CE2B-2237-925B-67F7E347B878&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;telemetryMid&quot;</span><span class="p">:</span> <span class="s2">&quot;B3EE6501-5E29-4F03-B9D8-64762C8EF84D&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;timeZone&quot;</span><span class="p">:</span> <span class="mi">480</span><span class="p">,</span>
+        <span class="s2">&quot;timediffLastScanTime&quot;</span><span class="p">:</span> <span class="mf">18156.769050836563</span><span class="p">,</span>
+        <span class="s2">&quot;timediffLastUpdateTime&quot;</span><span class="p">:</span> <span class="mf">40.96005082130432</span><span class="p">,</span>
+        <span class="s2">&quot;timediffLastVirusTime&quot;</span><span class="p">:</span> <span class="mf">682820.7690508366</span><span class="p">,</span>
         <span class="s2">&quot;tmpDevice&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;totalDiskSpace&quot;</span><span class="p">:</span> <span class="mi">51197</span><span class="p">,</span>
+        <span class="s2">&quot;totalDiskSpace&quot;</span><span class="p">:</span> <span class="mi">81567</span><span class="p">,</span>
         <span class="s2">&quot;tpmDevice&quot;</span><span class="p">:</span> <span class="s2">&quot;0&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;uniqueId&quot;</span><span class="p">:</span> <span class="s2">&quot;uniqueId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;uuid&quot;</span><span class="p">:</span> <span class="s2">&quot;uuid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;uniqueId&quot;</span><span class="p">:</span> <span class="s2">&quot;01ECF4E8092E5BB91E4D52E45C3ABE4D&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;uuid&quot;</span><span class="p">:</span> <span class="s2">&quot;A5523442-3274-6DC7-A927-AA8404D4A129&quot;</span><span class="p">,</span>
         <span class="s2">&quot;uwf&quot;</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span>
-        <span class="s2">&quot;virtualizationPlatform&quot;</span><span class="p">:</span> <span class="s2">&quot;Citrix&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;virtualizationPlatform&quot;</span><span class="p">:</span> <span class="s2">&quot;VMware&quot;</span><span class="p">,</span>
         <span class="s2">&quot;vsicStatus&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
         <span class="s2">&quot;winServers&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="s2">&quot;0.0.0.0&quot;</span><span class="p">,</span>
           <span class="s2">&quot;0.0.0.0&quot;</span>
         <span class="p">],</span>
-        <span class="s2">&quot;worstInfectionIdx&quot;</span><span class="p">:</span> <span class="s2">&quot;9999&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;worstInfectionIdx&quot;</span><span class="p">:</span> <span class="s2">&quot;0&quot;</span><span class="p">,</span>
         <span class="s2">&quot;writeFiltersStatus&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;wssStatus&quot;</span><span class="p">:</span> <span class="mi">3</span>
+        <span class="s2">&quot;wssStatus&quot;</span><span class="p">:</span> <span class="mi">0</span>
       <span class="p">}</span>
     <span class="p">],</span>
     <span class="s2">&quot;firstPage&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
@@ -1680,260 +1650,80 @@ <h2>Function - SEP - Get Computers<a class="headerlink" href="#function-sep-get-
     <span class="s2">&quot;totalElements&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
     <span class="s2">&quot;totalPages&quot;</span><span class="p">:</span> <span class="mi">1</span>
   <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_computername&quot;</span><span class="p">:</span> <span class="s2">&quot;WIN-N5KGH4CP3N3&quot;</span>
+  <span class="p">},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2156</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">992</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 11:07:00&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-21 08:40:36&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">content</span><span class="se">\&quot;</span><span class="s2">: [{</span><span class="se">\&quot;</span><span class="s2">group</span><span class="se">\&quot;</span><span class="s2">: {</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">My Company</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">fullPathName</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">domain</span><span class="se">\&quot;</span><span class="s2">: {</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Default</span><span class="se">\&quot;</span><span class="s2">}, </span><span class="se">\&quot;</span><span class="s2">externalReferenceId</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">source</span><span class="se">\&quot;</span><span class="s2">: null}, </span><span class="se">\&quot;</span><span class="s2">ipAddresses</span><span class="se">\&quot;</span><span class="s2">: [</span><span class="se">\&quot;</span><span class="s2">000.00.00.00</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">FFFF:0000:0000:0000:1111:AAAA:CCCC:EEEE</span><span class="se">\&quot;</span><span class="s2">], </span><span class="se">\&quot;</span><span class="s2">macAddresses</span><span class="se">\&quot;</span><span class="s2">: [</span><span class="se">\&quot;</span><span class="s2">02-00-00-00-00-80</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">02-00-00-00-00-80</span><span class="se">\&quot;</span><span class="s2">], </span><span class="se">\&quot;</span><span class="s2">gateways</span><span class="se">\&quot;</span><span class="s2">: [</span><span class="se">\&quot;</span><span class="s2">000.00.00.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">000.00.00.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">0.0.0.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">0.0.0.0</span><span class="se">\&quot;</span><span class="s2">], </span><span class="se">\&quot;</span><span class="s2">subnetMasks</span><span class="se">\&quot;</span><span class="s2">: [</span><span class="se">\&quot;</span><span class="s2">000.000.000.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">64</span><span class="se">\&quot;</span><span class="s2">], </span><span class="se">\&quot;</span><span class="s2">dnsServers</span><span class="se">\&quot;</span><span class="s2">: [</span><span class="se">\&quot;</span><span class="s2">0.0.0.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">0.0.0.0</span><span class="se">\&quot;</span><span class="s2">], </span><span class="se">\&quot;</span><span class="s2">winServers</span><span class="se">\&quot;</span><span class="s2">: [</span><span class="se">\&quot;</span><span class="s2">0.0.0.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">0.0.0.0</span><span class="se">\&quot;</span><span class="s2">], </span><span class="se">\&quot;</span><span class="s2">description</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">computerName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">computerName</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">logonUserName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Administrator</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">domainOrWorkgroup</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">WORKGROUP</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">computerDescription</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">processorType</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Intel64 Family 6 Model 79 Stepping 1</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">processorClock</span><span class="se">\&quot;</span><span class="s2">: 2300, </span><span class="se">\&quot;</span><span class="s2">physicalCpus</span><span class="se">\&quot;</span><span class="s2">: 2, </span><span class="se">\&quot;</span><span class="s2">logicalCpus</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">memory</span><span class="se">\&quot;</span><span class="s2">: 4294557696, </span><span class="se">\&quot;</span><span class="s2">biosVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Xen - 0 Revision: 1.221</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">osFunction</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Server</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">osFlavorNumber</span><span class="se">\&quot;</span><span class="s2">: 8, </span><span class="se">\&quot;</span><span class="s2">osName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Windows Server 2019</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">operatingSystem</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Windows Server 2019 Datacenter Edition</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">osVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">10.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">osMajor</span><span class="se">\&quot;</span><span class="s2">: 10, </span><span class="se">\&quot;</span><span class="s2">osMinor</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">osServicePack</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">17763</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">osBitness</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">x64</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">tmpDevice</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">uniqueId</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">uniqueId</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">hardwareKey</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">hardwareKey</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">uuid</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">uuid</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">osLanguage</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">en-US</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">totalDiskSpace</span><span class="se">\&quot;</span><span class="s2">: 51197, </span><span class="se">\&quot;</span><span class="s2">groupUpdateProvider</span><span class="se">\&quot;</span><span class="s2">: false, </span><span class="se">\&quot;</span><span class="s2">deploymentStatus</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">302456832</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">deploymentMessage</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">deploymentTargetVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">14.3.9205.6000</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">deploymentRunningVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">14.3.9205.6000</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">deploymentPreVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">lastDeploymentTime</span><span class="se">\&quot;</span><span class="s2">: 1670855163000, </span><span class="se">\&quot;</span><span class="s2">virtualizationPlatform</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Citrix</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">securityVirtualAppliance</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">serialNumber</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">serialNumber</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">installType</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">writeFiltersStatus</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">agentVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">14.3.9205.6000</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">atpDeviceId</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">encryptedDevicePassword</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">publicKey</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">publicKey</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">deleted</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">quarantineStatus</span><span class="se">\&quot;</span><span class="s2">: 3, </span><span class="se">\&quot;</span><span class="s2">quarantineCode</span><span class="se">\&quot;</span><span class="s2">: 105, </span><span class="se">\&quot;</span><span class="s2">quarantineDesc</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Host Integrity check is disabled.</span><span class="se">\\</span><span class="s2">n Host Integrity policy has been disabled by the administrator.</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">loginDomain</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">LocalComputer</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">agentId</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">agentId</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">agentType</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">105</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">profileVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">14.3.9205</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">profileSerialNo</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">DDDD-12/28/2022 14:30:24 853</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">profileChecksum</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">idsVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">idsSerialNo</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">idsChecksum</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">creationTime</span><span class="se">\&quot;</span><span class="s2">: 1670855079127, </span><span class="se">\&quot;</span><span class="s2">onlineStatus</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">lastUpdateTime</span><span class="se">\&quot;</span><span class="s2">: 1673003005980, </span><span class="se">\&quot;</span><span class="s2">lastServerId</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">lastServerId</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">lastServerName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">lastServerName</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">lastSiteId</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">lastSiteId</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">lastSiteName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">My Site</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">attributeExtension</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">fullName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">email</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">jobTitle</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">department</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">employeeNumber</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">employeeStatus</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">officePhone</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">mobilePhone</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">homePhone</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">agentTimeStamp</span><span class="se">\&quot;</span><span class="s2">: 1673003005980, </span><span class="se">\&quot;</span><span class="s2">agentUsn</span><span class="se">\&quot;</span><span class="s2">: 252331, </span><span class="se">\&quot;</span><span class="s2">patternIdx</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">patternIdx</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">apOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">infected</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">worstInfectionIdx</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">9999</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">lastScanTime</span><span class="se">\&quot;</span><span class="s2">: 1672980342000, </span><span class="se">\&quot;</span><span class="s2">lastVirusTime</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">contentUpdate</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">avEngineOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">avDefsetVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">230105023</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">avDefsetSequence</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">225331</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">avDefsetRevision</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">23</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">tamperOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">majorVersion</span><span class="se">\&quot;</span><span class="s2">: 14, </span><span class="se">\&quot;</span><span class="s2">minorVersion</span><span class="se">\&quot;</span><span class="s2">: 3, </span><span class="se">\&quot;</span><span class="s2">rebootRequired</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">rebootReason</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">licenseStatus</span><span class="se">\&quot;</span><span class="s2">: -1, </span><span class="se">\&quot;</span><span class="s2">licenseExpiry</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">timeZone</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">firewallOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">freeMem</span><span class="se">\&quot;</span><span class="s2">: 2616713216, </span><span class="se">\&quot;</span><span class="s2">freeDisk</span><span class="se">\&quot;</span><span class="s2">: 33266442240, </span><span class="se">\&quot;</span><span class="s2">lastDownloadTime</span><span class="se">\&quot;</span><span class="s2">: 1670855103022, </span><span class="se">\&quot;</span><span class="s2">currentClientId</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">currentClientId</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">licenseId</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">isGrace</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">snacLicenseId</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">ptpOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">lastHeuristicThreatTime</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">bashStatus</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">daOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">cidsDrvOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">cidsSilentMode</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">cidsDrvMulfCode</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">cidsBrowserIeOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">cidsBrowserFfOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">cidsEngineVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">00.0.00.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">cidsDefsetVersion</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">230105073</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">elamOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">osElamStatus</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">tdadOnOff</span><span class="se">\&quot;</span><span class="s2">: 3, </span><span class="se">\&quot;</span><span class="s2">tdadStatusId</span><span class="se">\&quot;</span><span class="s2">: 127, </span><span class="se">\&quot;</span><span class="s2">tdadGlobalDataDownloadTime</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">tdadGlobalDataProcessingDoneTime</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">vsicStatus</span><span class="se">\&quot;</span><span class="s2">: 3, </span><span class="se">\&quot;</span><span class="s2">isNpvdiClient</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">svaId</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">lastConnectedIpAddr</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">000.00.00.00</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">pepOnOff</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">edrStatus</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">atpServer</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">tpmDevice</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">dhcpServer</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">000.00.00.0</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">computerTimeStamp</span><span class="se">\&quot;</span><span class="s2">: 1673001224119, </span><span class="se">\&quot;</span><span class="s2">computerUsn</span><span class="se">\&quot;</span><span class="s2">: 252244, </span><span class="se">\&quot;</span><span class="s2">diskDrive</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">C:</span><span class="se">\\\\\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">hypervisorVendorId</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">3</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">kernel</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">bwf</span><span class="se">\&quot;</span><span class="s2">: 2, </span><span class="se">\&quot;</span><span class="s2">fbwf</span><span class="se">\&quot;</span><span class="s2">: 2, </span><span class="se">\&quot;</span><span class="s2">uwf</span><span class="se">\&quot;</span><span class="s2">: 2, </span><span class="se">\&quot;</span><span class="s2">telemetryMid</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">telemetryMid</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">telemetryHwid</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">telemetryHwid</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">wssStatus</span><span class="se">\&quot;</span><span class="s2">: 3, </span><span class="se">\&quot;</span><span class="s2">pskVersion</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">readableLastScanTime</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">2023-01-06 04:45:42</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">timediffLastScanTime</span><span class="se">\&quot;</span><span class="s2">: 22878.328934907913, </span><span class="se">\&quot;</span><span class="s2">readableLastUpdateTime</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">2023-01-06 11:03:25</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">timediffLastUpdateTime</span><span class="se">\&quot;</span><span class="s2">: 214.34893488883972, </span><span class="se">\&quot;</span><span class="s2">readableLastVirusTime</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">1970-01-01 00:00:00</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">timediffLastVirusTime</span><span class="se">\&quot;</span><span class="s2">: 1673003220.328935}], </span><span class="se">\&quot;</span><span class="s2">totalPages</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">firstPage</span><span class="se">\&quot;</span><span class="s2">: true, </span><span class="se">\&quot;</span><span class="s2">lastPage</span><span class="se">\&quot;</span><span class="s2">: true, </span><span class="se">\&quot;</span><span class="s2">totalElements</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">size</span><span class="se">\&quot;</span><span class="s2">: 20, </span><span class="se">\&quot;</span><span class="s2">number</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">sort</span><span class="se">\&quot;</span><span class="s2">: [{</span><span class="se">\&quot;</span><span class="s2">direction</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">ASC</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">property</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">COMPUTER_NAME</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">ascending</span><span class="se">\&quot;</span><span class="s2">: true}], </span><span class="se">\&quot;</span><span class="s2">numberOfElements</span><span class="se">\&quot;</span><span class="s2">: 1}&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
 <span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_computername</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">computer_name</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_status</span> <span class="o">=</span> <span class="kc">True</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_get_computers script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: {&#39;inputs&#39;: {u&#39;sep_computername&#39;: u&#39;WIN-4OA0GKJN830&#39;},</span>
-<span class="sd">         &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-23 18:40:17&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;,</span>
-<span class="sd">         &#39;host&#39;: &#39;myhost&#39;, &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1966},</span>
-<span class="sd">         &#39;success&#39;: True,</span>
-<span class="sd">         &#39;content&#39;: {u&#39;sort&#39;: [{u&#39;direction&#39;: u&#39;ASC&#39;, u&#39;property&#39;: u&#39;COMPUTER_NAME&#39;, u&#39;ascending&#39;: True}], u&#39;number&#39;: 0,</span>
-<span class="sd">                     u&#39;firstPage&#39;: True, u&#39;content&#39;: [{u&#39;profileVersion&#39;: u&#39;14.2.1031&#39;, u&#39;elamOnOff&#39;: 1,</span>
-<span class="sd">                     u&#39;avEngineOnOff&#39;: 1, u&#39;profileChecksum&#39;: None, u&#39;atpDeviceId&#39;: None,</span>
-<span class="sd">                     u&#39;processorType&#39;: u&#39;Intel64 Family 6 Model 15 Stepping 1&#39;, u&#39;oslanguage&#39;: u&#39;en-US&#39;,</span>
-<span class="sd">                     u&#39;licenseId&#39;: None, u&#39;licenseStatus&#39;: -1,</span>
-<span class="sd">                     u&#39;group&#39;: {u&#39;domain&#39;: {u&#39;id&#39;: u&#39;908090000946C25D330E919313D23887&#39;, u&#39;name&#39;: u&#39;Default&#39;}, u&#39;name&#39;: u&#39;My Company\\JP_TEST_GROUP_1&#39;, u&#39;fullPathName&#39;: None, u&#39;externalReferenceId&#39;: None, u&#39;source&#39;: None, u&#39;id&#39;: u&#39;8E20F39B0946C25D118925C2E28C2D59&#39;},</span>
-<span class="sd">                     u&#39;uuid&#39;: u&#39;EA650B42-D10A-7F9F-A1D2-0A58C4F4CEB1&#39;,</span>
-<span class="sd">                     u&#39;groupUpdateProvider&#39;: False,</span>
-<span class="sd">                     u&#39;edrStatus&#39;: 2, u&#39;freeDisk&#39;: 40542507008, u&#39;diskDrive&#39;: u&#39;C:\\&#39;, u&#39;osFunction&#39;: u&#39;Server&#39;, u&#39;processorClock&#39;: 2394,</span>
-<span class="sd">                     u&#39;mobilePhone&#39;: u&#39;&#39;, u&#39;jobTitle&#39;: u&#39;&#39;, u&#39;lastáHeuristicThreatTime&#39;: 0, u&#39;osname&#39;: u&#39;Windows Server 2012&#39;,</span>
-<span class="sd">                     u&#39;winServers&#39;: [u&#39;0.0.0.0&#39;, u&#39;0.0.0.0&#39;], u&#39;deploymentMessage&#39;: u&#39;&#39;, u&#39;idsSerialNo&#39;: u&#39;&#39;,</span>
-<span class="sd">                     u&#39;employeeNumber&#39;: u&#39;&#39;, u&#39;snacLicenseId&#39;: None, u&#39;lastSiteId&#39;: u&#39;EE75B0850946C25D5287B58B5173A37C&#39;,</span>
-<span class="sd">                     u&#39;uwf&#39;: 2, u&#39;currentClientId&#39;: u&#39;256B2B130946C25D40C83823AA2E5D4C&#39;, u&#39;osbitness&#39;: u&#39;x64&#39;,</span>
-<span class="sd">                     u&#39;lastScanTime&#39;: 1558613245000, u&#39;email&#39;: u&#39;&#39;, u&#39;securityVirtualAppliance&#39;: None,</span>
-<span class="sd">                     u&#39;worstInfectionIdx&#39;: u&#39;0&#39;, u&#39;encryptedDevicePassword&#39;: None, u&#39;lastServerId&#39;: u&#39;7D6AAA6F0946C25D170B3A2D442500B6&#39;,</span>
-<span class="sd">                     u&#39;kernel&#39;: None, u&#39;lastUpdateTime&#39;: 1558632769514, u&#39;ptpOnOff&#39;: 1, u&#39;majorVersion&#39;: 14,</span>
-<span class="sd">                     u&#39;lastConnectedIpAddr&#39;: u&#39;9.70.194.93&#39;, u&#39;agentVersion&#39;: u&#39;14.2.1031.0100&#39;, u&#39;deploymentRunningVersion&#39;: u&#39;14.2.1031.0100&#39;,</span>
-<span class="sd">                     u&#39;agentTimeStamp&#39;: 1558632769514, u&#39;osminor&#39;: 2, u&#39;osMajor&#39;: 6, u&#39;deploymentTargetVersion&#39;: u&#39;14.2.1031.0100&#39;,</span>
-<span class="sd">                     u&#39;osMinor&#39;: 2, u&#39;osFlavorNumber&#39;: 79, u&#39;logicalCpus&#39;: 0, u&#39;deploymentPreVersion&#39;: u&#39;&#39;, u&#39;hypervisorVendorId&#39;: u&#39;0&#39;,</span>
-<span class="sd">                     u&#39;fbwf&#39;: 2, u&#39;osversion&#39;: u&#39;6.2&#39;, u&#39;dnsServers&#39;: [u&#39;9.70.192.29&#39;, u&#39;FEC0:0000:0000:FFFF:0000:0000:0000:0001&#39;],</span>
-<span class="sd">                     u&#39;vsicStatus&#39;: 3, u&#39;deleted&#39;: 0, u&#39;deploymentStatus&#39;: u&#39;302456832&#39;, u&#39;computerTimeStamp&#39;: 1558622386922, u&#39;bwf&#39;: 2,</span>
-<span class="sd">                     u&#39;totalDiskSpace&#39;: 81567, u&#39;homePhone&#39;: u&#39;&#39;, u&#39;daOnOff&#39;: 1, u&#39;computerDescription&#39;: u&#39;&#39;, u&#39;pepOnOff&#39;: 1,</span>
-<span class="sd">                     &#39;timediffLastUpdateTime&#39;: 448.98237204551697, u&#39;bashStatus&#39;: 1, u&#39;agentUsn&#39;: 2545799, u&#39;osName&#39;: u&#39;Windows Server 2012&#39;,</span>
-<span class="sd">                     &#39;readableLastUpdateTime&#39;: &#39;2019-05-23 18:32:49&#39;, u&#39;patternIdx&#39;: u&#39;4A80266952462523E3E5AC3B816032AE&#39;,</span>
-<span class="sd">                     u&#39;employeeStatus&#39;: u&#39;&#39;, u&#39;tmpDevice&#39;: None, u&#39;rebootRequired&#39;: 0, u&#39;subnetMasks&#39;: [u&#39;255.255.255.0&#39;, u&#39;64&#39;],</span>
-<span class="sd">                     u&#39;minorVersion&#39;: 2, u&#39;osservicePack&#39;: u&#39;&#39;, &#39;timediffLastVirusTime&#39;: 5638590.9823720455, u&#39;lastSiteName&#39;: u&#39;My Site&#39;,</span>
-<span class="sd">                     u&#39;cidsEngineVersion&#39;: u&#39;0.0.0.0&#39;, u&#39;lastDeploymentTime&#39;: 1550585147000, u&#39;isGrace&#39;: 0, u&#39;computerUsn&#39;: 2544267,</span>
-<span class="sd">                     u&#39;agentId&#39;: u&#39;6E5AA5CB0946C25D40C83823BB5107E6&#39;, u&#39;cidsBrowserFfOnOff&#39;: 1, u&#39;domainOrWorkgroup&#39;: u&#39;WORKGROUP&#39;,</span>
-<span class="sd">                     u&#39;svaId&#39;: None, u&#39;loginDomain&#39;: u&#39;LocalComputer&#39;, u&#39;lastServerName&#39;: u&#39;WIN-4OA0GKJN830&#39;, u&#39;contentUpdate&#39;: 1,</span>
-<span class="sd">                     u&#39;writeFiltersStatus&#39;: None, u&#39;infected&#39;: 0, &#39;timediffLastScanTime&#39;: 19972.982372045517, u&#39;memory&#39;: 6441979904,</span>
-<span class="sd">                     u&#39;freeMem&#39;: 3117060096, u&#39;officePhone&#39;: u&#39;&#39;, u&#39;lastVirusTime&#39;: 1552994627000, u&#39;telemetryMid&#39;: u&#39;890E283B-41D3-4340-A397-66F6AFCAF33E&#39;,</span>
-<span class="sd">                     u&#39;idsVersion&#39;: u&#39;&#39;, u&#39;cidsBrowserIeOnOff&#39;: 1, u&#39;publicKey&#39;: u&#39;BgIAAACkAABSU0ExAAgAAAEAAQDfMtYpvbC2ZOrpGFbK76tuyp2MZ7/6EGsFrqAV3ZBMfvMllksVObpPYvDSc5vCjtzthb1301VADLAspayGytsdAj5z8+LLpOnJkHNg9tIunm1lLkBTitevI6G+nNjyKd7uPn3+bxjk1LL8g1exL2C2SMPEXubdUa1N5xwmhhPHp6PSIAjY74QUcNyplfvylMS9QRWoQ70mqNy9tLLef6+qCYWTqGa7QKXS0WUJs8sJMzWfCrpeMVAmU5/s3yEu+OI+9RKgOeSfy7wRzmAWHQTofjHkYGYqwXcwwLX7AbWjdcpYo0Kaecf8e5t2ZvWyR362EaNxn0HYSjpKraY1hLK1&#39;,</span>
-<span class="sd">                     u&#39;quarantineDesc&#39;: u&#39;Host Integrity check passed\n&#39;, u&#39;cidsDrvMulfCode&#39;: 0, u&#39;biosVersion&#39;: u&#39;INTEL  - 6040000 PhoenixBIOS 4.0 Release 6.0&#39;,</span>
-<span class="sd">                     u&#39;rebootReason&#39;: u&#39;&#39;, u&#39;telemetryHwid&#39;: u&#39;A942D8EB-32C3-E42F-FE83-723FDC431F32&#39;, &#39;readableLastVirusTime&#39;: &#39;2019-03-19 11:23:47&#39;,</span>
-<span class="sd">                     u&#39;cidsSilentMode&#39;: 0, u&#39;creationTime&#39;: 1550585043812, u&#39;macAddresses&#39;: [u&#39;00-50-56-8B-A6-C3&#39;, u&#39;00-50-56-8B-A6-C3&#39;],</span>
-<span class="sd">                     u&#39;idsChecksum&#39;: None, u&#39;operatingSystem&#39;: u&#39;Windows Server 2012 &#39;, u&#39;osmajor&#39;: 6, u&#39;virtualizationPlatform&#39;: u&#39;Unknown&#39;,</span>
-<span class="sd">                     u&#39;ipAddresses&#39;: [u&#39;9.70.194.93&#39;, u&#39;FE80:0000:0000:0000:FC67:074E:CD22:0188&#39;], u&#39;physicalCpus&#39;: 1, u&#39;osBitness&#39;: u&#39;x64&#39;,</span>
-<span class="sd">                     u&#39;cidsDefsetVersion&#39;: u&#39;190522063&#39;, u&#39;cidsDrvOnOff&#39;: 1, u&#39;computerName&#39;: u&#39;WIN-4OA0GKJN830&#39;, u&#39;logonUserName&#39;: u&#39;Administrator&#39;,</span>
-<span class="sd">                     u&#39;licenseExpiry&#39;: 0, u&#39;osLanguage&#39;: u&#39;en-US&#39;, u&#39;gateways&#39;: [u&#39;9.70.194.1&#39;, u&#39;9.70.194.1&#39;, u&#39;0.0.0.0&#39;, u&#39;0.0.0.0&#39;],</span>
-<span class="sd">                     u&#39;uniqueId&#39;: u&#39;D31AA16E0946C25D40C83823C500518B&#39;, u&#39;department&#39;: u&#39;&#39;, u&#39;isNpvdiClient&#39;: 0, u&#39;dhcpServer&#39;: u&#39;0.0.0.0&#39;,</span>
-<span class="sd">                     u&#39;readableLastScanTime&#39;: &#39;2019-05-23 13:07:25&#39;, u&#39;osfunction&#39;: u&#39;Server&#39;, u&#39;description&#39;: u&#39;&#39;, u&#39;osflavorNumber&#39;: 79,</span>
-<span class="sd">                     u&#39;tpmDevice&#39;: u&#39;0&#39;, u&#39;onlineStatus&#39;: 1, u&#39;lastDownloadTime&#39;: 1558356063096, u&#39;apOnOff&#39;: 1, u&#39;timeZone&#39;: 480, u&#39;fullName&#39;: u&#39;&#39;,</span>
-<span class="sd">                     u&#39;osVersion&#39;: u&#39;6.2&#39;, u&#39;attributeExtension&#39;: u&#39;&#39;, u&#39;atpServer&#39;: u&#39;https://9.70.194.99:443&#39;, u&#39;tamperOnOff&#39;: 1, u&#39;osServicePack&#39;: u&#39;&#39;,</span>
-<span class="sd">                     u&#39;agentType&#39;: u&#39;105&#39;, u&#39;serialNumber&#39;: u&#39;VMware-42 0b 65 ea 0a d1 9f 7f-a1 d2 0a 58 c4 f4 ce b1&#39;, u&#39;osElamStatus&#39;: 0, u&#39;installType&#39;: u&#39;0&#39;,</span>
-<span class="sd">                     u&#39;profileSerialNo&#39;: u&#39;8E20-05/08/2019 07:00:23 015&#39;, u&#39;hardwareKey&#39;: u&#39;1771D79454E53469DF4B290C06C104C9&#39;, u&#39;firewallOnOff&#39;: 1}],</span>
-<span class="sd">                     u&#39;lastPage&#39;: True, u&#39;totalPages&#39;: 1, u&#39;numberOfElements&#39;: 1, u&#39;totalElements&#39;: 1, u&#39;size&#39;: 20},</span>
-
-<span class="sd">         &#39;raw&#39;: &#39;&lt;content_as_string&gt;&#39;</span>
-<span class="sd">         &#39;reason&#39;: None,</span>
-<span class="sd">         &#39;version&#39;: &#39;1.0&#39;}</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
-<span class="c1"># List of fields in datatable fn_amp_get_computers script</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;query_execution_time&quot;</span><span class="p">,</span> <span class="s2">&quot;computerName&quot;</span><span class="p">,</span> <span class="s2">&quot;uniqueId&quot;</span><span class="p">,</span> <span class="s2">&quot;operatingSystem&quot;</span><span class="p">,</span> <span class="s2">&quot;ipAddresses&quot;</span><span class="p">,</span>
-                   <span class="s2">&quot;sep_description&quot;</span><span class="p">,</span> <span class="s2">&quot;domain_name&quot;</span><span class="p">,</span> <span class="s2">&quot;domain_id&quot;</span><span class="p">,</span> <span class="s2">&quot;hardwareKey&quot;</span><span class="p">,</span> <span class="s2">&quot;group_name&quot;</span><span class="p">,</span> <span class="s2">&quot;group_id&quot;</span><span class="p">,</span>
-                   <span class="s2">&quot;infected&quot;</span><span class="p">]</span>
-<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Get Endpoint Details&quot;</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_get_computers script ##</span>
+<span class="c1"># Globals</span>
+<span class="c1"># List of fields in datatable for &quot;Get Endpoints status&quot; playbook.</span>
+<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;query_execution_date&quot;</span><span class="p">,</span> <span class="s2">&quot;non_compliant&quot;</span><span class="p">,</span> <span class="s2">&quot;up_to_date&quot;</span><span class="p">,</span> <span class="s2">&quot;out_of_date&quot;</span><span class="p">,</span> <span class="s2">&quot;total&quot;</span><span class="p">,</span> <span class="s2">&quot;disabled&quot;</span><span class="p">,</span>
+                   <span class="s2">&quot;offline&quot;</span><span class="p">,</span><span class="s2">&quot;hi_failed&quot;</span><span class="p">,</span> <span class="p">]</span>
 <span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_get_computers&quot;</span>
-<span class="n">C_OUTER</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
-
+<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Get Endpoints status&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_computers_results</span>
+<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
 
 <span class="c1"># Processing</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="n">new_row</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;sep_endpoint_status_summary&quot;</span><span class="p">)</span>
 
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-    <span class="k">if</span> <span class="n">C_OUTER</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There were &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; results returned for computer name &quot;</span> \
-                    <span class="s2">&quot;&lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span> \
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;numberOfElements&quot;</span><span class="p">),</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_computername&quot;</span><span class="p">],</span>
-                    <span class="n">FN_NAME</span><span class="p">)</span>
-
-        <span class="n">eps</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">]</span>
-        <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">eps</span><span class="p">)):</span>
-            <span class="n">ep_osname</span> <span class="o">=</span> <span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;osname&quot;</span><span class="p">,</span> <span class="s2">&quot;&quot;</span><span class="p">)</span>
-            <span class="n">newrow</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;sep_endpoint_details&quot;</span><span class="p">)</span>
-            <span class="n">newrow</span><span class="o">.</span><span class="n">query_execution_date</span> <span class="o">=</span> <span class="n">QUERY_EXECUTION_DATE</span>
-            <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="n">DATA_TBL_FIELDS</span><span class="p">:</span>
-                <span class="n">f_base</span> <span class="o">=</span> <span class="n">f</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">&#39;_&#39;</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span>
-                <span class="k">if</span> <span class="n">f_base</span> <span class="o">==</span> <span class="s2">&quot;query_execution_time&quot;</span><span class="p">:</span>
-                    <span class="k">continue</span>
-                <span class="k">if</span> <span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">]</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-                    <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">],</span> <span class="nb">str</span><span class="p">)</span> <span class="ow">or</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">],</span> <span class="nb">int</span><span class="p">)</span> \
-                            <span class="ow">or</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">],</span> <span class="nb">int</span><span class="p">)</span> <span class="ow">or</span> <span class="nb">len</span><span class="p">(</span><span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">])</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span>
-                        <span class="k">if</span> <span class="n">f_base</span> <span class="o">==</span> <span class="s2">&quot;onlineStatus&quot;</span><span class="p">:</span>
-                            <span class="k">if</span> <span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">]:</span>
-                                <span class="n">newrow</span><span class="p">[</span><span class="n">f</span><span class="p">]</span> <span class="o">=</span> <span class="s2">&quot;Online&quot;</span>
-                            <span class="k">else</span><span class="p">:</span>
-                                <span class="n">newrow</span><span class="p">[</span><span class="n">f</span><span class="p">]</span> <span class="o">=</span> <span class="s2">&quot;Offline&quot;</span>
-                        <span class="k">elif</span> <span class="n">f_base</span> <span class="o">==</span> <span class="s2">&quot;infected&quot;</span><span class="p">:</span>
-                            <span class="k">if</span> <span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">]:</span>
-                                <span class="n">newrow</span><span class="p">[</span><span class="n">f</span><span class="p">]</span> <span class="o">=</span> <span class="s2">&quot;Yes&quot;</span>
-                            <span class="k">else</span><span class="p">:</span>
-                                <span class="n">newrow</span><span class="p">[</span><span class="n">f</span><span class="p">]</span> <span class="o">=</span> <span class="s2">&quot;No&quot;</span>
-                        <span class="k">else</span><span class="p">:</span>
-                            <span class="n">newrow</span><span class="p">[</span><span class="n">f</span><span class="p">]</span> <span class="o">=</span> <span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">]</span>
-                    <span class="k">else</span><span class="p">:</span>
-                        <span class="n">newrow</span><span class="p">[</span><span class="n">f</span><span class="p">]</span> <span class="o">=</span> <span class="s1">&#39;,&#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">])</span>
-
-            <span class="k">if</span> <span class="s2">&quot;windows&quot;</span> <span class="ow">in</span> <span class="n">ep_osname</span><span class="o">.</span><span class="n">lower</span><span class="p">():</span>
-                <span class="k">if</span> <span class="p">(</span><span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;quarantineDesc&quot;</span><span class="p">]</span><span class="o">.</span><span class="n">find</span><span class="p">(</span><span class="s2">&quot;Host Integrity check passed&quot;</span><span class="p">)</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">):</span>
-                    <span class="n">newrow</span><span class="o">.</span><span class="n">endpoint_quarantine_status</span> <span class="o">=</span> <span class="s2">&quot;Quarantined&quot;</span>
-                <span class="k">else</span><span class="p">:</span>
-                    <span class="n">newrow</span><span class="o">.</span><span class="n">endpoint_quarantine_status</span> <span class="o">=</span> <span class="s2">&quot;Un-Quarantined&quot;</span>
-            <span class="k">else</span><span class="p">:</span>
-                <span class="n">newrow</span><span class="o">.</span><span class="n">endpoint_quarantine_status</span> <span class="o">=</span> <span class="s2">&quot;&quot;</span>
-
-            <span class="n">group</span> <span class="o">=</span> <span class="n">eps</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">group</span>
-            <span class="k">if</span> <span class="n">group</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-                <span class="n">newrow</span><span class="o">.</span><span class="n">group_name</span> <span class="o">=</span> <span class="n">group</span><span class="p">[</span><span class="s2">&quot;name&quot;</span><span class="p">]</span>
-                <span class="n">newrow</span><span class="o">.</span><span class="n">group_id</span> <span class="o">=</span> <span class="n">group</span><span class="p">[</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
-                <span class="n">domain</span> <span class="o">=</span> <span class="n">group</span><span class="p">[</span><span class="s2">&quot;domain&quot;</span><span class="p">]</span>
-                <span class="k">if</span> <span class="n">domain</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-                    <span class="n">newrow</span><span class="o">.</span><span class="n">domain_name</span> <span class="o">=</span> <span class="n">domain</span><span class="p">[</span><span class="s2">&quot;name&quot;</span><span class="p">]</span>
-                    <span class="n">newrow</span><span class="o">.</span><span class="n">domain_id</span> <span class="o">=</span> <span class="n">domain</span><span class="p">[</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
-
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There were &lt;b&gt;no&lt;/b&gt; results returned for computer &quot;</span> \
-                     <span class="s2">&quot;name &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span> \
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_computername&quot;</span><span class="p">],</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
-
-
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
+<span class="k">if</span> <span class="n">CONTENT</span> <span class="ow">and</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;total&quot;</span><span class="p">):</span>
+  <span class="n">new_row</span><span class="o">.</span><span class="n">query_execution_date</span> <span class="o">=</span> <span class="n">QUERY_EXECUTION_DATE</span>
+  <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="n">DATA_TBL_FIELDS</span><span class="p">:</span>
+    <span class="k">if</span> <span class="n">f</span> <span class="o">==</span> <span class="s2">&quot;query_execution_date&quot;</span><span class="p">:</span>
+      <span class="k">continue</span>
+    <span class="n">new_row</span><span class="p">[</span><span class="n">f</span><span class="p">]</span> <span class="o">=</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
 
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_domain": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_domain</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-domains"><span class="xref myst">Function - SEP - Get Domains</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
-</section>
-<hr class="docutils" />
-<section id="function-sep-get-domains">
-<h2>Function - SEP - Get Domains<a class="headerlink" href="#function-sep-get-domains" title="Link to this heading">¶</a></h2>
-<p>Gets a list of all accessible domains</p>
-<details><summary>Inputs:</summary>
-<p>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head"><p>Name</p></th>
-<th class="head text-center"><p>Type</p></th>
-<th class="head text-center"><p>Required</p></th>
-<th class="head"><p>Example</p></th>
-<th class="head"><p>Tooltip</p></th>
-</tr>
-</thead>
-</table>
-</div>
-</p>
-</details>
-<details><summary>Outputs:</summary>
-<p>
-<blockquote>
-<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
-</div></blockquote>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
-    <span class="p">{</span>
-      <span class="s2">&quot;administratorCount&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-      <span class="s2">&quot;companyName&quot;</span><span class="p">:</span> <span class="s2">&quot;Tata Consultancy Services Ltd&quot;</span><span class="p">,</span>
-      <span class="s2">&quot;contactInfo&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-      <span class="s2">&quot;createdTime&quot;</span><span class="p">:</span> <span class="mi">1670774894004</span><span class="p">,</span>
-      <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-      <span class="s2">&quot;enable&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-      <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Default&quot;</span>
-    <span class="p">}</span>
-  <span class="p">],</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{},</span>
-  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2032</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 11:05:32&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;[{</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Default</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">description</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">createdTime</span><span class="se">\&quot;</span><span class="s2">: 1670774894004, </span><span class="se">\&quot;</span><span class="s2">enable</span><span class="se">\&quot;</span><span class="s2">: true, </span><span class="se">\&quot;</span><span class="s2">companyName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Tata Consultancy Services Ltd</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">contactInfo</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">administratorCount</span><span class="se">\&quot;</span><span class="s2">: 1}]&quot;</span><span class="p">,</span>
-  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Post-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">fn_name</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_get_domains&quot;</span>
-<span class="n">wf_name</span> <span class="o">=</span> <span class="s2">&quot;Example: SEP - Add Hash to Blacklist&quot;</span>
-<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">domainid</span> <span class="o">=</span> <span class="kc">None</span>
-<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">content</span><span class="p">)):</span>
-  <span class="k">if</span> <span class="n">content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;name&quot;</span><span class="p">]</span> <span class="o">==</span>  <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
-    <span class="n">domainid</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
-    <span class="k">break</span>
-<span class="k">if</span> <span class="n">domainid</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-    <span class="n">workflow</span><span class="o">.</span><span class="n">addProperty</span><span class="p">(</span><span class="s2">&quot;domid_exists&quot;</span><span class="p">,</span> <span class="p">{})</span>
+  <span class="k">if</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;non_compliant&quot;</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There were &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; non-compliant endpoints &quot;</span> \
+                <span class="s2">&quot;detected out of a total of &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;non_compliant&quot;</span><span class="p">),</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;total&quot;</span><span class="p">),</span> <span class="n">FN_NAME</span><span class="p">)</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There were &lt;b&gt;no&lt;/b&gt; non-compliant endpoints &quot;</span> \
+                 <span class="s2">&quot;detected out of a total of &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span> \
+        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;total&quot;</span><span class="p">),</span> <span class="n">FN_NAME</span><span class="p">)</span>
 <span class="k">else</span><span class="p">:</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: The domain name  &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; was not found &quot;</span> \
-                <span class="s2">&quot;for Resilient function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;.&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">,</span> <span class="n">fn_name</span><span class="p">)</span>
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There were &lt;b&gt;no&lt;/b&gt; results returned for SOAR &quot;</span> \
+              <span class="s2">&quot;function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
 </pre></div>
 </div>
 </p>
 </details>
 </section>
 <hr class="docutils" />
-<section id="function-sep-get-file-content-as-base64">
-<h2>Function - SEP - Get File Content as Base64<a class="headerlink" href="#function-sep-get-file-content-as-base64" title="Link to this heading">¶</a></h2>
-<p>Get contents of a file uploaded to SEPM server as a Base64 string for a given file ID.</p>
+<section id="function-sep-get-critical-events-info">
+<h2>Function - SEP - Get Critical Events Info<a class="headerlink" href="#function-sep-get-critical-events-info" title="Link to this heading">¶</a></h2>
+<p>Gets information related to critical events. ‘results_limit’ is not currently used for this function.</p>
+<p><img alt="screenshot: fn-sep---get-critical-events-info " src="fn_sep/doc/screenshots/fn-sep---get-critical-events-info.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -1947,11 +1737,11 @@ <h2>Function - SEP - Get File Content as Base64<a class="headerlink" href="#func
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_file_id</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_results_limit</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
 <td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The file ID from which to get detailed information.</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">5</span></code></p></td>
+<td><p>The maximum number of records to be returned. Page size must be between 1 and 10000</p></td>
 </tr>
 </tbody>
 </table>
@@ -1964,76 +1754,373 @@ <h2>Function - SEP - Get File Content as Base64<a class="headerlink" href="#func
 <div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
 </div></blockquote>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="s2">&quot;TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAA+yFqcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2luMzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEJAO3nqFYAAAAAAAAAAOAADgMLAQUAAAAhAABgAgAAAAAACCAAAAAQAAAAECEAAABAAAAQAAAAAgAABAAAAAAAAAAFAAAAAAAAAAAwJwAABgAAAAAAAAIAAAAAABAAACAAAAAAEAAAEAAAAAAAABAAAAAA4CMAsQEAAACQIwBWOwAAAPAjAACeAAAAAAAAAAAAAAAAAAAAAAAAAJAkAIidAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCMAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQIwDlBgAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAAAAAhAAAQAAAA+CAAAAYAAAAAAAAAAAAAAAAAACAAAGAuZGF0YQAAAABgAgAAECEAAMwAAAD+IAAAAAAAAAAAAAAAAABAAADALnRscwAAAAAAEAAAAHAjAAACAAAAyiEAAAAAAAAAAAAAAAAAQAAAwC5yZGF0YQAAABAAAACAIwAAAgAAAMwhAAAAAAAAAAAAAAAAAEAAAFAuaWRhdGEAAABAAAAAkCMAADwAAADOIQAAAAAAAAAAAAAAAABAAABALmRpZGF0YQAAEAAAANAjAAAIAAAACiIAAAAAAAAAAAAAAAAAQAAAwC5lZGF0YQAAABAAAADgIwAAAgAAABIiAAAAAAAAAAAAAAAAAEAAAEAucnNyYwAAAACgAAAA8CMAAJ4AAAAUIgAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAAoAIAAJAkAACeAgAAsiIAAAAAAAAAAAAAAAAAQAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByo8WAAAACw6GAAAAOE8GAAACCs8GAAAB6chEgAAB44KEAAAB6EokcAAB5o1EcAAB5I7UcAAB4kn0cAAB78pUcAAB4Q+kYAAB64jkcAAB7EskEAAB4ssEEAAB7IjkcAAB7w2kUAAB6EGUYAAB7AnEYAAB5I70YAAB489UYAAB5MaEQAAB5oUEUAAB5s2UUAAB6MK0QAAB6gtkEAAB5sxUEAAB588kEAAB5gu0IAAB4oxkMAAB4Y+EMAAB68DEQAAB6sIEUAAB445kEAAB4Qs0EAAB7gNkQAAB6MukEAAB4I0FAAAB5EwkEAAB6MokAAAB6EqUAAAB4cjEAAAB6YSEUAAB48rEEAAB58ukEAAB7UnUEAAB4EnkEAAB70nUEAAB4YskEAAB4oskEAAB5YskEAAB5UnkEAAB60nUEAAB5kykcAAB5kaEQAAB5400AAAB4MjEAAAB5U6UAAAB70n0QAAB74pEQAAB7sgUAAAB5Mi0AAAB7saEQAAB7YSkQAAB48Z0QAAB6AgUAAAB5AY1YAAB7M81AAAB6Ui0AAAB6wtkEAAB4gDVQAAB40+1sAAB4EVVEAAB48PlIAAB4MTlIAAB5EZ1IAAB7Yg1IAAB5snFIAAB5Uq1IAAB50tFIAAB4ovlIAAB743lIAAB5M5VIAAB5IT1MAAB5oT1MAAB6IT1MAAB6oT1MAAB7IT1MAAB7oT1MAAB4IUFMAAB4oUFMAAB6oUVMAAB4YFlkAAB6MH1kAAB6sH1kAAB40KVkAAB5cKVkAAB6snkEAAB4IM0UAAB70MUUAAB6IMkUAAB4ws0EAAB7QgEAAAB7ggEAAAB7wgEAAAB5grEEAAB4knkEAAB60skEAAB4csEEAAB7ovEEAAB6kskEAAB5wv2AAAB709VAAAB6E/FsAAB7knUEAAB6sblMAAB4wXFQAAB7kYlEAAB7w8F0AAB5AAV4AAB48BF4AAB7kFV4AAB78W14AAB6Ukl4AAB60kl4AAB4Qnl4AAB4MyV4AAB6s114AAB7M114AAB5g4l4AAB6A4l4AAB7s5l4AAB7IE18AAB7IZ18AAB7Qd18AAB6E1l8AAB5IAmAAAB4MDGAAAB4AGGAAAB7cJmAAAB78JmAAAB6MK2AAAB4UrmAAAB6A71kAAB7kskEAAB6grUAAAB7UZE0AAB74yE0AAB5M5U0AAB5cC04AAB4o8kEAAB5UM1QAAB68n1QAAB6gF1UAAB6oRlUAAB6IO1UAAB7QRlUAAB4w1EsAAB78E0wAAB6UVU4AAB4U2U8AAB4EMFEAAB5AukEAAB64FlcAAB50F1cAAB5ghVcAAB7IYlgAAB6chEgAAB44KEAAAB78pUcAAB6EokcAAB5o1EcAAB5I7UcAAB4kn0cAAB4Q+kYAAB7EskEAAB4ssEEAAB7IjkcAAB7w2kUAAB6EGUYAAB7AnEYAAB5I70YAAB489UYAAB64jkcAAB5oUEUAAB5s2UUAAB6MK0QAAB6gtkEAAB5sxUEAAB588kEAAB5gu0IAAB4oxkMAAB4Y+EMAAB68DEQAAB5EwkEAAB5MaEQAAB6MokAAAB6EqUAAAB4cjEAAAB6YSEUAAB48rEEAAB58ukEAAB6sIEUAAB445kEAAB4Qs0EAAB7gNkQAAB4I0FAAAB5kykcAAB5kaEQAAB5400AAAB4MjEAAAB5U6UAAAB70n0QAAB74pEQAAB7sgUAAAB5Mi0AAAB7saEQAAB7YSkQAAB48Z0QAAB6AgUAAAB5AY1YAAB4EMFEAAB5UnkEAAB60nUEAAB7M81AAAB6Ui0AAAB4gDVQAAB4EVVEAAB6wtkEAAB40...&quot;</span><span class="p">,</span>
-  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_file_id</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">file_id</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Post-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_get_file_content_as_base64 ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: {&#39;inputs&#39;: {u&#39;sep_file_id&#39;: u&#39;B9158547A9FE9DC52292A6098528F239&#39;},</span>
-<span class="sd">         &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-29 16:44:07&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;, &#39;host&#39;: &#39;myhost&#39;,</span>
-<span class="sd">                     &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1893},</span>
-<span class="sd">         &#39;success&#39;: True,</span>
-<span class="sd">         &#39;content&#39;: &#39;&lt;base64_string&gt;&#39;,</span>
-<span class="sd">         &#39;raw&#39;: &#39;&quot;&lt;base64_string&gt;&quot;&#39;,</span>
-<span class="sd">         &#39;reason&#39;: None,</span>
-<span class="sd">         &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd">}</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[]</span>
-<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_get_file_content_as_base64&quot;</span>
-<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Get  File Content as Base64 string&quot;</span>
-<span class="c1"># List of fields in datatable fn_amp_get_computers script</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[]</span>
-<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
-<span class="c1"># Processing</span>
-
-
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-    <span class="k">if</span> <span class="n">CONTENT</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: Returned Base64 string of size &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; returned &quot;</span> \
-                    <span class="s2">&quot;for Resilient function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">CONTENT</span><span class="p">),</span> <span class="n">FN_NAME</span><span class="p">)</span>
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There was &lt;b&gt;no&lt;/b&gt; result returned for &quot;</span> \
-                    <span class="s2">&quot;Resilient function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
-
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;criticalEventsInfoList&quot;</span><span class="p">:</span> <span class="p">[</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:02:38.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;C73763EF092E5BB9462D7353C645BC2C&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;To enhance security, Symantec recommends that you should require the users in this client group to use passwords in the following situations: opening, stopping, or uninstalling the client, or importing the Sylink file. You should assign a password to the following client groups.</span><span class="se">\u003c</span><span class="s2">br/</span><span class="se">\u003e\u003c</span><span class="s2">br/</span><span class="se">\u003e</span><span class="s2">Default: My Company</span><span class="se">\u003c</span><span class="s2">br/</span><span class="se">\u003e\u003c</span><span class="s2">br/</span><span class="se">\u003e\u003c</span><span class="s2">br/</span><span class="se">\u003e</span><span class="s2">For information on how to enable password protection on the client, see: </span><span class="se">\u003c</span><span class="s2">a href=</span><span class="se">\&quot;</span><span class="s2">https://techdocs.broadcom.com/bin/gethidpage.html?ux-context-string=sesm_computersnusers_policies_password_setting</span><span class="se">\u0026</span><span class="s2">appid=SEP</span><span class="se">\u0026</span><span class="s2">language=en</span><span class="se">\u0026</span><span class="s2">format=rendered</span><span class="se">\&quot;</span><span class="s2"> class=</span><span class="se">\&quot;</span><span class="s2">bluelink</span><span class="se">\&quot;</span><span class="s2"> target=</span><span class="se">\&quot;</span><span class="s2">_blank</span><span class="se">\&quot;</span><span class="s2"> rel=</span><span class="se">\&quot;</span><span class="s2">noopener</span><span class="se">\&quot;\u003e</span><span class="s2">Password-protecting the Symantec Endpoint Protection client</span><span class="se">\u003c</span><span class="s2">/a</span><span class="se">\u003e</span><span class="s2">&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Some Symantec Endpoint Protection groups have not been assigned a password.&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:02:50.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;388DC550092E5BB9462D7353CF5066D4&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 26, 2024 7:02:34 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:03:03.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;A091BB08092E5BB9462D735340E9132C&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jun 26, 2024 6:46:43 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Agent for Linux 14.3 RU8 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:03:03.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;8EC7022F092E5BB9462D73539D642D01&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jun 26, 2024 6:50:27 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Agent for Linux 14.3 RU5 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:03:03.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;CCF70323092E5BB9462D7353600B23F8&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jun 26, 2024 6:51:35 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU3 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:03:03.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;8F3BBDAE092E5BB9462D7353B2402856&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jun 26, 2024 6:52:23 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU6 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:03:03.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;B935736A092E5BB9462D73537BBD9220&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jun 26, 2024 6:54:04 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU5 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:03:03.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;2CAEEDB5092E5BB9462D7353ADD2908C&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jun 26, 2024 6:54:10 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Agent for Linux 14.3 RU4 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:03:03.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;D34404C5092E5BB9462D73534707F282&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jun 26, 2024 6:54:28 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU8 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:03:03.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;D130C96D092E5BB9462D73538F0E81DE&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jun 26, 2024 6:54:46 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Agent for Linux 14.3 RU6 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-26 14:29:46.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;00AEA0F3092E5BB9462D7353169FDC4E&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Number of clients changed: 1.  Changes could be that a client was added, renamed, or deleted, Unmanaged Detector status changed, client mode changed, or the hardware changed.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Informational: Symantec Endpoint Protection Computer List Changed&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-27 07:03:15.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;6443D9CA092E5BB936229E5074834588&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Your Symantec Endpoint Protection Trial license expires in 60 days. To continue to receive virus definitions and product updates, contact your </span><span class="se">\u0026</span><span class="s2">lt;a class=</span><span class="se">\u0026</span><span class="s2">quot;bluelink</span><span class="se">\u0026</span><span class="s2">quot; onclick=</span><span class="se">\u0026</span><span class="s2">quot;createWindowFromURL(</span><span class="se">\u0026</span><span class="s2">#039;../util/universal-redirect.php?WhereWeWant=https://ced.broadcom.com/sep/14/partnerlocator</span><span class="se">\u0026</span><span class="s2">#039;, </span><span class="se">\u0026</span><span class="s2">#039;_blank</span><span class="se">\u0026</span><span class="s2">#039;, </span><span class="se">\u0026</span><span class="s2">#039;scrollbars=yes,width=800, height=650, resizable=yes, screenX=100, screenY=100</span><span class="se">\u0026</span><span class="s2">#039;);</span><span class="se">\u0026</span><span class="s2">quot; href=</span><span class="se">\u0026</span><span class="s2">quot;#</span><span class="se">\u0026</span><span class="s2">quot; </span><span class="se">\u0026</span><span class="s2">gt;preferred reseller</span><span class="se">\u0026</span><span class="s2">lt;/a</span><span class="se">\u0026</span><span class="s2">gt;.</span><span class="se">\u0026</span><span class="s2">lt;br</span><span class="se">\u0026</span><span class="s2">gt;&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Information: Symantec Trial license Expires In 60 Days&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-28 12:29:23.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;5ED2B2DE092E5BB936229E5022E27035&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 28, 2024 5:29:04 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-28 22:29:23.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;D23F6954092E5BB936229E50AA2CB93F&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 28, 2024 3:29:06 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-29 08:30:38.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;10E1F0A9092E5BB97E3F195BF1A05A94&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 29, 2024 1:30:17 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-08 17:58:05.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;EC7CF59F092E5BB954B29F87D815C7AC&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Jul 8, 2024 10:54:58 AM PDT</span><span class="se">\t</span><span class="s2">Server: c95648v1</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the null package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-28 02:28:23.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;1C4CB36B092E5BB936229E50775A9E56&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 27, 2024 7:28:02 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-29 18:30:40.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;C07CE910092E5BB97E3F195B25EC92BF&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 29, 2024 11:30:18 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-30 04:30:45.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;6E7A6527092E5BB97E3F195B1BCE841D&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 29, 2024 9:30:30 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-06-30 14:30:49.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;43E80046092E5BB97E3F195BC2F4AD74&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 30, 2024 7:30:32 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-01 00:30:54.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;1C8161DE092E5BB97E3F195BAFB5DBB1&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jun 30, 2024 5:30:36 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-01 10:31:04.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;573028FB092E5BB97E3F195B639B9F4D&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 1, 2024 3:30:50 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-01 20:31:09.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;A4D7D5C9092E5BB97E3F195BAEEF6330&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 1, 2024 1:30:55 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-03 22:31:36.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;0C680D8A092E5BB97E3F195B276EBAE8&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 3, 2024 3:31:18 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-04 18:31:45.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;9C5ED05E092E5BB97E3F195B9B610D17&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 4, 2024 11:31:30 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-06 10:32:12.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;62646CAA092E5BB97E3F195BA0C158E8&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 6, 2024 3:31:51 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-07 06:32:24.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;A51FCF09092E5BB97E3F195B11557294&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 6, 2024 11:32:02 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-08 13:18:11.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;58E62790092E5BB954B29F87B6A521C4&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 8, 2024 6:17:51 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-08 23:18:04.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;3A23B513092E5BB954B29F8789D7CF43&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 8, 2024 4:17:42 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-02 06:31:13.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;6F4FCE57092E5BB97E3F195B0E91B958&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 1, 2024 11:30:59 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-02 16:31:18.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;816E4D4F092E5BB97E3F195B3A42774E&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 2, 2024 9:31:00 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-03 02:31:28.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;520DD58E092E5BB97E3F195B7C029BFE&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 2, 2024 7:31:10 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-04 08:31:40.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;CDFCA802092E5BB97E3F195B7F1A8637&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 4, 2024 1:31:18 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-05 04:31:52.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;E9FEB9C7092E5BB97E3F195BF7613F08&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 4, 2024 9:31:32 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-05 14:32:02.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;AC5F04BE092E5BB97E3F195B3897DEFB&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 5, 2024 7:31:44 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-06 00:32:07.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;DB847B29092E5BB97E3F195B18644C0E&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 5, 2024 5:31:44 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-07 16:32:33.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;8DA48D11092E5BB97E3F195BD8691A78&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 7, 2024 9:32:14 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-08 02:32:38.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;76530F37092E5BB97E3F195B364CA62E&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 7, 2024 7:32:16 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-08 13:21:05.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;3F45D825092E5BB954B29F875AE1D576&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Number of system events detected: 1 </span><span class="se">\r\n</span><span class="s2">System events included: Server and Errors.</span><span class="se">\r\n\r\n</span><span class="s2">&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;System Event Notification&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-09 19:19:05.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;8C428752092E5BB954B29F87BC51C1D2&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 9, 2024 12:18:46 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-03 12:31:32.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;48C3782D092E5BB97E3F195BD2035D87&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 3, 2024 5:31:08 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-06 20:32:17.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;06269CC1092E5BB97E3F195BB9232A9B&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 6, 2024 1:32:01 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-09 09:19:05.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;7A42801F092E5BB954B29F87CA0AE4E7&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 9, 2024 2:18:44 AM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-10 05:19:14.0&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;C6C9F775092E5BB954B29F871CA45A10&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server c95648v1 health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jul 9, 2024 10:18:56 PM.&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
+      <span class="p">}</span>
+    <span class="p">],</span>
+    <span class="s2">&quot;lastUpdated&quot;</span><span class="p">:</span> <span class="mi">1720622406545</span><span class="p">,</span>
+    <span class="s2">&quot;totalUnacknowledgedMessages&quot;</span><span class="p">:</span> <span class="mi">44</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1078</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-10 10:40:06&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_file_id": </summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_file_id</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-command-status"><span class="xref myst">Function - SEP - Get Command Status</span></a> function’s output while checking status of the returned command id after performing a file upload using the function <a class="reference internal" href="#function---sep---upload-file-to-sepm"><span class="xref myst">Function - SEP - Upload File to SEPM</span></a>. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">binaryFileId</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;binaryFileId</span></code>.</p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kc">None</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">time</span> <span class="kn">import</span> <span class="n">time</span>
+
+<span class="n">now</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">time</span><span class="p">()</span><span class="o">*</span><span class="mi">1000</span><span class="p">)</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_critical_events_info_results</span>
+
+<span class="k">if</span> <span class="ow">not</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Symantec SEP - Get Critical Events failed: </span><span class="si">{</span><span class="n">results</span><span class="o">.</span><span class="n">reason</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;criticalEventsInfoList&quot;</span><span class="p">,</span> <span class="p">[]):</span>
+    <span class="n">row</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;sep_critical_events&quot;</span><span class="p">)</span>
+    <span class="n">row</span><span class="p">[</span><span class="s1">&#39;date_added&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">now</span>
+    <span class="n">row</span><span class="p">[</span><span class="s1">&#39;event_id&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">event</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;eventId&#39;</span><span class="p">)</span>
+    <span class="n">row</span><span class="p">[</span><span class="s1">&#39;event_date&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">event</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;eventDateTime&#39;</span><span class="p">)</span>
+    <span class="n">row</span><span class="p">[</span><span class="s1">&#39;subject&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">event</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;subject&#39;</span><span class="p">)</span>
+    <span class="n">row</span><span class="p">[</span><span class="s1">&#39;message&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">event</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;message&#39;</span><span class="p">)</span>
+    <span class="n">row</span><span class="p">[</span><span class="s1">&#39;acknowledged&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="nb">bool</span><span class="p">(</span><span class="n">event</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;acknowledged&#39;</span><span class="p">))</span>
+</pre></div>
+</div>
 </p>
 </details>
 </section>
 <hr class="docutils" />
-<section id="function-sep-get-fingerprint-list">
-<h2>Function - SEP - Get Fingerprint List<a class="headerlink" href="#function-sep-get-fingerprint-list" title="Link to this heading">¶</a></h2>
-<p>Get the fingerprint list information for a specified name or id.</p>
+<section id="function-sep-get-domains">
+<h2>Function - SEP - Get Domains<a class="headerlink" href="#function-sep-get-domains" title="Link to this heading">¶</a></h2>
+<p>Gets a list of all accessible domains.</p>
+<p><img alt="screenshot: fn-sep---get-domains " src="fn_sep/doc/screenshots/fn-sep---get-domains.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -2046,26 +2133,6 @@ <h2>Function - SEP - Get Fingerprint List<a class="headerlink" href="#function-s
 <th class="head"><p>Tooltip</p></th>
 </tr>
 </thead>
-<tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_domainid</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SEPM domain id.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_id</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Id of SEP fingerprint list</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_name</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Name of a SEP fingerprint list.</p></td>
-</tr>
-</tbody>
 </table>
 </div>
 </p>
@@ -2076,31 +2143,28 @@ <h2>Function - SEP - Get Fingerprint List<a class="headerlink" href="#function-s
 <div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
 </div></blockquote>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;data&quot;</span><span class="p">:</span> <span class="p">[</span>
-      <span class="s2">&quot;data&quot;</span>
-    <span class="p">],</span>
-    <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;This is test of adding files in blacklist.&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;groupIds&quot;</span><span class="p">:</span> <span class="p">[],</span>
-    <span class="s2">&quot;hashType&quot;</span><span class="p">:</span> <span class="s2">&quot;MD5&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test Blacklist 13 of testing purpose&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;source&quot;</span><span class="p">:</span> <span class="s2">&quot;WEBSERVICE&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_domainid&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test blacklist updated&quot;</span>
-  <span class="p">},</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
+    <span class="p">{</span>
+      <span class="s2">&quot;administratorCount&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+      <span class="s2">&quot;companyName&quot;</span><span class="p">:</span> <span class="s2">&quot;IBM&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;contactInfo&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;createdTime&quot;</span><span class="p">:</span> <span class="mi">1719408628134</span><span class="p">,</span>
+      <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;enable&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Default&quot;</span>
+    <span class="p">}</span>
+  <span class="p">],</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2092</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">4283</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 06:41:50&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-15 08:30:19&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Test Blacklist 13 of testing purpose</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">hashType</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">MD5</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">source</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">WEBSERVICE</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">description</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">This is test of adding files in blacklist.</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">data</span><span class="se">\&quot;</span><span class="s2">: [</span><span class="se">\&quot;</span><span class="s2">data</span><span class="se">\&quot;</span><span class="s2">], </span><span class="se">\&quot;</span><span class="s2">groupIds</span><span class="se">\&quot;</span><span class="s2">: []}&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;[{</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">6E70F043092E5BB93F74FD57C083F99E</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Default</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">description</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">createdTime</span><span class="se">\&quot;</span><span class="s2">: 1719408628134, </span><span class="se">\&quot;</span><span class="s2">enable</span><span class="se">\&quot;</span><span class="s2">: true, </span><span class="se">\&quot;</span><span class="s2">companyName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">IBM</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">contactInfo</span><span class="se">\&quot;</span><span class="s2">: null, </span><span class="se">\&quot;</span><span class="s2">administratorCount</span><span class="se">\&quot;</span><span class="s2">: 1}]&quot;</span><span class="p">,</span>
   <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
   <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
@@ -2109,97 +2173,40 @@ <h2>Function - SEP - Get Fingerprint List<a class="headerlink" href="#function-s
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">domain_content_results</span> <span class="o">=</span>  <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get_domains_results</span>
-<span class="n">domain_content</span> <span class="o">=</span> <span class="n">domain_content_results</span><span class="o">.</span><span class="n">content</span>
-
-<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">domain_content</span><span class="p">)):</span>
-  <span class="k">if</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;name&quot;</span><span class="p">]</span> <span class="o">==</span>  <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_domainid</span> <span class="o">=</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
-    <span class="k">break</span>
-
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span> <span class="o">=</span> <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span>
-
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kc">None</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_get_fingerprint_list script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result:{&#39;inputs&#39;: {u&#39;sep_fingerprintlist_name&#39;: u&#39;Blacklist_2&#39;, u&#39;sep_domainid&#39;: u&#39;908090000946C25D330E919313D23887&#39;},</span>
-<span class="sd">        &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-28 16:23:05&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;,</span>
-<span class="sd">                    &#39;host&#39;: &#39;myhost&#39;, &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1153},</span>
-<span class="sd">        &#39;success&#39;: True,</span>
-<span class="sd">        &#39;content&#39;: {u&#39;description&#39;: u&#39;Hash of type Malware MD5 Hash&#39;, u&#39;hashType&#39;: u&#39;MD5&#39;, u&#39;source&#39;: u&#39;WEBSERVICE&#39;,</span>
-<span class="sd">                    u&#39;groupIds&#39;: [u&#39;7E4BB119A9FE9DC526EDABFB1EE261B8&#39;], u&#39;data&#39;: [u&#39;482F9B6E0CC4C1DBBD772AAAF088CB3A&#39;],</span>
-<span class="sd">                    u&#39;id&#39;: u&#39;E60B061FDD844EBF9778D4BD2AC3942A&#39;, u&#39;name&#39;: u&#39;Blacklist_2&#39;},</span>
-<span class="sd">        &#39;raw&#39;: &#39;{&quot;description&quot;: &quot;Hash of type Malware MD5 Hash&quot;, &quot;hashType&quot;: &quot;MD5&quot;, &quot;source&quot;: &quot;WEBSERVICE&quot;, &#39;</span>
-<span class="sd">               &#39;&quot;groupIds&quot;: [&quot;7E4BB119A9FE9DC526EDABFB1EE261B8&quot;], &quot;data&quot;: [&quot;482F9B6E0CC4C1DBBD772AAAF088CB3A&quot;], &#39;</span>
-<span class="sd">               &#39;&quot;id&quot;: &quot;E60B061FDD844EBF9778D4BD2AC3942A&quot;, &quot;name&quot;: &quot;Blacklist_2&quot;}&#39;,</span>
-<span class="sd">        &#39;reason&#39;: None,</span>
-<span class="sd">        &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd"> }</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
-<span class="c1"># List of fields in datatable fn_sep_get_fingerprint_list script</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;domain_name&quot;</span><span class="p">,</span> <span class="s2">&quot;list_name&quot;</span><span class="p">,</span> <span class="s2">&quot;list_id&quot;</span><span class="p">,</span> <span class="s2">&quot;list_description&quot;</span><span class="p">,</span> <span class="s2">&quot;hash_values&quot;</span><span class="p">,</span> <span class="s2">&quot;hash_type&quot;</span><span class="p">,</span> <span class="s2">&quot;group_ids&quot;</span><span class="p">]</span>
-<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Add Hash to Fingerprint List&quot;</span>
-<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
-
-<span class="c1"># Processing</span>
-
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">fpl_exists</span> <span class="o">=</span> <span class="n">hash_in_list</span> <span class="o">=</span> <span class="kc">False</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-    <span class="k">if</span> <span class="n">CONTENT</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="k">if</span> <span class="s2">&quot;errorCode&quot;</span> <span class="ow">in</span> <span class="n">CONTENT</span> <span class="ow">and</span> <span class="nb">int</span><span class="p">(</span><span class="n">CONTENT</span><span class="p">[</span><span class="s2">&quot;errorCode&quot;</span><span class="p">])</span> <span class="o">==</span> <span class="mi">410</span><span class="p">:</span>
-            <span class="c1"># The finger print list doesn&#39;t already exist.</span>
-            <span class="k">pass</span>
-        <span class="k">elif</span> <span class="s2">&quot;data&quot;</span> <span class="ow">in</span> <span class="n">CONTENT</span><span class="p">:</span>
-            <span class="c1"># The finger print list exists set flag for gateway.</span>
-            <span class="n">fpl_exists</span> <span class="o">=</span> <span class="kc">True</span>
-            <span class="n">workflow</span><span class="o">.</span><span class="n">addProperty</span><span class="p">(</span><span class="s2">&quot;fpl_exists&quot;</span><span class="p">,</span> <span class="p">{})</span>
-        <span class="k">if</span> <span class="s2">&quot;data&quot;</span> <span class="ow">in</span> <span class="n">CONTENT</span> <span class="ow">and</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span> <span class="ow">in</span> <span class="p">[</span><span class="n">d</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span> <span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">CONTENT</span><span class="p">[</span><span class="s2">&quot;data&quot;</span><span class="p">]]:</span>
-            <span class="c1"># Finger print list exists and hash in list set flag for hash in list.</span>
-            <span class="n">hash_in_list</span> <span class="o">=</span> <span class="kc">True</span>
-            <span class="n">workflow</span><span class="o">.</span><span class="n">addProperty</span><span class="p">(</span><span class="s2">&quot;hash_in_list&quot;</span><span class="p">,</span> <span class="p">{})</span>
-
-    <span class="k">if</span> <span class="n">fpl_exists</span> <span class="ow">and</span> <span class="n">hash_in_list</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: The hash &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; has already been added to &quot;</span> \
-                    <span class="s2">&quot;fingerprint list &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for domain id &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;.&quot;</span>\
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">],</span>
-                    <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_domainid&quot;</span><span class="p">])</span>
-        <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
-
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">fn_name</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_get_domains&quot;</span>
+<span class="n">wf_name</span> <span class="o">=</span> <span class="s2">&quot;Example: SEP - Get Groups information&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_domains_results</span>
+<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">[])</span>
+<span class="n">domainid</span> <span class="o">=</span> <span class="kc">None</span>
+<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">content</span><span class="p">)):</span>
+  <span class="k">if</span> <span class="n">content</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;name&quot;</span><span class="p">)</span> <span class="o">==</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
+    <span class="n">domainid</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
+    <span class="k">break</span>
+<span class="k">if</span> <span class="n">domainid</span><span class="p">:</span>
+  <span class="n">playbook</span><span class="o">.</span><span class="n">addProperty</span><span class="p">(</span><span class="s2">&quot;domid_exists&quot;</span><span class="p">,</span> <span class="p">{</span><span class="s2">&quot;exists&quot;</span><span class="p">:</span> <span class="kc">True</span><span class="p">})</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">The domain name &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; was not found &quot;</span> \
+              <span class="s2">&quot;for SOAR function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;.&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="nb">str</span><span class="p">(</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">),</span> <span class="n">fn_name</span><span class="p">)</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_domainid": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_domainid</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-domains"><span class="xref myst">Function - SEP - Get Domains</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_fingerprintlist_id": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_id</span></code> field can be refered from <a class="reference internal" href="#function---sep---add-fingerprint-list"><span class="xref myst">Function - SEP - Add Fingerprint List</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
 </section>
 <hr class="docutils" />
-<section id="function-sep-get-groups">
-<h2>Function - SEP - Get Groups<a class="headerlink" href="#function-sep-get-groups" title="Link to this heading">¶</a></h2>
-<p>Get properties of all groups in a domain.</p>
+<section id="function-sep-get-exceptions-policy">
+<h2>Function - SEP - Get Exceptions Policy<a class="headerlink" href="#function-sep-get-exceptions-policy" title="Link to this heading">¶</a></h2>
+<p>Get the exceptions policy for specified policy id.</p>
+<p><img alt="screenshot: fn-sep---get-exceptions-policy " src="fn_sep/doc/screenshots/fn-sep---get-exceptions-policy.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -2213,47 +2220,11 @@ <h2>Function - SEP - Get Groups<a class="headerlink" href="#function-sep-get-gro
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_domain</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SEPM domain.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fullpathname</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The full path name of the group.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_mode</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The presentation mode for the results, as a list (default) or as a tree.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_order</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Specifies whether the results are in ascending order (ASC) or descending order (DESC).</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_pageindex</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The index page that is used for the returned results. The default page index is 1.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_pagesize</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The number of results to include on each page. The default is 20.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sort</span></code></p></td>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_exceptions_id</span></code></p></td>
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
+<td class="text-center"><p>Yes</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The column by which the results are sorted. Possible values are COMPUTER_NAME (Default value), COMPUTER_ID, COMPUTER_DOMAIN_NAME, or DOMAIN_ID.</p></td>
+<td><p>The ID of the exceptions policy to get</p></td>
 </tr>
 </tbody>
 </table>
@@ -2267,237 +2238,98 @@ <h2>Function - SEP - Get Groups<a class="headerlink" href="#function-sep-get-gro
 </div></blockquote>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
   <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="mi">1670774894035</span><span class="p">,</span>
-        <span class="s2">&quot;createdBy&quot;</span><span class="p">:</span> <span class="s2">&quot;createdBy                                                                                                &quot;</span><span class="p">,</span>
-        <span class="s2">&quot;customIpsNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domain&quot;</span><span class="p">:</span> <span class="p">{</span>
-          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;name&quot;</span>
-        <span class="p">},</span>
-        <span class="s2">&quot;fullPathName&quot;</span><span class="p">:</span> <span class="s2">&quot;My Company&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastModified&quot;</span><span class="p">:</span> <span class="mi">1670774894035</span><span class="p">,</span>
-        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;My Company&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;numberOfPhysicalComputers&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;numberOfRegisteredUsers&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
-        <span class="s2">&quot;policyDate&quot;</span><span class="p">:</span> <span class="mi">1672237824853</span><span class="p">,</span>
-        <span class="s2">&quot;policyInheritanceEnabled&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-        <span class="s2">&quot;policySerialNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;E3DD-12/28/2022 14:30:24 853&quot;</span>
+    <span class="s2">&quot;configuration&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;applications_to_monitor&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;net.exe&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;rulestate&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span>
+          <span class="p">}</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;blacklistrules&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;certificates&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;directories&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;dns_and_host_applications&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;dns_and_host_blacklistrules&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;extension_list&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;files&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;knownrisks&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;linux&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;directories&quot;</span><span class="p">:</span> <span class="p">[],</span>
+        <span class="s2">&quot;extension_list&quot;</span><span class="p">:</span> <span class="n">null</span>
       <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="mi">1670774894035</span><span class="p">,</span>
-        <span class="s2">&quot;createdBy&quot;</span><span class="p">:</span> <span class="s2">&quot;createdBy                                                                                                &quot;</span><span class="p">,</span>
-        <span class="s2">&quot;customIpsNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domain&quot;</span><span class="p">:</span> <span class="p">{</span>
-          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Default&quot;</span>
-        <span class="p">},</span>
-        <span class="s2">&quot;fullPathName&quot;</span><span class="p">:</span> <span class="s2">&quot;My Company</span><span class="se">\\</span><span class="s2">Default Group&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastModified&quot;</span><span class="p">:</span> <span class="mi">1670774894035</span><span class="p">,</span>
-        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Default Group&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;numberOfPhysicalComputers&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;numberOfRegisteredUsers&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;policyDate&quot;</span><span class="p">:</span> <span class="mi">1672237824853</span><span class="p">,</span>
-        <span class="s2">&quot;policyInheritanceEnabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;policySerialNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;459F-12/28/2022 14:30:24 853&quot;</span>
+      <span class="s2">&quot;mac&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;files&quot;</span><span class="p">:</span> <span class="p">[]</span>
       <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="mi">1670853895754</span><span class="p">,</span>
-        <span class="s2">&quot;createdBy&quot;</span><span class="p">:</span> <span class="s2">&quot;createdBy                                                                                                &quot;</span><span class="p">,</span>
-        <span class="s2">&quot;customIpsNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domain&quot;</span><span class="p">:</span> <span class="p">{</span>
-          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Default&quot;</span>
-        <span class="p">},</span>
-        <span class="s2">&quot;fullPathName&quot;</span><span class="p">:</span> <span class="s2">&quot;My Company</span><span class="se">\\</span><span class="s2">Test&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastModified&quot;</span><span class="p">:</span> <span class="mi">1670853895754</span><span class="p">,</span>
-        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;numberOfPhysicalComputers&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;numberOfRegisteredUsers&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;policyDate&quot;</span><span class="p">:</span> <span class="mi">1672237824853</span><span class="p">,</span>
-        <span class="s2">&quot;policyInheritanceEnabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;policySerialNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;01C5-12/28/2022 14:30:24 853&quot;</span>
-      <span class="p">}</span>
-    <span class="p">],</span>
-    <span class="s2">&quot;firstPage&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-    <span class="s2">&quot;lastPage&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-    <span class="s2">&quot;number&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-    <span class="s2">&quot;numberOfElements&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
-    <span class="s2">&quot;size&quot;</span><span class="p">:</span> <span class="mi">25</span><span class="p">,</span>
-    <span class="s2">&quot;sort&quot;</span><span class="p">:</span> <span class="p">[</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;ascending&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;direction&quot;</span><span class="p">:</span> <span class="s2">&quot;ASC&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;property&quot;</span><span class="p">:</span> <span class="s2">&quot;NAME&quot;</span>
-      <span class="p">}</span>
-    <span class="p">],</span>
-    <span class="s2">&quot;totalElements&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
-    <span class="s2">&quot;totalPages&quot;</span><span class="p">:</span> <span class="mi">1</span>
+      <span class="s2">&quot;non_pe_rules&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;tamper_files&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;webdomains&quot;</span><span class="p">:</span> <span class="p">[]</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+    <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1720451135816</span><span class="p">,</span>
+    <span class="s2">&quot;lockedoptions&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;application&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+      <span class="s2">&quot;certificate&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+      <span class="s2">&quot;dnshostfile&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+      <span class="s2">&quot;domain&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+      <span class="s2">&quot;extension&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+      <span class="s2">&quot;file&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+      <span class="s2">&quot;knownrisk&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+      <span class="s2">&quot;securityrisk&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+      <span class="s2">&quot;sonar&quot;</span><span class="p">:</span> <span class="n">true</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Exceptions policy&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[]</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_exceptions_id&quot;</span><span class="p">:</span> <span class="s2">&quot;523B0176092E5BB97F83814D1657F3A4&quot;</span>
   <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2148</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1294</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 10:17:14&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-10 10:45:19&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">content</span><span class="se">\&quot;</span><span class="s2">: [{</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">My Company</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">description</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">fullPathName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">My Company</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">numberOfPhysicalComputers</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">numberOfRegisteredUsers</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">createdBy</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">createdBy                                                                                                </span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">created</span><span class="se">\&quot;</span><span class="s2">: 1670774894035, </span><span class="se">\&quot;</span><span class="s2">lastModified</span><span class="se">\&quot;</span><span class="s2">: 1670774894035, </span><span class="se">\&quot;</span><span class="s2">policySerialNumber</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">E3DD-12/28/2022 14:30:24 853</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">policyDate</span><span class="se">\&quot;</span><span class="s2">: 1672237824853, </span><span class="se">\&quot;</span><span class="s2">customIpsNumber</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">domain</span><span class="se">\&quot;</span><span class="s2">: {</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">3CB04764AC1F211B2A79E12FEDEA41B1</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Default</span><span class="se">\&quot;</span><span class="s2">}, </span><span class="se">\&quot;</span><span class="s2">policyInheritanceEnabled</span><span class="se">\&quot;</span><span class="s2">: false}, {</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">459F58A0AC1F211B0743E90D2F0C32A1</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Default Group</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">description</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">fullPathName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">My Company</span><span class="se">\\\\</span><span class="s2">Default Group</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">numberOfPhysicalComputers</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">numberOfRegisteredUsers</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">createdBy</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">AF3C39A10A320801000000DBF200C60A                                                                                                </span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">created</span><span class="se">\&quot;</span><span class="s2">: 1670774894035, </span><span class="se">\&quot;</span><span class="s2">lastModified</span><span class="se">\&quot;</span><span class="s2">: 1670774894035, </span><span class="se">\&quot;</span><span class="s2">policySerialNumber</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">459F-12/28/2022 14:30:24 853</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">policyDate</span><span class="se">\&quot;</span><span class="s2">: 1672237824853, </span><span class="se">\&quot;</span><span class="s2">customIpsNumber</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">domain</span><span class="se">\&quot;</span><span class="s2">: {</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">3CB04764AC1F211B2A79E12FEDEA41B1</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Default</span><span class="se">\&quot;</span><span class="s2">}, </span><span class="se">\&quot;</span><span class="s2">policyInheritanceEnabled</span><span class="se">\&quot;</span><span class="s2">: true}, {</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">01C53575AC1F211B53E6515D65FC81CD</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Test</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">description</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">fullPathName</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">My Company</span><span class="se">\\\\</span><span class="s2">Test</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">numberOfPhysicalComputers</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">numberOfRegisteredUsers</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">createdBy</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">AF3C39A10A320801000000DBF200C60A                                                                                                </span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">created</span><span class="se">\&quot;</span><span class="s2">: 1670853895754, </span><span class="se">\&quot;</span><span class="s2">lastModified</span><span class="se">\&quot;</span><span class="s2">: 1670853895754, </span><span class="se">\&quot;</span><span class="s2">policySerialNumber</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">01C5-12/28/2022 14:30:24 853</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">policyDate</span><span class="se">\&quot;</span><span class="s2">: 1672237824853, </span><span class="se">\&quot;</span><span class="s2">customIpsNumber</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">domain</span><span class="se">\&quot;</span><span class="s2">: {</span><span class="se">\&quot;</span><span class="s2">id</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">3CB04764AC1F211B2A79E12FEDEA41B1</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">name</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Default</span><span class="se">\&quot;</span><span class="s2">}, </span><span class="se">\&quot;</span><span class="s2">policyInheritanceEnabled</span><span class="se">\&quot;</span><span class="s2">: true}], </span><span class="se">\&quot;</span><span class="s2">totalPages</span><span class="se">\&quot;</span><span class="s2">: 1, </span><span class="se">\&quot;</span><span class="s2">firstPage</span><span class="se">\&quot;</span><span class="s2">: true, </span><span class="se">\&quot;</span><span class="s2">lastPage</span><span class="se">\&quot;</span><span class="s2">: true, </span><span class="se">\&quot;</span><span class="s2">totalElements</span><span class="se">\&quot;</span><span class="s2">: 3, </span><span class="se">\&quot;</span><span class="s2">size</span><span class="se">\&quot;</span><span class="s2">: 25, </span><span class="se">\&quot;</span><span class="s2">number</span><span class="se">\&quot;</span><span class="s2">: 0, </span><span class="se">\&quot;</span><span class="s2">sort</span><span class="se">\&quot;</span><span class="s2">: [{</span><span class="se">\&quot;</span><span class="s2">direction</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">ASC</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">property</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">NAME</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">ascending</span><span class="se">\&quot;</span><span class="s2">: true}], </span><span class="se">\&quot;</span><span class="s2">numberOfElements</span><span class="se">\&quot;</span><span class="s2">: 3}&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
 <span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">domain_content_results</span> <span class="o">=</span>  <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get_domains_results</span>
-<span class="n">domain_content</span> <span class="o">=</span> <span class="n">domain_content_results</span><span class="o">.</span><span class="n">content</span>
-
-<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">domain_content</span><span class="p">)):</span>
-  <span class="k">if</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;name&quot;</span><span class="p">]</span> <span class="o">==</span>  <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain</span> <span class="o">=</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
-    <span class="k">break</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_exceptions_id</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_exceptions_id</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_get_groups script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: {</span>
-<span class="sd">         &#39;content&#39;: {</span>
-<span class="sd">                      &quot;sort&quot;: [</span>
-<span class="sd">                        {</span>
-<span class="sd">                          &quot;direction&quot;: &quot;ASC&quot;,</span>
-<span class="sd">                          &quot;property&quot;: &quot;NAME&quot;,</span>
-<span class="sd">                          &quot;ascending&quot;: true</span>
-<span class="sd">                        }</span>
-<span class="sd">                      ],</span>
-<span class="sd">                      &quot;number&quot;: 0,</span>
-<span class="sd">                      &quot;firstPage&quot;: true,</span>
-<span class="sd">                      &quot;content&quot;: [</span>
-<span class="sd">                        {</span>
-<span class="sd">                          &quot;policyDate&quot;: 1548489611062,</span>
-<span class="sd">                          &quot;domain&quot;: {</span>
-<span class="sd">                            &quot;id&quot;: &quot;908090000946C25D330E919313D23887&quot;,</span>
-<span class="sd">                            &quot;name&quot;: &quot;Default&quot;</span>
-<span class="sd">                          },</span>
-<span class="sd">                          &quot;numberOfRegisteredUsers&quot;: 1,</span>
-<span class="sd">                          &quot;description&quot;: &quot;&quot;,</span>
-<span class="sd">                          &quot;created&quot;: 1548481072007,</span>
-<span class="sd">                          &quot;policySerialNumber&quot;: &quot;4CBD-01/26/2019 08:00:11 062&quot;,</span>
-<span class="sd">                          &quot;lastModified&quot;: 1548481072007,</span>
-<span class="sd">                          &quot;fullPathName&quot;: &quot;My Company\\Default Group&quot;,</span>
-<span class="sd">                          &quot;createdBy&quot;: &quot;AF3C39A10A320801000000DBF200C60A&quot;,</span>
-<span class="sd">                          &quot;numberOfPhysicalComputers&quot;: 1,</span>
-<span class="sd">                          &quot;customIpsNumber&quot;: &quot;&quot;,</span>
-<span class="sd">                          &quot;id&quot;: &quot;4CBD63EE0946C25D1011DB1872A1736A&quot;,</span>
-<span class="sd">                          &quot;policyInheritanceEnabled&quot;: true,</span>
-<span class="sd">                          &quot;name&quot;: &quot;Default Group&quot;</span>
-<span class="sd">                        },</span>
-<span class="sd">                        {</span>
-<span class="sd">                          &quot;policyDate&quot;: 1548489611062,</span>
-<span class="sd">                          &quot;domain&quot;: {</span>
-<span class="sd">                            &quot;id&quot;: &quot;908090000946C25D330E919313D23887&quot;,</span>
-<span class="sd">                            &quot;name&quot;: &quot;Default&quot;</span>
-<span class="sd">                          },</span>
-<span class="sd">                          &quot;numberOfRegisteredUsers&quot;: 1,</span>
-<span class="sd">                          &quot;description&quot;: &quot;&quot;,</span>
-<span class="sd">                          &quot;created&quot;: 1548481072007,</span>
-<span class="sd">                          &quot;policySerialNumber&quot;: &quot;CAD8-01/26/2019 08:00:11 062&quot;,</span>
-<span class="sd">                          &quot;lastModified&quot;: 1548481072007,</span>
-<span class="sd">                          &quot;fullPathName&quot;: &quot;My Company&quot;,</span>
-<span class="sd">                          &quot;createdBy&quot;: &quot;AF3C39A10A320801000000DBF200C60A&quot;,</span>
-<span class="sd">                          &quot;number OfPhysicalComputers&quot;: 1,</span>
-<span class="sd">                          &quot;customIpsNumber&quot;: &quot;&quot;,</span>
-<span class="sd">                          &quot;id&quot;: &quot;CAD80F000946C25D6C150831060AA326&quot;,</span>
-<span class="sd">                          &quot;policyInheritanceEnabled&quot;: false,</span>
-<span class="sd">                          &quot;name&quot;: &quot;My Company&quot;</span>
-<span class="sd">                        }</span>
-<span class="sd">                      ],</span>
-<span class="sd">                      &quot;lastPage&quot;: true,</span>
-<span class="sd">                      &quot;totalPages&quot;: 1,</span>
-<span class="sd">                      &quot;size&quot;: 25,</span>
-<span class="sd">                      &quot;totalElements&quot;: 2,</span>
-<span class="sd">                      &quot;numberOfElements&quot;: 2</span>
-<span class="sd">                     }</span>
-
-<span class="sd">}</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
-<span class="c1"># List of fields in datatable fn_amp_get_groups script</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;query_execution_time&quot;</span><span class="p">,</span> <span class="s2">&quot;group_name&quot;</span><span class="p">,</span> <span class="s2">&quot;group_id&quot;</span><span class="p">,</span> <span class="s2">&quot;group_description&quot;</span><span class="p">,</span> <span class="s2">&quot;fullPathName&quot;</span><span class="p">,</span>
-                   <span class="s2">&quot;numberOfPhysicalComputers&quot;</span><span class="p">,</span><span class="s2">&quot;policyInheritanceEnabled&quot;</span><span class="p">]</span>
-<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_symc_sep_get_groups&quot;</span>
-<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Get Groups information&quot;</span>
-<span class="n">DATA_TBL_FIELDS_DOM</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;domain_name&quot;</span><span class="p">,</span> <span class="s2">&quot;domain_id&quot;</span><span class="p">]</span>
-<span class="n">C_OUTER</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
-<span class="n">DOMAIN_NAME</span> <span class="o">=</span> <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_domain_name</span>
-
-<span class="c1"># Processing</span>
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-    <span class="k">if</span> <span class="n">C_OUTER</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There were &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; results returned for domain &quot;</span> \
-                    <span class="s2">&quot;&lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">][</span><span class="s2">&quot;numberOfElements&quot;</span><span class="p">],</span> <span class="n">DOMAIN_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-        <span class="n">groups</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">]</span>
-        <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">groups</span><span class="p">)):</span>
-            <span class="n">newrow</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;sep_groups&quot;</span><span class="p">)</span>
-            <span class="n">newrow</span><span class="o">.</span><span class="n">query_execution_date</span> <span class="o">=</span> <span class="n">QUERY_EXECUTION_DATE</span>
-            <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="n">DATA_TBL_FIELDS</span><span class="p">:</span>
-                <span class="k">try</span><span class="p">:</span>
-                    <span class="n">f_base</span> <span class="o">=</span> <span class="n">f</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">&#39;_&#39;</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span>
-                <span class="k">except</span><span class="p">:</span>
-                    <span class="n">f_base</span> <span class="o">=</span> <span class="n">f</span>
-                <span class="k">if</span> <span class="n">f</span> <span class="o">==</span> <span class="s2">&quot;query_execution_time&quot;</span><span class="p">:</span>
-                    <span class="k">continue</span>
-                <span class="k">if</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">]</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-                      <span class="n">newrow</span><span class="p">[</span><span class="n">f</span><span class="p">]</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="n">f_base</span><span class="p">]</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">json</span> <span class="kn">import</span> <span class="n">dumps</span>
 
-            <span class="n">domain</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;domain&quot;</span><span class="p">]</span>
-            <span class="k">if</span> <span class="n">domain</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-                <span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">DATA_TBL_FIELDS_DOM</span><span class="p">:</span>
-                    <span class="n">d_base</span> <span class="o">=</span> <span class="n">d</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s1">&#39;_&#39;</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span>
-                    <span class="n">newrow</span><span class="p">[</span><span class="n">d</span><span class="p">]</span> <span class="o">=</span> <span class="n">domain</span><span class="p">[</span><span class="n">d_base</span><span class="p">]</span>
-
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There were &lt;b&gt;no&lt;/b&gt; results returned for domain &quot;</span> \
-                     <span class="s2">&quot;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;for Resilient function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">DOMAIN_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
-
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_exceptions_policy_results</span>
+<span class="k">if</span> <span class="ow">not</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;SEP Exceptions Policy </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_exceptions_id</span><span class="si">}</span><span class="s2"> error. Reason: </span><span class="si">{</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;SEP Exceptions Policy: </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_exceptions_id</span><span class="si">}</span><span class="se">\n\n</span><span class="si">{</span><span class="n">dumps</span><span class="p">(</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;content&#39;</span><span class="p">),</span><span class="w"> </span><span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_domain": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_domain</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-domains"><span class="xref myst">Function - SEP - Get Domains</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
 </section>
 <hr class="docutils" />
-<section id="function-sep-move-endpoint">
-<h2>Function - SEP - Move endpoint<a class="headerlink" href="#function-sep-move-endpoint" title="Link to this heading">¶</a></h2>
-<p>Check for and move an endpoint to a different group.</p>
+<section id="function-sep-get-file-content-as-base64">
+<h2>Function - SEP - Get File Content as Base64<a class="headerlink" href="#function-sep-get-file-content-as-base64" title="Link to this heading">¶</a></h2>
+<p>Get contents of a file uploaded to SEPM server as a Base64 string for a given file ID.</p>
+<p><img alt="screenshot: fn-sep---get-file-content-as-base64 " src="fn_sep/doc/screenshots/fn-sep---get-file-content-as-base64.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -2511,17 +2343,11 @@ <h2>Function - SEP - Move endpoint<a class="headerlink" href="#function-sep-move
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_groupid</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Group id on which to run the SEP command.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_hardwarekey</span></code></p></td>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_file_id</span></code></p></td>
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
 <td class="text-center"><p>No</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Hardware key of SEP computer.</p></td>
+<td><p>The file ID from which to get detailed information.</p></td>
 </tr>
 </tbody>
 </table>
@@ -2534,116 +2360,67 @@ <h2>Function - SEP - Move endpoint<a class="headerlink" href="#function-sep-move
 <div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
 </div></blockquote>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
-    <span class="p">{</span>
-      <span class="s2">&quot;responseCode&quot;</span><span class="p">:</span> <span class="s2">&quot;200&quot;</span><span class="p">,</span>
-      <span class="s2">&quot;responseMessage&quot;</span><span class="p">:</span> <span class="s2">&quot;OK&quot;</span>
-    <span class="p">}</span>
-  <span class="p">],</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="s2">&quot;WDVPIVAlQEFQWzRcUFpYNTQoUF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNULUZJTEUhJEgrSCo=&quot;</span><span class="p">,</span>
   <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_groupid&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_groupid&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_hardwarekey&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_hardwarekey&quot;</span>
+    <span class="s2">&quot;sep_file_id&quot;</span><span class="p">:</span> <span class="s2">&quot;A5E2EE53092E5BB91EBE5413EE47C386&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1991</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1098</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 10:40:03&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-29 10:04:04&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;[{</span><span class="se">\&quot;</span><span class="s2">responseCode</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">200</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">responseMessage</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">OK</span><span class="se">\&quot;</span><span class="s2">}]&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
 <span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">content</span> <span class="o">=</span>  <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get_groups_results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">full_path_name</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="s2">&quot;fullPathName&quot;</span><span class="p">]</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_hardwarekey</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">hardwareKey</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_groupid</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
-
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_file_id</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">file_id</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_move_client script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: {&#39;inputs&#39;: {u&#39;sep_hardwarekey&#39;: u&#39;B791D1DF2BB8AA77D19B10E3BB395B81&#39;, u&#39;sep_groupid&#39;: u&#39;CC00A6170946C25D35BD115E41F2F92C&#39;},</span>
-<span class="sd">         &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-29 12:17:17&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;, &#39;host&#39;: &#39;myhost&#39;,</span>
-<span class="sd">                     &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1782},</span>
-<span class="sd">         &#39;success&#39;: True,</span>
-<span class="sd">         &#39;content&#39;: [{u&#39;responseMessage&#39;: u&#39;OK&#39;, u&#39;responseCode&#39;: u&#39;200&#39;}],</span>
-<span class="sd">         &#39;raw&#39;: &#39;[{&quot;responseMessage&quot;: &quot;OK&quot;, &quot;responseCode&quot;: &quot;200&quot;}]&#39;,</span>
-<span class="sd">         &#39;reason&#39;: None,</span>
-<span class="sd">         &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd"> }</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_get_file_content_as_base64 ##</span>
+<span class="c1"># Globals</span>
+<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[]</span>
+<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_get_file_content_as_base64&quot;</span>
+<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Get File Content as Base64 string&quot;</span>
 <span class="c1"># List of fields in datatable fn_amp_get_computers script</span>
-<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_set_move_client&quot;</span>
-<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Move Endpoint&quot;</span>
-<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">HW_KEY</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;inputs&quot;</span><span class="p">][</span><span class="s2">&quot;sep_hardwarekey&quot;</span><span class="p">]</span>
-<span class="n">GROUP_ID</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;inputs&quot;</span><span class="p">][</span><span class="s2">&quot;sep_groupid&quot;</span><span class="p">]</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
-<span class="c1"># Processing</span>
-
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-    <span class="k">if</span> <span class="n">CONTENT</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="n">response_msg</span> <span class="o">=</span> <span class="n">CONTENT</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="s2">&quot;responseMessage&quot;</span><span class="p">]</span>
-        <span class="k">if</span> <span class="n">response_msg</span> <span class="o">==</span> <span class="s2">&quot;OK&quot;</span><span class="p">:</span>
-            <span class="n">oldfullpath</span> <span class="o">=</span> <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_oldpathname&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)[</span><span class="s2">&quot;oldPathName&quot;</span><span class="p">]</span>
-            <span class="n">fullpathname</span> <span class="o">=</span> <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fullpathname&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)[</span><span class="s2">&quot;fullPathName&quot;</span><span class="p">]</span>
-            <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow: &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt; : Successfully moved computer &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; &quot;</span> \
-                       <span class="s2">&quot;from group &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; to group &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt;.&quot;</span>\
-                <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">computerName</span><span class="p">,</span> <span class="n">oldfullpath</span><span class="p">,</span> <span class="n">fullpathname</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-            <span class="n">row</span><span class="o">.</span><span class="n">group_id</span> <span class="o">=</span> <span class="n">GROUP_ID</span>
-            <span class="k">if</span> <span class="n">fullpathname</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-              <span class="n">row</span><span class="o">.</span><span class="n">group_name</span> <span class="o">=</span> <span class="n">fullpathname</span>
-        <span class="k">else</span><span class="p">:</span>
-            <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow: &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt; : Unsuccessful move of computer &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; &quot;</span> \
-                       <span class="s2">&quot;to group with id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;. Received response &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt;.&quot;</span>\
-                <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">computerName</span><span class="p">,</span> <span class="n">GROUP_ID</span><span class="p">,</span> <span class="n">response_msg</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-    <span class="k">else</span><span class="p">:</span>
-      <span class="n">noteText</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow: &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt; : Move unsuccessful for computer with hardware id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; &quot;</span> \
-                 <span class="s2">&quot;to group with id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;.&quot;</span>\
-          <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">HW_KEY</span><span class="p">,</span> <span class="n">GROUP_ID</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[]</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_file_content_as_base65_results</span>
+<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">)</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
 
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+<span class="c1"># Processing</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="k">if</span> <span class="n">CONTENT</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Returned Base64 string of size &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; returned &quot;</span> \
+                <span class="s2">&quot;for SOAR function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">CONTENT</span><span class="p">),</span> <span class="n">FN_NAME</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There was &lt;b&gt;no&lt;/b&gt; result returned for &quot;</span> \
+                <span class="s2">&quot;SOAR function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
 
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_groupid": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_groupid</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-groups"><span class="xref myst">Function - SEP - Get Groups</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;id</span></code>.</p>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_hardwarekey": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_hardwarekey</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-computers"><span class="xref myst">Function - SEP - Get Computers</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">hardwareKey</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;hardwareKey</span></code>.</p>
-</p>
-</details>
 </section>
 <hr class="docutils" />
-<section id="function-sep-quarantine-endpoints">
-<h2>Function - SEP - Quarantine Endpoints<a class="headerlink" href="#function-sep-quarantine-endpoints" title="Link to this heading">¶</a></h2>
-<p>Quarantine/un-quarantine Symantec Endpoint Protection endpoints. The function will add or remove endpoints to or from network quarantine.</p>
+<section id="function-sep-get-fingerprint-list">
+<h2>Function - SEP - Get Fingerprint List<a class="headerlink" href="#function-sep-get-fingerprint-list" title="Link to this heading">¶</a></h2>
+<p>Get the fingerprint list information for a specified name or id.</p>
+<p><img alt="screenshot: fn-sep---get-fingerprint-list " src="fn_sep/doc/screenshots/fn-sep---get-fingerprint-list.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -2657,23 +2434,23 @@ <h2>Function - SEP - Quarantine Endpoints<a class="headerlink" href="#function-s
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code></p></td>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_domainid</span></code></p></td>
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
 <td class="text-center"><p>No</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The list of computer ids on which to run the SEP command.</p></td>
+<td><p>The SEPM domain id.</p></td>
 </tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_group_ids</span></code></p></td>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_id</span></code></p></td>
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
 <td class="text-center"><p>No</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The list of groups on which to run the SEP command.</p></td>
+<td><p>Id of SEP fingerprint list</p></td>
 </tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_undo</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">boolean</span></code></p></td>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_name</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
 <td class="text-center"><p>No</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Boolean value, if set to true, will undo operation.</p></td>
+<td><p>Name of a SEP fingerprint list.</p></td>
 </tr>
 </tbody>
 </table>
@@ -2687,23 +2464,23 @@ <h2>Function - SEP - Quarantine Endpoints<a class="headerlink" href="#function-s
 </div></blockquote>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
   <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;commandID_computer&quot;</span><span class="p">:</span> <span class="s2">&quot;commandID_computer&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;commandID_group&quot;</span><span class="p">:</span> <span class="s2">&quot;commandID_group&quot;</span>
+    <span class="s2">&quot;appErrorCode&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;errorCode&quot;</span><span class="p">:</span> <span class="s2">&quot;410&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;errorMessage&quot;</span><span class="p">:</span> <span class="s2">&quot;Fingerprint list with ID Blacklist2 do not exist&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_group_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_group_ids&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_undo&quot;</span><span class="p">:</span> <span class="n">true</span>
+    <span class="s2">&quot;sep_domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">:</span> <span class="s2">&quot;Blacklist2&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2090</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">995</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 10:10:20&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-15 08:30:24&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">commandID_group</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">commandID_group</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">commandID_computer</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">commandID_computer</span><span class="se">\&quot;</span><span class="s2">}&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">errorCode</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">410</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">appErrorCode</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">errorMessage</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">Fingerprint list with ID Blacklist2 do not exist</span><span class="se">\&quot;</span><span class="s2">}&quot;</span><span class="p">,</span>
   <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
   <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
   <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
@@ -2712,82 +2489,71 @@ <h2>Function - SEP - Quarantine Endpoints<a class="headerlink" href="#function-s
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_computer_ids</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">uniqueId</span>
-<span class="n">endpoint_quarantine_status</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">endpoint_quarantine_status</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">]</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">domain_content</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_domains_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">[])</span>
 
-<span class="c1"># 2 different rules using - Quarantine or Un-quarantine  based on row value. (w rules using Workflow)</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_undo</span> <span class="o">=</span> <span class="kc">True</span> <span class="k">if</span> <span class="n">endpoint_quarantine_status</span> <span class="o">==</span> <span class="s2">&quot;Quarantined&quot;</span> <span class="k">else</span> <span class="kc">False</span>
+<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">domain_content</span><span class="p">)):</span>
+  <span class="k">if</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;name&quot;</span><span class="p">)</span> <span class="o">==</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
+    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_domainid</span> <span class="o">=</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
+    <span class="k">break</span>
 
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_quarantine_endpoints script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: { &#39;inputs&#39;: {u&#39;sep_undo&#39;: False, u&#39;sep_computer_ids&#39;: u&#39;89AD1BBB0946C25D25E6C0984E971D8A&#39;},</span>
-<span class="sd">         &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-14 14:42:09&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;,</span>
-<span class="sd">                     &#39;host&#39;: &#39;myhost&#39;, &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1102</span>
-<span class="sd">                    }, &#39;success&#39;: True,</span>
-<span class="sd">         &#39;content&#39;: {u&#39;commandID_computer&#39;: u&#39;79AD5636B73A4C0D828938AE1E5B2C13&#39;},</span>
-<span class="sd">         &#39;raw&#39;: &#39;{&quot;commandID_computer&quot;: &quot;79AD5636B73A4C0D828938AE1E5B2C13&quot;}&#39;,</span>
-<span class="sd">         &#39;reason&#39;: None,</span>
-<span class="sd">         &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd">}</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_get_fingerprint_list script ##</span>
+<span class="c1"># Globals</span>
+<span class="c1"># List of fields in datatable fn_sep_get_fingerprint_list script</span>
+<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;domain_name&quot;</span><span class="p">,</span> <span class="s2">&quot;list_name&quot;</span><span class="p">,</span> <span class="s2">&quot;list_id&quot;</span><span class="p">,</span> <span class="s2">&quot;list_description&quot;</span><span class="p">,</span> <span class="s2">&quot;hash_values&quot;</span><span class="p">,</span> <span class="s2">&quot;hash_type&quot;</span><span class="p">,</span> <span class="s2">&quot;group_ids&quot;</span><span class="p">]</span>
+<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Add Hash to Fingerprint List&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_fingerprintlist_results</span>
+<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">)</span>
+<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">)</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
 
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
-<span class="c1"># List of fields in datatable fn_sep_quarantine_endpoints script</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;quarantine_commandid&quot;</span><span class="p">]</span>
-<span class="n">fn_name</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_quarantine_endpoints&quot;</span>
-<span class="n">wf_name</span> <span class="o">=</span> <span class="s2">&quot;Quarantine Endpoint&quot;</span>
 <span class="c1"># Processing</span>
-<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">inputs</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-<span class="n">query_execution_date</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
-
-<span class="k">if</span> <span class="n">content</span>  <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: Executed with command id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for endpoint &quot;</span> \
-                <span class="s2">&quot;&lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">content</span><span class="p">[</span><span class="s2">&quot;commandID_computer&quot;</span><span class="p">],</span> <span class="n">row</span><span class="o">.</span><span class="n">computerName</span><span class="p">,</span> <span class="n">fn_name</span><span class="p">)</span>
-    <span class="n">row</span><span class="o">.</span><span class="n">query_execution_date</span> <span class="o">=</span> <span class="n">query_execution_date</span>
-    <span class="n">row</span><span class="o">.</span><span class="n">quarantine_commandid</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="s2">&quot;commandID_computer&quot;</span><span class="p">]</span>
-
-<span class="k">else</span><span class="p">:</span>
-    <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There was &lt;b&gt;no&lt;/b&gt; results returned for Resilient function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span> \
-                 <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">fn_name</span><span class="p">)</span>
-
-<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+<span class="n">fpl_exists</span> <span class="o">=</span> <span class="n">hash_in_list</span> <span class="o">=</span> <span class="kc">False</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="k">if</span> <span class="n">CONTENT</span><span class="p">:</span>
+  <span class="k">if</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;errorCode&quot;</span><span class="p">)</span> <span class="ow">and</span> <span class="nb">int</span><span class="p">(</span><span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;errorCode&quot;</span><span class="p">))</span> <span class="o">==</span> <span class="mi">410</span><span class="p">:</span>
+    <span class="c1"># The finger print list doesn&#39;t already exist.</span>
+    <span class="k">pass</span>
+  <span class="k">elif</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">):</span>
+    <span class="c1"># The finger print list exists set flag for gateway.</span>
+    <span class="n">fpl_exists</span> <span class="o">=</span> <span class="kc">True</span>
+    <span class="n">playbook</span><span class="o">.</span><span class="n">addProperty</span><span class="p">(</span><span class="s2">&quot;fpl_exists&quot;</span><span class="p">,</span> <span class="p">{</span><span class="s2">&quot;exists&quot;</span><span class="p">:</span> <span class="kc">True</span><span class="p">})</span>
+  <span class="k">if</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">):</span>
+    <span class="c1"># Check if data is in new format. A list of dictionaries</span>
+    <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="p">[])[</span><span class="mi">0</span><span class="p">],</span> <span class="nb">dict</span><span class="p">):</span>
+      <span class="k">if</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span> <span class="ow">in</span> <span class="p">[</span><span class="n">h</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span> <span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">)</span> <span class="k">for</span> <span class="n">h</span> <span class="ow">in</span> <span class="n">d</span><span class="p">]:</span>
+        <span class="c1"># Finger print list exists and hash in list set flag for hash in list.</span>
+        <span class="n">hash_in_list</span> <span class="o">=</span> <span class="kc">True</span>
+    <span class="k">else</span><span class="p">:</span>
+      <span class="k">if</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span> <span class="ow">in</span> <span class="p">[</span><span class="n">d</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span> <span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">)]:</span>
+        <span class="c1"># Finger print list exists and hash in list set flag for hash in list.</span>
+        <span class="n">hash_in_list</span> <span class="o">=</span> <span class="kc">True</span>
+    <span class="k">if</span> <span class="n">hash_in_list</span><span class="p">:</span>
+      <span class="n">playbook</span><span class="o">.</span><span class="n">addProperty</span><span class="p">(</span><span class="s2">&quot;hash_in_list&quot;</span><span class="p">,</span> <span class="p">{</span><span class="s2">&quot;hash_in_list&quot;</span><span class="p">:</span> <span class="kc">True</span><span class="p">})</span>
 
+<span class="k">if</span> <span class="n">fpl_exists</span> <span class="ow">and</span> <span class="n">hash_in_list</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;&quot;&quot;Symantec SEP Integration:</span>
+<span class="s2">                  playbook &lt;b&gt;</span><span class="si">{</span><span class="n">WF_NAME</span><span class="si">}</span><span class="s2">&lt;/b&gt;:</span>
+<span class="s2">                  The hash &lt;b&gt;</span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2">&lt;/b&gt; has already been added to fingerprint list &lt;b&gt;</span><span class="si">{</span><span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;sep_fingerprintlist_name&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&lt;/b&gt; for domain id &lt;b&gt;</span><span class="si">{</span><span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;sep_domainid&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&lt;/b&gt;.&quot;&quot;&quot;</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_group_ids": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_group_ids</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-groups"><span class="xref myst">Function - SEP - Get Groups</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;id</span></code>.</p>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_computer_ids": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-computers"><span class="xref myst">Function - SEP - Get Computers</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">uniqueId</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;uniqueId</span></code>.</p>
-</p>
-</details>
 </section>
 <hr class="docutils" />
-<section id="function-sep-scan-endpoints">
-<h2>Function - SEP - Scan Endpoints<a class="headerlink" href="#function-sep-scan-endpoints" title="Link to this heading">¶</a></h2>
-<p>Initiates an Evidence of Compromise (EOC) scan  of an artifact value  against  a list of endpoints or groups. The function can also be used to complete a remediation (quarantine) scan action  for hash value (MD5, SHA1 or SHA256).</p>
-<p>The provided <strong>SEP - Scan Endpoints</strong> function with the <strong>Initiate EOC Scan for Artifact</strong> workflow initiates an Evidence of Compromise (EOC) scan of an artifact value against a list of endpoints or groups.</p>
-<p><img alt="screenshot: fn-sep-scan-endpoints " src="../_images/wf-sep-initiate-eoc-scan-for-artifact.png" /></p>
-<p>The function can also be used to complete a remediation delete action on a SHA256 hash value in conjunction with a scan.</p>
-<p><img alt="screenshot: fn-sep-scan-endpoints " src="../_images/fn-sep-scan-endpoints.png" /></p>
+<section id="function-sep-get-firewall-policy">
+<h2>Function - SEP - Get Firewall Policy<a class="headerlink" href="#function-sep-get-firewall-policy" title="Link to this heading">¶</a></h2>
+<p>Get the firewall policy for specified policy id.</p>
+<p><img alt="screenshot: fn-sep---get-firewall-policy " src="fn_sep/doc/screenshots/fn-sep---get-firewall-policy.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -2801,1135 +2567,11 @@ <h2>Function - SEP - Scan Endpoints<a class="headerlink" href="#function-sep-sca
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code></p></td>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_firewall_id</span></code></p></td>
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The list of computer ids on which to run the SEP command.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_description</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SEP object (e.g. scan) description.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_file_path</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The file path of the suspect file.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_group_ids</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The list of groups on which to run the SEP command.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_md5</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The MD5 hash value of the suspicious file.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_scan_action</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Action to be performed during a scan.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_scan_type</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SEP eoc scan type. Possible values are:  FULL_SCAN and QUICK_SCAN.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sha1</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SHA1 hash value of the suspicious file.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sha256</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
+<td class="text-center"><p>Yes</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SHA256 hash value of the suspicious file.</p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</p>
-</details>
-<details><summary>Outputs:</summary>
-<p>
-<blockquote>
-<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
-</div></blockquote>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;commandID_computer&quot;</span><span class="p">:</span> <span class="s2">&quot;commandID_computer&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;commandID_group&quot;</span><span class="p">:</span> <span class="s2">&quot;commandID_group&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_description&quot;</span><span class="p">:</span> <span class="s2">&quot;demo xyz&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_group_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_group_ids&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_scan_action&quot;</span><span class="p">:</span> <span class="s2">&quot;remediate&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_scan_type&quot;</span><span class="p">:</span> <span class="s2">&quot;FULL_SCAN&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2108</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 10:04:26&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">commandID_group</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">commandID_group</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">commandID_computer</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">commandID_computer</span><span class="se">\&quot;</span><span class="s2">}&quot;</span><span class="p">,</span>
-  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">GET_COMPUTERS_CONTENT</span> <span class="o">=</span> <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get_computers_results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">ARTIFACT_TYPE</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">type</span>
-<span class="n">ARTIFACT_VALUE</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
-<span class="n">ARTIFACT_DESCRIPTION</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">description</span>
-<span class="n">ARTIFACT_TYPE_TO_ROW</span> <span class="o">=</span> <span class="p">{</span>
-    <span class="s2">&quot;File Name&quot;</span><span class="p">:</span> <span class="s2">&quot;file_name&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;File Path&quot;</span><span class="p">:</span> <span class="s2">&quot;file_path&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;Malware MD5 Hash&quot;</span><span class="p">:</span> <span class="s2">&quot;md5&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;Malware SHA-1 Hash&quot;</span><span class="p">:</span> <span class="s2">&quot;sha1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;Malware SHA-256 Hash&quot;</span><span class="p">:</span> <span class="s2">&quot;sha256&quot;</span>
-<span class="p">}</span>
-<span class="n">ARTIFACT_TYPES</span> <span class="o">=</span> <span class="p">[</span> <span class="n">v</span> <span class="k">for</span> <span class="n">v</span> <span class="ow">in</span> <span class="nb">sorted</span><span class="p">(</span><span class="n">ARTIFACT_TYPE_TO_ROW</span><span class="o">.</span><span class="n">values</span><span class="p">())]</span>
-<span class="n">COMPUTER_IDS</span> <span class="o">=</span> <span class="p">[]</span>
-<span class="c1">## Processing</span>
-
-<span class="k">def</span> <span class="nf">get_computers</span><span class="p">():</span>
-    <span class="k">global</span> <span class="n">COMPUTER_IDS</span>
-    <span class="c1"># Get computers to run scan against from previous step.</span>
-    <span class="k">if</span> <span class="n">GET_COMPUTERS_CONTENT</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span> <span class="ow">and</span> <span class="n">GET_COMPUTERS_CONTENT</span><span class="p">[</span><span class="s2">&quot;endpoints_matching_ids&quot;</span><span class="p">]:</span>
-        <span class="n">COMPUTER_IDS</span> <span class="o">=</span> <span class="n">GET_COMPUTERS_CONTENT</span><span class="p">[</span><span class="s2">&quot;endpoints_matching_ids&quot;</span><span class="p">]</span>
-
-<span class="k">def</span> <span class="nf">set_inputs</span><span class="p">(</span><span class="n">fn</span><span class="p">,</span> <span class="n">fp</span><span class="p">,</span> <span class="n">md5</span><span class="p">,</span> <span class="n">sha1</span><span class="p">,</span> <span class="n">sha256</span><span class="p">):</span>
-    <span class="k">global</span> <span class="n">COMPUTER_IDS</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_file_path</span> <span class="o">=</span> <span class="n">fn</span> <span class="k">if</span> <span class="n">fp</span> <span class="ow">is</span> <span class="kc">None</span> <span class="k">else</span> <span class="n">fp</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_md5</span> <span class="o">=</span> <span class="n">md5</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_sha1</span> <span class="o">=</span> <span class="n">sha1</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_sha256</span> <span class="o">=</span> <span class="n">sha256</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_computer_ids</span> <span class="o">=</span> <span class="s1">&#39;,&#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">COMPUTER_IDS</span><span class="p">)</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_scan_type</span> <span class="o">=</span> <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_scan_type</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_scan_action</span> <span class="o">=</span> <span class="kc">None</span>
-    <span class="k">if</span> <span class="n">ARTIFACT_DESCRIPTION</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="n">inputs</span><span class="o">.</span><span class="n">sep_description</span> <span class="o">=</span> <span class="s2">&quot;Scan eoc for </span><span class="si">{0}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">ARTIFACT_DESCRIPTION</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">])</span>
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">inputs</span><span class="o">.</span><span class="n">sep_description</span> <span class="o">=</span> <span class="s2">&quot;Scan eoc for for suspicious hash of type </span><span class="si">{0}</span><span class="s2"> and value </span><span class="si">{1}</span><span class="s2"> in the SEP environment.&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">ARTIFACT_TYPE</span><span class="p">,</span> <span class="n">ARTIFACT_VALUE</span><span class="p">)</span>
-
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">get_computers</span><span class="p">()</span>
-    <span class="c1"># Assign values to correct row based on artifact type</span>
-    <span class="n">types</span> <span class="o">=</span> <span class="p">[</span><span class="kc">None</span> <span class="k">if</span> <span class="n">t</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">ARTIFACT_TYPE_TO_ROW</span><span class="p">[</span><span class="n">ARTIFACT_TYPE</span><span class="p">]</span> <span class="k">else</span> <span class="n">ARTIFACT_VALUE</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">ARTIFACT_TYPES</span><span class="p">]</span>
-    <span class="n">set_inputs</span><span class="p">(</span><span class="o">*</span><span class="n">types</span><span class="p">)</span>
-
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Post-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_upload_file_to_sepm script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: {&#39;inputs&#39;: {u&#39;sep_description&#39;: u&#39;Scan to remediate file based on sha256&#39;, u&#39;sep_computer_ids&#39;: u&#39;D31AA16E0946C25D40C83823C500518B&#39;,</span>
-<span class="sd">                    u&#39;sep_scan_action&#39;: None, u&#39;sep_file_path&#39;: u&#39;C:\\temp\\eicar.zip&#39;, u&#39;sep_group_ids&#39;: u&#39;CAD80F000946C25D6C150831060AA326&#39;,</span>
-<span class="sd">                    u&#39;sep_sha256&#39;: None, u&#39;sep_scan_type&#39;: {u&#39;name&#39;: u&#39;FULL_SCAN&#39;, u&#39;id&#39;: 229}},</span>
-<span class="sd">         &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-04-12 10:49:22&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;, &#39;host&#39;: &#39;myhost&#39;, &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 12349},</span>
-<span class="sd">         &#39;success&#39;: True, &#39;content&#39;: {u&#39;commandID_computer&#39;: u&#39;0F0CBDD7EDFF4634B23FA11F5AB81FFC&#39;, u&#39;commandID_group&#39;: u&#39;BB37F78894DB451B8E8921EC127667A3&#39;},</span>
-<span class="sd">         &#39;raw&#39;: &#39;{&quot;commandID_computer&quot;: &quot;0F0CBDD7EDFF4634B23FA11F5AB81FFC&quot;, &quot;commandID_group&quot;: &quot;BB37F78894DB451B8E8921EC127667A3&quot;}&#39;,</span>
-<span class="sd">         &#39;reason&#39;: None,</span>
-<span class="sd">         &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd">}</span>
-
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
-<span class="c1"># List of fields in datatable fn_sep_get_command_status script</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;scan_commandID&quot;</span><span class="p">]</span>
-<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_scan_endpoints&quot;</span>
-<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Initiate EOC Scan for Artifact&quot;</span>
-<span class="c1"># Processing</span>
-<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">]</span>
-<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
-    <span class="k">if</span> <span class="n">CONTENT</span>  <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: Returned command id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for a &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; &quot;</span> \
-                    <span class="s2">&quot;scan on artifact &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">CONTENT</span><span class="p">[</span><span class="s2">&quot;commandID_computer&quot;</span><span class="p">],</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_scan_type&quot;</span><span class="p">],</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There was &lt;b&gt;no&lt;/b&gt; command id returned for a &quot;</span> \
-                    <span class="s2">&quot;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; scan on artifact &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_scan_type&quot;</span><span class="p">],</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_file_path&quot;</span><span class="p">],</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_group_ids": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_group_ids</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-groups"><span class="xref myst">Function - SEP - Get Groups</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;id</span></code>.</p>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_computer_ids": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-computers"><span class="xref myst">Function - SEP - Get Computers</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">uniqueId</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;uniqueId</span></code>.</p>
-</p>
-</details>
-</section>
-<hr class="docutils" />
-<section id="function-sep-update-fingerprint-list">
-<h2>Function - SEP - Update Fingerprint List<a class="headerlink" href="#function-sep-update-fingerprint-list" title="Link to this heading">¶</a></h2>
-<p>Updates an existing fingerprint list with a set of hash values.
-Note: Currently only supports MD5 hash type.</p>
-<details><summary>Inputs:</summary>
-<p>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head"><p>Name</p></th>
-<th class="head text-center"><p>Type</p></th>
-<th class="head text-center"><p>Required</p></th>
-<th class="head"><p>Example</p></th>
-<th class="head"><p>Tooltip</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_description</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SEP object (e.g. scan) description.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_domainid</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SEPM domain id.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_id</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Id of SEP fingerprint list</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_name</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>Name of a SEP fingerprint list.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_hash_value</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The hash value. Can be MD5 or SHA256 hash value.</p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</p>
-</details>
-<details><summary>Outputs:</summary>
-<p>
-<blockquote>
-<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
-</div></blockquote>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_description&quot;</span><span class="p">:</span> <span class="s2">&quot;This is test of adding files in blacklist.&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_domainid&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test Blacklist Updated&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_hash_value&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_hash_value&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2087</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 09:30:38&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;</span><span class="si">{}</span><span class="s2">&quot;</span><span class="p">,</span>
-  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">domain_content_results</span> <span class="o">=</span>  <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get_domains_results</span>
-<span class="n">fpl_content_results</span> <span class="o">=</span> <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">get_fingerprintlist_results</span>
-<span class="n">domain_content</span> <span class="o">=</span> <span class="n">domain_content_results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">fpl_content</span> <span class="o">=</span> <span class="n">fpl_content_results</span><span class="o">.</span><span class="n">content</span>
-
-<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">domain_content</span><span class="p">)):</span>
-  <span class="k">if</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;name&quot;</span><span class="p">]</span> <span class="o">==</span>  <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_domainid</span> <span class="o">=</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
-    <span class="k">break</span>
-
-<span class="k">if</span> <span class="n">fpl_content</span><span class="p">[</span><span class="s2">&quot;name&quot;</span><span class="p">]</span> <span class="o">==</span>  <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span><span class="p">:</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_id</span> <span class="o">=</span> <span class="n">fpl_content</span><span class="p">[</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
-    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span> <span class="o">=</span> <span class="n">fpl_content</span><span class="p">[</span><span class="s2">&quot;name&quot;</span><span class="p">]</span>
-    <span class="k">if</span> <span class="n">fpl_content</span><span class="p">[</span><span class="s2">&quot;data&quot;</span><span class="p">]</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="n">inputs</span><span class="o">.</span><span class="n">sep_hash_value</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span> <span class="o">+</span> <span class="s1">&#39;,&#39;</span> <span class="o">+</span> <span class="s1">&#39;,&#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">fpl_content</span><span class="p">[</span><span class="s2">&quot;data&quot;</span><span class="p">])</span>
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">inputs</span><span class="o">.</span><span class="n">sep_hash_value</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
-
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_description</span> <span class="o">=</span> <span class="s2">&quot;Fingerprint list &#39;</span><span class="si">{}</span><span class="s2">&#39;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">inputs</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">))</span>
-
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Post-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_update_fingerprint_list script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: {&#39;inputs&#39;: {u&#39;sep_description&#39;: u&#39;Hash of type Malware MD5 Hash&#39;, u&#39;sep_fingerprintlist_name&#39;: u&#39;Blacklist_2&#39;,</span>
-<span class="sd">                   u&#39;sep_hash_value&#39;: u&#39;0B26E313ED4A7CA6904B0E9369E5B957,482F9B6E0CC4C1DBBD772AAAF088CB3A&#39;,</span>
-<span class="sd">                   u&#39;sep_domainid&#39;: u&#39;A9B4B7160946C25D24B6AA458EF5557F&#39;,</span>
-<span class="sd">                   u&#39;sep_fingerprintlist_id&#39;: u&#39;D132F4BA85D64E9F941906C2ECBF3F5F&#39;</span>
-<span class="sd">                   },</span>
-<span class="sd">        &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-14 10:48:45&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;,</span>
-<span class="sd">                    &#39;host&#39;: &#39;myhost.com&#39;, &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1131</span>
-<span class="sd">                    }, &#39;success&#39;: True,</span>
-<span class="sd">                    &#39;content&#39;: &#39;&#39;,</span>
-<span class="sd">                    &#39;raw&#39;: &#39;&quot;&quot;&#39;,</span>
-<span class="sd">                    &#39;reason&#39;: None,</span>
-<span class="sd">                    &#39;version&#39;: &#39;1.0&#39;</span>
-
-<span class="sd">}</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_update_fingerprint_list&quot;</span>
-<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Add Hash to Fingerprint List&quot;</span>
-<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-
-<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
-    <span class="k">if</span> <span class="n">CONTENT</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-        <span class="c1"># If we got here we assume we are successsful, no status messgae is returned by api.</span>
-        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: Successfully added MD5 hash &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; to fingerprint &quot;</span> \
-                    <span class="s2">&quot;list &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-            <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="n">INPUTS</span><span class="p">[</span><span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">],</span>
-                    <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="k">else</span><span class="p">:</span>
-        <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There was &lt;b&gt;no&lt;/b&gt; results returned for Resilient &quot;</span> \
-                     <span class="s2">&quot;function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
-
-    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
-
-<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">&quot;__main__&quot;</span><span class="p">:</span>
-    <span class="n">main</span><span class="p">()</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_domainid": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_domainid</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-domains"><span class="xref myst">Function - SEP - Get Domains</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_fingerprintlist_id": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_id</span></code> field can be refered from <a class="reference internal" href="#function---sep---add-fingerprint-list"><span class="xref myst">Function - SEP - Add Fingerprint List</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
-</section>
-<hr class="docutils" />
-<section id="function-sep-upload-file-to-sepm">
-<h2>Function - SEP - Upload File to SEPM<a class="headerlink" href="#function-sep-upload-file-to-sepm" title="Link to this heading">¶</a></h2>
-<p>Upload a file from an endpoint back to the SEPM server.
-Note: Only supports executable file types such as binary executable (.exe), batch (.bat), Windows installer package (.msi) etc. File source can be FILESYTEM, QUARANTINE or BOTH</p>
-<details><summary>Inputs:</summary>
-<p>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head"><p>Name</p></th>
-<th class="head text-center"><p>Type</p></th>
-<th class="head text-center"><p>Required</p></th>
-<th class="head"><p>Example</p></th>
-<th class="head"><p>Tooltip</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The list of computer ids on which to run the SEP command.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_file_path</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The file path of the suspect file.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_md5</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The MD5 hash value of the suspicious file.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sha1</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SHA1 hash value of the suspicious file.</p></td>
-</tr>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sha256</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The SHA256 hash value of the suspicious file.</p></td>
-</tr>
-<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_source</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The file source from where to search for the suspicious file. Possible values are: FILESYSTEM (default), QUARANTINE, or BOTH.</p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</p>
-</details>
-<details><summary>Outputs:</summary>
-<p>
-<blockquote>
-<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
-</div></blockquote>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;commandID&quot;</span><span class="p">:</span> <span class="s2">&quot;commandID&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_file_path&quot;</span><span class="p">:</span> <span class="s2">&quot;C:/Users/Public/Documents/sample.exe&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_md5&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_md5&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sep_source&quot;</span><span class="p">:</span> <span class="s2">&quot;FILESYSTEM&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2270</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 09:50:57&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;{</span><span class="se">\&quot;</span><span class="s2">commandID</span><span class="se">\&quot;</span><span class="s2">: </span><span class="se">\&quot;</span><span class="s2">commandID</span><span class="se">\&quot;</span><span class="s2">}&quot;</span><span class="p">,</span>
-  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Pre-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_computer_ids</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">computer_id</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_file_path</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">file_path</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_source</span> <span class="o">=</span> <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_source</span>
-<span class="n">hash_lengths</span>  <span class="o">=</span> <span class="p">[</span><span class="mi">64</span><span class="p">,</span> <span class="mi">40</span><span class="p">,</span> <span class="mi">32</span><span class="p">]</span>
-<span class="n">hvs</span> <span class="o">=</span> <span class="p">[</span><span class="kc">None</span> <span class="k">if</span> <span class="n">h</span> <span class="o">!=</span> <span class="nb">len</span><span class="p">(</span><span class="n">row</span><span class="o">.</span><span class="n">hash_value</span><span class="p">)</span> <span class="k">else</span> <span class="n">row</span><span class="o">.</span><span class="n">hash_value</span> <span class="k">for</span> <span class="n">h</span> <span class="ow">in</span> <span class="n">hash_lengths</span><span class="p">]</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_sha256</span> <span class="o">=</span> <span class="n">hvs</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_sha1</span> <span class="o">=</span> <span class="n">hvs</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span>
-<span class="n">inputs</span><span class="o">.</span><span class="n">sep_md5</span> <span class="o">=</span> <span class="n">hvs</span><span class="p">[</span><span class="mi">2</span><span class="p">]</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Example Post-Process Script:</summary>
-<p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">##  Symantec Endpoint Protection  - fn_sep_upload_file_to_sepm script ##</span>
-<span class="c1"># Example result:</span>
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="sd">Result: { &#39;inputs&#39;: {u&#39;sep_sha256&#39;: u&#39;590f9895c2cbe93d47c3f7a3104fb843edfb5d5741330593d7d302a1e11e0ba5&#39;, u&#39;sep_source&#39;: u&#39;FILESYSTEM&#39;,</span>
-<span class="sd">                   u&#39;sep_computer_ids&#39;: u&#39;89AD1BBB0946C25D25E6C0984E971D8A&#39;, u&#39;sep_file_path&#39;: u&#39;C:\\temp\\New Text Document.txt&#39;,</span>
-<span class="sd">                   u&#39;sep_sha1&#39;: None, u&#39;sep_md5&#39;: None</span>
-<span class="sd">                   },</span>
-<span class="sd">         &#39;metrics&#39;: {&#39;package&#39;: &#39;fn-sep&#39;, &#39;timestamp&#39;: &#39;2019-05-14 14:46:08&#39;, &#39;package_version&#39;: &#39;1.0.0&#39;,</span>
-<span class="sd">                    &#39;host&#39;: &#39;myhost&#39;, &#39;version&#39;: &#39;1.0&#39;, &#39;execution_time_ms&#39;: 1226</span>
-<span class="sd">                   }, &#39;success&#39;: True,</span>
-<span class="sd">         &#39;content&#39;: {u&#39;commandID&#39;: u&#39;1BFD8C9B3FD74FF4A2490FFE63314E7A&#39;},</span>
-<span class="sd">         &#39;raw&#39;: &#39;{&quot;commandID&quot;: &quot;1BFD8C9B3FD74FF4A2490FFE63314E7A&quot;}&#39;,</span>
-<span class="sd">         &#39;reason&#39;: None,</span>
-<span class="sd">         &#39;version&#39;: &#39;1.0&#39;</span>
-<span class="sd">}</span>
-
-<span class="sd">&quot;&quot;&quot;</span>
-<span class="c1">#  Globals</span>
-<span class="c1"># List of fields in datatable fn_sep_get_command_status script</span>
-<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;commandID&quot;</span><span class="p">]</span>
-<span class="n">fn_name</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_upload_file_to_sepm&quot;</span>
-<span class="n">wf_name</span> <span class="o">=</span> <span class="s2">&quot;Upload file to SEPM server&quot;</span>
-<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span>
-<span class="n">inputs</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">inputs</span>
-<span class="c1"># Processing</span>
-
-<span class="k">if</span> <span class="n">content</span>  <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
-    <span class="n">noteText</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: Command excuted with id  &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for artifact with &quot;</span> \
-               <span class="s2">&quot;type &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; and value &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; from source &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt; for Resilient function &lt;b&gt;</span><span class="si">{5}</span><span class="s2">&lt;/b&gt;&quot;</span>\
-        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">content</span><span class="p">[</span><span class="s2">&quot;commandID&quot;</span><span class="p">],</span> <span class="n">row</span><span class="o">.</span><span class="n">artifact_type</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">artifact_value</span><span class="p">,</span> <span class="n">inputs</span><span class="p">[</span><span class="s2">&quot;sep_source&quot;</span><span class="p">],</span> <span class="n">fn_name</span><span class="p">)</span>
-    <span class="n">row</span><span class="o">.</span><span class="n">upload_commandid</span> <span class="o">=</span> <span class="n">content</span><span class="p">[</span><span class="s2">&quot;commandID&quot;</span><span class="p">]</span>
-
-<span class="k">else</span><span class="p">:</span>
-    <span class="n">noteText</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration: Workflow &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;: There was &lt;b&gt;no&lt;/b&gt; results returned for Resilient &quot;</span> \
-                <span class="s2">&quot;function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">fn_name</span><span class="p">)</span>
-
-<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">noteText</span><span class="p">))</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_computer_ids": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-computers"><span class="xref myst">Function - SEP - Get Computers</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">uniqueId</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;uniqueId</span></code>.</p>
-</p>
-</details>
-</section>
-<hr class="docutils" />
-<section id="function-sep-cancel-a-command">
-<h2>Function - SEP: Cancel a Command<a class="headerlink" href="#function-sep-cancel-a-command" title="Link to this heading">¶</a></h2>
-<p>Cancels an existing command by creating a new cancel command for clients for which the command is still pending.</p>
-<details><summary>Inputs:</summary>
-<p>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head"><p>Name</p></th>
-<th class="head text-center"><p>Type</p></th>
-<th class="head text-center"><p>Required</p></th>
-<th class="head"><p>Example</p></th>
-<th class="head"><p>Tooltip</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_command_id</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>Yes</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The command ID for which details are needed.</p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</p>
-</details>
-<details><summary>Outputs:</summary>
-<p>
-<blockquote>
-<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
-</div></blockquote>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-     <span class="s2">&quot;commandID&quot;</span><span class="p">:</span><span class="s2">&quot;8D77EE017C204AFEA4A10B682F15DBAE&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_command_id&quot;</span><span class="p">:</span> <span class="s2">&quot;E1B09D9873174FD49CC622037C5F4AE4&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-     <span class="s2">&quot;version&quot;</span><span class="p">:</span><span class="s2">&quot;1.0&quot;</span><span class="p">,</span>
-     <span class="s2">&quot;package&quot;</span><span class="p">:</span><span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-     <span class="s2">&quot;package_version&quot;</span><span class="p">:</span><span class="s2">&quot;1.0.2&quot;</span><span class="p">,</span>
-     <span class="s2">&quot;host&quot;</span><span class="p">:</span><span class="s2">&quot;host&quot;</span><span class="p">,</span>
-     <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span><span class="mi">2106</span><span class="p">,</span>
-     <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span><span class="s2">&quot;2023-01-18 19:34:42&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;None&quot;</span><span class="p">,</span>
-  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="s2">&quot;None&quot;</span><span class="p">,</span>
-  <span class="s2">&quot;success&quot;</span><span class="p">:</span><span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_command_id": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_command_id</span></code> field can be refered from <a class="reference internal" href="#function---sep---scan-endpoints"><span class="xref myst">Function - SEP - Scan Endpoints</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">commandID_group/commandID_computer</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;commandID_group/commandID_computer</span></code>.</p>
-</p>
-</details>
-</section>
-<hr class="docutils" />
-<section id="function-sep-get-critical-events-info">
-<h2>Function - SEP: Get Critical Events Info<a class="headerlink" href="#function-sep-get-critical-events-info" title="Link to this heading">¶</a></h2>
-<p>Gets information related to critical events. ‘results_limit’ is not currently used for this function.</p>
-<details><summary>Inputs:</summary>
-<p>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head"><p>Name</p></th>
-<th class="head text-center"><p>Type</p></th>
-<th class="head text-center"><p>Required</p></th>
-<th class="head"><p>Example</p></th>
-<th class="head"><p>Tooltip</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_results_limit</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
-<td class="text-center"><p>No</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">5</span></code></p></td>
-<td><p>The maximum number of records to be returned. Page size must be between 1 and 10000</p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</p>
-</details>
-<details><summary>Outputs:</summary>
-<p>
-<blockquote>
-<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
-</div></blockquote>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;criticalEventsInfoList&quot;</span><span class="p">:</span> <span class="p">[</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;To enhance security, Symantec recommends that you should require the users in this client group to use passwords in the following situations: opening, stopping, or uninstalling the client, or importing the Sylink file. You should assign a password to the following client groups.</span><span class="se">\u003c</span><span class="s2">br/</span><span class="se">\u003e\u003c</span><span class="s2">br/</span><span class="se">\u003e</span><span class="s2">Default: My Company</span><span class="se">\u003c</span><span class="s2">br/</span><span class="se">\u003e\u003c</span><span class="s2">br/</span><span class="se">\u003e\u003c</span><span class="s2">br/</span><span class="se">\u003e</span><span class="s2">For information on how to enable password protection on the client, see: </span><span class="se">\u003c</span><span class="s2">a href=</span><span class="se">\&quot;</span><span class="s2">https://techdocs.broadcom.com/bin/gethidpage.html?ux-context-string=sesm_computersnusers_policies_password_setting</span><span class="se">\u0026</span><span class="s2">appid=SEP</span><span class="se">\u0026</span><span class="s2">language=en</span><span class="se">\u0026</span><span class="s2">format=rendered</span><span class="se">\&quot;</span><span class="s2"> class=</span><span class="se">\&quot;</span><span class="s2">bluelink</span><span class="se">\&quot;</span><span class="s2"> target=</span><span class="se">\&quot;</span><span class="s2">_blank</span><span class="se">\&quot;</span><span class="s2"> rel=</span><span class="se">\&quot;</span><span class="s2">noopener</span><span class="se">\&quot;\u003e</span><span class="s2">Password-protecting the Symantec Endpoint Protection client</span><span class="se">\u003c</span><span class="s2">/a</span><span class="se">\u003e</span><span class="s2">&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Some Symantec Endpoint Protection groups have not been assigned a password.&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 11, 2022 4:11:03 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Your Symantec Endpoint Protection Trial license expires in 60 days. To continue to receive virus definitions and product updates, contact your </span><span class="se">\u0026</span><span class="s2">lt;a class=</span><span class="se">\u0026</span><span class="s2">quot;bluelink</span><span class="se">\u0026</span><span class="s2">quot; onclick=</span><span class="se">\u0026</span><span class="s2">quot;createWindowFromURL(</span><span class="se">\u0026</span><span class="s2">#039;../util/universal-redirect.php?WhereWeWant=https://ced.broadcom.com/sep/14/partnerlocator</span><span class="se">\u0026</span><span class="s2">#039;, </span><span class="se">\u0026</span><span class="s2">#039;_blank</span><span class="se">\u0026</span><span class="s2">#039;, </span><span class="se">\u0026</span><span class="s2">#039;scrollbars=yes,width=800, height=650, resizable=yes, screenX=100, screenY=100</span><span class="se">\u0026</span><span class="s2">#039;);</span><span class="se">\u0026</span><span class="s2">quot; href=</span><span class="se">\u0026</span><span class="s2">quot;#</span><span class="se">\u0026</span><span class="s2">quot; </span><span class="se">\u0026</span><span class="s2">gt;preferred reseller</span><span class="se">\u0026</span><span class="s2">lt;/a</span><span class="se">\u0026</span><span class="s2">gt;.</span><span class="se">\u0026</span><span class="s2">lt;br</span><span class="se">\u0026</span><span class="s2">gt;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Information: Symantec Trial license Expires In 60 Days&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Dec 11, 2022 4:19:17 PM UTC</span><span class="se">\t</span><span class="s2">Server: EC2AAA-1A0AAAA</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Agent for Linux 14.3 RU5 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Dec 11, 2022 4:20:22 PM UTC</span><span class="se">\t</span><span class="s2">Server: EC2AAA-1A0AAAA</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU3 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Dec 11, 2022 4:21:28 PM UTC</span><span class="se">\t</span><span class="s2">Server: EC2AAA-1A0AAAA</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU5 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Dec 11, 2022 4:21:31 PM UTC</span><span class="se">\t</span><span class="s2">Server: EC2AAA-1A0AAAA</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Agent for Linux 14.3 RU4 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 12, 2022 7:37:15 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Number of clients changed: 1.  Changes could be that a client was added, renamed, or deleted, Unmanaged Detector status changed, client mode changed, or the hardware changed.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Informational: Symantec Endpoint Protection Computer List Changed&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 13, 2022 7:42:58 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 14, 2022 4:32:24 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Date: Dec 14, 2022 4:37:47 AM UTC</span><span class="se">\t</span><span class="s2">Server: EC2AAA-1A0AAAA</span><span class="se">\n</span><span class="s2">Download: Successfully downloaded the Symantec Endpoint Protection Mac 14.3 RU6 package from LiveUpdate. This package is now available for deployment.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;New software package available&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 15, 2022 4:32:27 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 16, 2022 4:32:29 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 19, 2022 4:32:29 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 13, 2022 5:42:55 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 14, 2022 2:32:21 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 15, 2022 2:32:20 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 16, 2022 2:32:30 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 19, 2022 2:32:31 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 20, 2022 4:32:25 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 20, 2022 2:32:25 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 21, 2022 4:32:21 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 21, 2022 2:32:21 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 22, 2022 4:32:23 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 23, 2022 4:32:20 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 26, 2022 4:32:25 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 27, 2022 4:32:27 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 28, 2022 4:32:27 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 29, 2022 4:32:25 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 22, 2022 2:32:23 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 23, 2022 2:32:20 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 26, 2022 2:32:24 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 27, 2022 2:33:26 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 28, 2022 2:32:27 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 29, 2022 2:32:26 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 30, 2022 4:32:24 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Dec 30, 2022 2:32:22 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 2, 2023 4:32:25 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 2, 2023 2:32:21 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 3, 2023 4:32:24 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 3, 2023 2:32:22 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 4, 2023 4:32:26 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 4, 2023 2:32:25 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 5, 2023 4:32:27 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 5, 2023 2:32:26 PM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;acknowledged&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-        <span class="s2">&quot;eventDateTime&quot;</span><span class="p">:</span> <span class="s2">&quot;eventDateTime&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;eventId&quot;</span><span class="p">:</span> <span class="s2">&quot;eventId&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;message&quot;</span><span class="p">:</span> <span class="s2">&quot;Server EC2AAA-1A0AAAA health status: poor. </span><span class="se">\n</span><span class="s2">Reason: The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed. </span><span class="se">\n</span><span class="s2">Status reported on Jan 6, 2023 4:32:24 AM.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;subject&quot;</span><span class="p">:</span> <span class="s2">&quot;Server Health Alert&quot;</span>
-      <span class="p">}</span>
-    <span class="p">],</span>
-    <span class="s2">&quot;lastUpdated&quot;</span><span class="p">:</span> <span class="mi">1672986455971</span><span class="p">,</span>
-    <span class="s2">&quot;totalUnacknowledgedMessages&quot;</span><span class="p">:</span> <span class="mi">47</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{},</span>
-  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2281</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-06 06:27:36&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</p>
-</details>
-</section>
-<hr class="docutils" />
-<section id="function-sep-get-exceptions-policy">
-<h2>Function - SEP: Get Exceptions Policy<a class="headerlink" href="#function-sep-get-exceptions-policy" title="Link to this heading">¶</a></h2>
-<p>Get the exceptions policy for specified policy id.</p>
-<details><summary>Inputs:</summary>
-<p>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head"><p>Name</p></th>
-<th class="head text-center"><p>Type</p></th>
-<th class="head text-center"><p>Required</p></th>
-<th class="head"><p>Example</p></th>
-<th class="head"><p>Tooltip</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_exceptions_id</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>Yes</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The ID of the exceptions policy to get. See the Policy Summary function which returns policy IDs.</p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</p>
-</details>
-<details><summary>Outputs:</summary>
-<p>
-<blockquote>
-<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
-</div></blockquote>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
-  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;configuration&quot;</span><span class="p">:</span> <span class="p">{</span>
-      <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;applications_to_monitor&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;blacklistrules&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;certificates&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;directories&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;dns_and_host_applications&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;dns_and_host_blacklistrules&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;extension_list&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-      <span class="s2">&quot;files&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;knownrisks&quot;</span><span class="p">:</span> <span class="p">[</span>
-        <span class="p">{</span>
-          <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;IGNORE&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;rulestate&quot;</span><span class="p">:</span> <span class="p">{</span>
-            <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span>
-          <span class="p">},</span>
-          <span class="s2">&quot;threat&quot;</span><span class="p">:</span> <span class="p">{</span>
-            <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;name&quot;</span>
-          <span class="p">}</span>
-        <span class="p">},</span>
-        <span class="p">{</span>
-          <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;IGNORE&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;rulestate&quot;</span><span class="p">:</span> <span class="p">{</span>
-            <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span>
-          <span class="p">},</span>
-          <span class="s2">&quot;threat&quot;</span><span class="p">:</span> <span class="p">{</span>
-            <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;name&quot;</span>
-          <span class="p">}</span>
-        <span class="p">},</span>
-        <span class="p">{</span>
-          <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;IGNORE&quot;</span><span class="p">,</span>
-          <span class="s2">&quot;rulestate&quot;</span><span class="p">:</span> <span class="p">{</span>
-            <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span>
-          <span class="p">},</span>
-          <span class="s2">&quot;threat&quot;</span><span class="p">:</span> <span class="p">{</span>
-            <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;name&quot;</span>
-          <span class="p">}</span>
-        <span class="p">}</span>
-      <span class="p">],</span>
-      <span class="s2">&quot;linux&quot;</span><span class="p">:</span> <span class="p">{</span>
-        <span class="s2">&quot;directories&quot;</span><span class="p">:</span> <span class="p">[],</span>
-        <span class="s2">&quot;extension_list&quot;</span><span class="p">:</span> <span class="n">null</span>
-      <span class="p">},</span>
-      <span class="s2">&quot;mac&quot;</span><span class="p">:</span> <span class="p">{</span>
-        <span class="s2">&quot;files&quot;</span><span class="p">:</span> <span class="p">[]</span>
-      <span class="p">},</span>
-      <span class="s2">&quot;non_pe_rules&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;tamper_files&quot;</span><span class="p">:</span> <span class="p">[],</span>
-      <span class="s2">&quot;webdomains&quot;</span><span class="p">:</span> <span class="p">[]</span>
-    <span class="p">},</span>
-    <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;test&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-    <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1671002049331</span><span class="p">,</span>
-    <span class="s2">&quot;lockedoptions&quot;</span><span class="p">:</span> <span class="p">{</span>
-      <span class="s2">&quot;application&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-      <span class="s2">&quot;certificate&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-      <span class="s2">&quot;dnshostfile&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-      <span class="s2">&quot;domain&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-      <span class="s2">&quot;extension&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-      <span class="s2">&quot;file&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-      <span class="s2">&quot;knownrisk&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-      <span class="s2">&quot;securityrisk&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-      <span class="s2">&quot;sonar&quot;</span><span class="p">:</span> <span class="n">false</span>
-    <span class="p">},</span>
-    <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;name&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[]</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_exceptions_id&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_exceptions_id&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2262</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-05 10:28:10&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
-  <span class="p">},</span>
-  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
-<span class="p">}</span>
-</pre></div>
-</div>
-</p>
-</details>
-<details><summary>Steps to Fetch "sep_exceptions_id": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_exceptions_id</span></code> field can be refered from <a class="reference internal" href="#function---sep-get-policy-summary"><span class="xref myst">Function - SEP: Get Policy Summary</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;id</span></code> where <code class="docutils literal notranslate"><span class="pre">&quot;name&quot;:</span> <span class="pre">&quot;Exceptions</span> <span class="pre">policy&quot;</span></code>.</p>
-</p>
-</details>
-</section>
-<hr class="docutils" />
-<section id="function-sep-get-firewall-policy">
-<h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep-get-firewall-policy" title="Link to this heading">¶</a></h2>
-<p>Get the firewall policy for specified policy id.</p>
-<details><summary>Inputs:</summary>
-<p>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head"><p>Name</p></th>
-<th class="head text-center"><p>Type</p></th>
-<th class="head text-center"><p>Required</p></th>
-<th class="head"><p>Example</p></th>
-<th class="head"><p>Tooltip</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_firewall_id</span></code></p></td>
-<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td class="text-center"><p>Yes</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-<td><p>The ID of the firewall policy to get. See the Policy Summary function which returns policy IDs.</p></td>
+<td><p>The ID of the firewall policy to get.</p></td>
 </tr>
 </tbody>
 </table>
@@ -3956,7 +2598,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4015,43 +2657,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">}</span>
@@ -4065,7 +2707,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;69FF496F092E5BB94E898D1E4D224D28&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -4074,7 +2716,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4140,7 +2782,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;0F37D0BB092E5BB90B7A03EDE1B3DB2C&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4149,7 +2791,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4186,7 +2828,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;98E6DD8D092E5BB94F3948010B0EEAC9&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4195,7 +2837,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4220,43 +2862,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
             <span class="p">}</span>
@@ -4270,7 +2912,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;0E2B7C47092E5BB97B9071E9F20B71B5&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -4279,7 +2921,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4311,7 +2953,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;0BC3E9F0092E5BB9669E0FD237C8578E&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4320,7 +2962,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4369,43 +3011,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">}</span>
@@ -4419,7 +3061,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;A6037EFE092E5BB936343F3A4F976490&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -4428,7 +3070,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4484,7 +3126,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;D0B6ED57092E5BB92AD7E416CEC5B38E&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4493,7 +3135,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4518,43 +3160,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">}</span>
@@ -4568,7 +3210,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;E232F5CA092E5BB9101039267C0E0589&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -4577,7 +3219,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4602,8 +3244,8 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;255.255.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;0.0.0.1&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">}</span>
@@ -4617,7 +3259,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;F39698A8092E5BB9465A33C08E4E132B&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4626,7 +3268,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4658,7 +3300,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;989BB854092E5BB93FABBA6EDC80EC8E&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4667,7 +3309,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4692,43 +3334,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">}</span>
@@ -4742,7 +3384,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;EAD641B3092E5BB932821F06F1DF3BC0&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -4751,7 +3393,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4783,7 +3425,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;D2A71E10092E5BB9148778DE794E7D5B&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4792,7 +3434,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4817,43 +3459,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
             <span class="p">}</span>
@@ -4867,7 +3509,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;7D3F9127092E5BB9266A3276D4C51F7F&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -4876,7 +3518,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4908,7 +3550,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;39230892092E5BB957AF518273836C33&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4917,7 +3559,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -4965,7 +3607,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;73E8BCB4092E5BB938013D7530FA8804&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -4974,7 +3616,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="p">[</span>
@@ -4995,7 +3637,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;E30F6208092E5BB96C448A07BA9C4A95&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -5004,7 +3646,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5023,7 +3665,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">6</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- PPTP&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;C8013082092E5BB93CFA886C25C48A04&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5049,7 +3691,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- PPTP&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;C8013082092E5BB93CFA886C25C48A04&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5060,7 +3702,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">50</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- PPTP&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;C8013082092E5BB93CFA886C25C48A04&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5081,7 +3723,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">6</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Check Point&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;FF34EE4A092E5BB92609F4E71C39D814&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5112,7 +3754,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">6</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Check Point&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;FF34EE4A092E5BB92609F4E71C39D814&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5133,7 +3775,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Check Point&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;FF34EE4A092E5BB92609F4E71C39D814&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5159,7 +3801,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Check Point&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;FF34EE4A092E5BB92609F4E71C39D814&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5169,7 +3811,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">50</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Check Point&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;FF34EE4A092E5BB92609F4E71C39D814&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5179,7 +3821,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Check Point&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;FF34EE4A092E5BB92609F4E71C39D814&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5200,7 +3842,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- NetScreen&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;5D7E9B38092E5BB968DCBE0FDFE2A339&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5210,7 +3852,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">50</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- NetScreen&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;5D7E9B38092E5BB968DCBE0FDFE2A339&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5231,7 +3873,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Cisco 5000&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;50F33FE0092E5BB95DA9DB7BFD3A2E41&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5241,7 +3883,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">50</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Cisco 5000&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;50F33FE0092E5BB95DA9DB7BFD3A2E41&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5267,7 +3909,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Cisco 3000&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;EF3159B9092E5BB94CDFCE3DB8806921&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5277,7 +3919,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">50</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Cisco 3000&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;EF3159B9092E5BB94CDFCE3DB8806921&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5293,7 +3935,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">6</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Nortel&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;B8C0FD37092E5BB96C6760F6E662A23D&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5314,7 +3956,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">6</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Nortel&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;B8C0FD37092E5BB96C6760F6E662A23D&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5335,7 +3977,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Nortel&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;B8C0FD37092E5BB96C6760F6E662A23D&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5345,7 +3987,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">50</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Nortel&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;B8C0FD37092E5BB96C6760F6E662A23D&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5366,7 +4008,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">6</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Aventail&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;5A6BBF37092E5BB924BD0656C5EDC154&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5376,7 +4018,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">50</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Aventail&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;5A6BBF37092E5BB924BD0656C5EDC154&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5391,7 +4033,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;ADB2292C092E5BB93065667F4A40BFF9&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -5400,7 +4042,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5423,7 +4065,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;E7E47214092E5BB92AB2B3A0E2776740&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -5432,7 +4074,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5458,7 +4100,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;E764F25C092E5BB90FF2A93E70D04A8C&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -5467,7 +4109,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5513,7 +4155,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;65AFBD1C092E5BB9643C123950557886&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -5522,7 +4164,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5536,8 +4178,8 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;239.255.255.255&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;224.0.0.0&quot;</span>
               <span class="p">},</span>
               <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;LOCAL&quot;</span>
             <span class="p">}</span>
@@ -5551,7 +4193,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;6A35F99F092E5BB95DDD5B2960C09319&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -5560,7 +4202,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5583,7 +4225,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;0B2AE82F092E5BB978629101355BF16B&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -5592,7 +4234,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5609,7 +4251,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;604C4BAA092E5BB9343DAC446707079F&quot;</span>
         <span class="p">}</span>
       <span class="p">],</span>
       <span class="s2">&quot;dos&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
@@ -5627,7 +4269,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5650,7 +4292,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;AF6C0B7F092E5BB90F1F6AAAA6A9091C&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -5659,7 +4301,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5691,7 +4333,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;93B197B4092E5BB97B99073C27A4A7FB&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -5700,7 +4342,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5726,7 +4368,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;C15FF9A5092E5BB903C0D2ECA39FB09D&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -5735,7 +4377,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5808,7 +4450,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;3FA24409092E5BB9047C4962ECE67CBF&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -5817,7 +4459,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5851,7 +4493,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">6</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;SNMP Management&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;CE856BE3092E5BB95C42D34F3BD620DD&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5882,7 +4524,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;SNMP Management&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;CE856BE3092E5BB95C42D34F3BD620DD&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5913,7 +4555,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">6</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;SNMP Client&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;EF333F34092E5BB96FBAC8682039FA34&quot;</span>
             <span class="p">},</span>
             <span class="p">{</span>
               <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -5944,7 +4586,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                 <span class="mi">17</span>
               <span class="p">],</span>
               <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;SNMP Client&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+              <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;EF333F34092E5BB96FBAC8682039FA34&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5959,7 +4601,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;06DBD8D4092E5BB95C50F9F0BD7C1EBD&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -5968,7 +4610,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -5991,7 +4633,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;033A04EE092E5BB9145E670ACDEA46E7&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6000,7 +4642,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -6023,7 +4665,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;D6C2BB7E092E5BB9439171F2482999EF&quot;</span>
         <span class="p">},</span>
         <span class="p">{</span>
           <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6032,7 +4674,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
               <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;All Adapters&quot;</span><span class="p">,</span>
               <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
-              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;88FCC040092E5BB930FDDC8EEE3946B6&quot;</span>
             <span class="p">}</span>
           <span class="p">],</span>
           <span class="s2">&quot;applications&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -6055,7 +4697,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
           <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
           <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
           <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;0EBEEDC5092E5BB94D53BF4F111AC78C&quot;</span>
         <span class="p">}</span>
       <span class="p">],</span>
       <span class="s2">&quot;hide_os&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
@@ -6167,43 +4809,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">}</span>
@@ -6217,7 +4859,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;53DACF1E092E5BB90D7BE4F2910F0F6A&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -6318,7 +4960,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;77A01134092E5BB97F7828DF8D14642D&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6357,7 +4999,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;9507DAE4092E5BB9147007D3306BB8DC&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6384,43 +5026,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;SRC&quot;</span>
               <span class="p">}</span>
@@ -6434,7 +5076,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;294E17C9092E5BB92AAFDCFC6AF01270&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -6468,7 +5110,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;05942D1E092E5BB96DD96AA5199D35BC&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6495,43 +5137,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">}</span>
@@ -6545,7 +5187,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;F829FB4A092E5BB92B1F80E5388C0870&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -6579,7 +5221,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;DF25F540092E5BB962A1555998460F41&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6629,7 +5271,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;19B6E398092E5BB96A30E07E951FE96B&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6655,7 +5297,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">17</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- NetScreen&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;5D7E9B38092E5BB968DCBE0FDFE2A339&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6665,7 +5307,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">50</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- NetScreen&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;5D7E9B38092E5BB968DCBE0FDFE2A339&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6686,7 +5328,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">17</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Cisco 5000&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;50F33FE0092E5BB95DA9DB7BFD3A2E41&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6696,7 +5338,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">50</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Cisco 5000&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;50F33FE0092E5BB95DA9DB7BFD3A2E41&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6722,7 +5364,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">17</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Cisco 3000&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;EF3159B9092E5BB94CDFCE3DB8806921&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6732,7 +5374,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">50</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- Cisco 3000&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;EF3159B9092E5BB94CDFCE3DB8806921&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6748,7 +5390,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">6</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- OS X&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;7889F07C092E5BB96A66B39A1E88630C&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6764,7 +5406,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">6</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- OS X&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;7889F07C092E5BB96A66B39A1E88630C&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6790,7 +5432,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">17</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- OS X&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;7889F07C092E5BB96A66B39A1E88630C&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;direction_id&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
@@ -6816,7 +5458,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
                   <span class="mi">17</span>
                 <span class="p">],</span>
                 <span class="s2">&quot;svc_name&quot;</span><span class="p">:</span> <span class="s2">&quot;VPN --- OS X&quot;</span><span class="p">,</span>
-                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;svc_uid&quot;</span>
+                <span class="s2">&quot;svc_uid&quot;</span><span class="p">:</span> <span class="s2">&quot;7889F07C092E5BB96A66B39A1E88630C&quot;</span>
               <span class="p">}</span>
             <span class="p">],</span>
             <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -6831,7 +5473,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;16357E1D092E5BB95B84BECA70D06182&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6859,7 +5501,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;C0AFE420092E5BB91A59800472B588D8&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6917,7 +5559,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;8A7C6BF0092E5BB97C19F9DF273312A7&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -6933,8 +5575,8 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;239.255.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;224.0.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;LOCAL&quot;</span>
               <span class="p">}</span>
@@ -6948,7 +5590,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;884D30DA092E5BB930DC6EBC4A3E9B5B&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -6982,7 +5624,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;5D857B08092E5BB9744D3BD774298986&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7030,7 +5672,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;711DC180092E5BB959A6ACFC5861CEAB&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7064,7 +5706,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;63475044092E5BB970FE9EACAB21EFB1&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7098,7 +5740,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;109E0CD9092E5BB9566624F7E9BF266F&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7125,43 +5767,43 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;10.255.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;10.0.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;172.31.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;172.16.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;192.168.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;169.254.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fc00::0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">},</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;fe80::0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;REMOTE&quot;</span>
               <span class="p">}</span>
@@ -7175,7 +5817,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;2F96536A092E5BB900FBB64BA54B9C2B&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7223,7 +5865,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;E3F78964092E5BB92FE6B57EC76E8C07&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -7248,7 +5890,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;45488FD5092E5BB9045BBC3330D499EA&quot;</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;dos&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
@@ -7291,7 +5933,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;A7132944092E5BB91799542349877DC4&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7366,7 +6008,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;438C14D8092E5BB93B8797FC3D2836C4&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7393,8 +6035,8 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;hosts&quot;</span><span class="p">:</span> <span class="p">[</span>
               <span class="p">{</span>
                 <span class="s2">&quot;ip_range&quot;</span><span class="p">:</span> <span class="p">{</span>
-                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_end&quot;</span><span class="p">,</span>
-                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;ip_start&quot;</span>
+                  <span class="s2">&quot;ip_end&quot;</span><span class="p">:</span> <span class="s2">&quot;239.255.255.255&quot;</span><span class="p">,</span>
+                  <span class="s2">&quot;ip_start&quot;</span><span class="p">:</span> <span class="s2">&quot;224.0.0.0&quot;</span>
                 <span class="p">},</span>
                 <span class="s2">&quot;location&quot;</span><span class="p">:</span> <span class="s2">&quot;DST&quot;</span>
               <span class="p">},</span>
@@ -7412,7 +6054,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;AB6FDFDC092E5BB9493E327E03CFE785&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;BLOCK&quot;</span><span class="p">,</span>
@@ -7446,7 +6088,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;6EBCC33E092E5BB968E1C4FF9C750796&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7494,7 +6136,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;7212F8B4092E5BB9415DE41EB43D4459&quot;</span>
           <span class="p">},</span>
           <span class="p">{</span>
             <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOW&quot;</span><span class="p">,</span>
@@ -7528,7 +6170,7 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
             <span class="s2">&quot;screen_saver&quot;</span><span class="p">:</span> <span class="s2">&quot;ANY&quot;</span><span class="p">,</span>
             <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
             <span class="s2">&quot;time_slots&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;uid&quot;</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;94238995092E5BB9278B654265950A7E&quot;</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;ignore_parent_rules&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -7557,21 +6199,171 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
       <span class="s2">&quot;windows_firewall&quot;</span><span class="p">:</span> <span class="s2">&quot;DISABLE_ONCE&quot;</span><span class="p">,</span>
       <span class="s2">&quot;windows_firewall_notification&quot;</span><span class="p">:</span> <span class="n">false</span>
     <span class="p">},</span>
-    <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Test Firewall&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
     <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-    <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1671002675007</span><span class="p">,</span>
-    <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test Firewall&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684497</span><span class="p">,</span>
+    <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Firewall policy&quot;</span><span class="p">,</span>
     <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="n">null</span>
   <span class="p">},</span>
   <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;sep_firewall_id&quot;</span><span class="p">:</span> <span class="s2">&quot;sep_firewall_id&quot;</span>
+    <span class="s2">&quot;sep_firewall_id&quot;</span><span class="p">:</span> <span class="s2">&quot;7231E523092E5BB93F329A371754A877&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">3004</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1791</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-05 10:28:02&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-10 10:46:04&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_firewall_id</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_firewall_id</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">json</span> <span class="kn">import</span> <span class="n">dumps</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_firewall_policy_results</span>
+
+<span class="k">if</span> <span class="ow">not</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;SEP Firewall Policy </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_firewall_id</span><span class="si">}</span><span class="s2"> error. Reason: </span><span class="si">{</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;SEP Firewall Policy: </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_firewall_id</span><span class="si">}</span><span class="se">\n\n</span><span class="si">{</span><span class="n">dumps</span><span class="p">(</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;content&#39;</span><span class="p">),</span><span class="w"> </span><span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sep-get-groups">
+<h2>Function - SEP - Get Groups<a class="headerlink" href="#function-sep-get-groups" title="Link to this heading">¶</a></h2>
+<p>Get properties of all groups in a domain.</p>
+<p><img alt="screenshot: fn-sep---get-groups " src="fn_sep/doc/screenshots/fn-sep---get-groups.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_domain</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SEPM domain.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fullpathname</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The full path name of the group.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_mode</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The presentation mode for the results, as a list (default) or as a tree.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_order</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Specifies whether the results are in ascending order (ASC) or descending order (DESC).</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_pageindex</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The index page that is used for the returned results. The default page index is 1.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_pagesize</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The number of results to include on each page. The default is 20.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sort</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The column by which the results are sorted. Possible values are COMPUTER_NAME (Default value), COMPUTER_ID, COMPUTER_DOMAIN_NAME, or DOMAIN_ID.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="mi">1719408628197</span><span class="p">,</span>
+        <span class="s2">&quot;createdBy&quot;</span><span class="p">:</span> <span class="s2">&quot;AF3C39A10A320801000000DBF200C60A                                                                                                &quot;</span><span class="p">,</span>
+        <span class="s2">&quot;customIpsNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domain&quot;</span><span class="p">:</span> <span class="p">{</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="n">null</span>
+        <span class="p">},</span>
+        <span class="s2">&quot;fullPathName&quot;</span><span class="p">:</span> <span class="s2">&quot;My Company</span><span class="se">\\</span><span class="s2">Default Group&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;23899461092E5BB937223FCF3A0605E3&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastModified&quot;</span><span class="p">:</span> <span class="mi">1719408628197</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Default Group&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;numberOfPhysicalComputers&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+        <span class="s2">&quot;numberOfRegisteredUsers&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+        <span class="s2">&quot;policyDate&quot;</span><span class="p">:</span> <span class="mi">1720506552652</span><span class="p">,</span>
+        <span class="s2">&quot;policyInheritanceEnabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+        <span class="s2">&quot;policySerialNumber&quot;</span><span class="p">:</span> <span class="s2">&quot;2389-07/09/2024 06:29:12 652&quot;</span>
+      <span class="p">}</span>
+    <span class="p">],</span>
+    <span class="s2">&quot;firstPage&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+    <span class="s2">&quot;lastPage&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+    <span class="s2">&quot;number&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+    <span class="s2">&quot;numberOfElements&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+    <span class="s2">&quot;size&quot;</span><span class="p">:</span> <span class="mi">25</span><span class="p">,</span>
+    <span class="s2">&quot;sort&quot;</span><span class="p">:</span> <span class="p">[</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;ascending&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+        <span class="s2">&quot;direction&quot;</span><span class="p">:</span> <span class="s2">&quot;ASC&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;property&quot;</span><span class="p">:</span> <span class="s2">&quot;NAME&quot;</span>
+      <span class="p">}</span>
+    <span class="p">],</span>
+    <span class="s2">&quot;totalElements&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+    <span class="s2">&quot;totalPages&quot;</span><span class="p">:</span> <span class="mi">1</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_domain&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_fullpathname&quot;</span><span class="p">:</span> <span class="s2">&quot;My Company</span><span class="se">\\</span><span class="s2">Default Group&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1180</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-18 10:48:52&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -7583,17 +6375,66 @@ <h2>Function - SEP: Get Firewall Policy<a class="headerlink" href="#function-sep
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_firewall_id": </summary>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">domain_content</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_domains_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">[])</span>
+
+<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">domain_content</span><span class="p">)):</span>
+  <span class="k">if</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;name&quot;</span><span class="p">]</span> <span class="o">==</span>  <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
+    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain</span> <span class="o">=</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">][</span><span class="s2">&quot;id&quot;</span><span class="p">]</span>
+    <span class="k">break</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_firewall_id</span></code> field can be refered from <a class="reference internal" href="#function---sep-get-policy-summary"><span class="xref myst">Function - SEP: Get Policy Summary</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;content--&gt;id</span></code> where <code class="docutils literal notranslate"><span class="pre">&quot;name&quot;:</span> <span class="pre">&quot;Firewall</span> <span class="pre">policy&quot;</span></code>.</p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_get_groups script ##</span>
+<span class="c1"># Globals</span>
+<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_symc_sep_get_groups&quot;</span>
+<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Get Groups information&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_groups_results</span>
+<span class="n">C_OUTER</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
+<span class="n">DOMAIN_NAME</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_name</span>
+
+<span class="c1"># Processing</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="k">if</span> <span class="n">C_OUTER</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There were &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; results returned for domain &quot;</span> \
+              <span class="s2">&quot;&lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;numberOfElements&quot;</span><span class="p">),</span> <span class="n">DOMAIN_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+  <span class="n">groups</span> <span class="o">=</span> <span class="n">C_OUTER</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">)</span>
+  <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">groups</span><span class="p">)):</span>
+    <span class="n">newrow</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;sep_groups&quot;</span><span class="p">)</span>
+    <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;query_execution_date&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">QUERY_EXECUTION_DATE</span>
+    <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;group_name&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;name&quot;</span><span class="p">)</span>
+    <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;group_id&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
+    <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;group_description&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;description&quot;</span><span class="p">)</span>
+    <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;fullPathName&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;fullPathName&quot;</span><span class="p">)</span>
+    <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;numberOfPhysicalComputers&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;numberOfPhysicalComputers&quot;</span><span class="p">)</span>
+    <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;policyInheritanceEnabled&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;policyInheritanceEnabled&quot;</span><span class="p">)</span>
+
+    <span class="n">domain</span> <span class="o">=</span> <span class="n">groups</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;domain&quot;</span><span class="p">)</span>
+    <span class="k">if</span> <span class="n">domain</span><span class="p">:</span>
+      <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;domain_name&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">domain</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;name&quot;</span><span class="p">)</span>
+      <span class="n">newrow</span><span class="p">[</span><span class="s2">&quot;domain_id&quot;</span><span class="p">]</span> <span class="o">=</span> <span class="n">domain</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
+
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There were &lt;b&gt;no&lt;/b&gt; results returned for domain &quot;</span> \
+               <span class="s2">&quot;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;for SOAR function &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">DOMAIN_NAME</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+</pre></div>
+</div>
 </p>
 </details>
 </section>
 <hr class="docutils" />
 <section id="function-sep-get-policy-summary">
-<h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-get-policy-summary" title="Link to this heading">¶</a></h2>
-<p>Get the policy summary for specified policy type. Also gets the list of groups to which the policies are assigned.</p>
+<h2>Function - SEP - Get Policy Summary<a class="headerlink" href="#function-sep-get-policy-summary" title="Link to this heading">¶</a></h2>
+<p>Get the summary information for policies within a specific Domain. Also gets the list of groups to which the policies are assigned.</p>
+<p><img alt="screenshot: fn-sep---get-policy-summary " src="fn_sep/doc/screenshots/fn-sep---get-policy-summary.png" /></p>
 <details><summary>Inputs:</summary>
 <p>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -7630,18 +6471,18 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922808</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;3418C720092E5BB96B7E42AD3BE5D55F&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684510</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Intensive Protection policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;hid&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7651,86 +6492,60 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922808</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;523B0176092E5BB97F83814D1657F3A4&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1720451135816</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Exceptions policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;exceptions&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
         <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
       <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;test&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1671002049331</span><span class="p">,</span>
-        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;exceptions&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
-        <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
-      <span class="p">},</span>
       <span class="p">{</span>
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922777</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;F12FDA6C092E5BB951DF7579239EF18B&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684432</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Memory Exploit Mitigation policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;mem&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
         <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
       <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1671003757070</span><span class="p">,</span>
-        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test MEM&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;mem&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
-        <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
-      <span class="p">},</span>
       <span class="p">{</span>
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922777</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;4E48B231092E5BB94B04E043AC98C412&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684432</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Web and Cloud Access Protection policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;ntr&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7740,18 +6555,18 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Recommended policy for most environments, providing a good balance between security and performance. Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922824</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;39A014CA092E5BB96712B9382E078D95&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684535</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Virus and Spyware Protection policy - Balanced&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;av&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7761,10 +6576,10 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;High security policy that may affect the performance of other applications. Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922840</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;0C512A3A092E5BB947C433BCF26DEA2E&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684567</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Virus and Spyware Protection policy - High Security&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;av&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7774,10 +6589,10 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Higher performance policy, but with reduced security. Relies on Auto-Protect scanning of files with selected extensions for most detections. One monthly scheduled scan and no email scanning. Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922840</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;1FF0FECA092E5BB95E6EFB78588BD500&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684587</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Virus and Spyware Protection policy - High Performance&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;av&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7787,18 +6602,18 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922808</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;7231E523092E5BB93F329A371754A877&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684497</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Firewall policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;fw&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7808,44 +6623,31 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922808</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;F23A143E092E5BB9729D4A06F126B084&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684497</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Quarantine Firewall policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;fw&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
         <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
       <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Test Firewall&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1671002675007</span><span class="p">,</span>
-        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test Firewall&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;fw&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
-        <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
-      <span class="p">},</span>
       <span class="p">{</span>
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922777</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;79B840A5092E5BB915D114AB2C0EA950&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684432</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Intrusion Prevention policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;ips&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7855,10 +6657,10 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922855</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;52AD1F3F092E5BB927116FA915BBBDBF&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684638</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;LiveUpdate Content policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;lucontent&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -7868,78 +6670,52 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922855</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;ECD7CDCD092E5BB93DE49DE84E475BFA&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684636</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;LiveUpdate Settings policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;lu&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
         <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
       <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1671003711900</span><span class="p">,</span>
-        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test LiveUpdate&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;lu&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
-        <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
-      <span class="p">},</span>
       <span class="p">{</span>
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922808</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;523E53EC092E5BB90A16A700DAEEBE85&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684510</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Host Integrity policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;hi&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
         <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
       <span class="p">},</span>
-      <span class="p">{</span>
-        <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-        <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;HID/HI&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1671003318142</span><span class="p">,</span>
-        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Test Integrity&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;hi&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
-        <span class="s2">&quot;subtype&quot;</span><span class="p">:</span> <span class="n">null</span>
-      <span class="p">},</span>
       <span class="p">{</span>
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922824</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;4793B972092E5BB92E3450AD7023CD88&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684510</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Application and Device Control policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;adc&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7949,18 +6725,18 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
         <span class="s2">&quot;assignedtocloudgroups&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
         <span class="s2">&quot;assignedtolocations&quot;</span><span class="p">:</span> <span class="p">[</span>
           <span class="p">{</span>
-            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">,</span>
-            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;groupId&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;defaultLocationId&quot;</span><span class="p">:</span> <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;groupId&quot;</span><span class="p">:</span> <span class="s2">&quot;52BBA2A9092E5BB94DC766C08B9D6354&quot;</span><span class="p">,</span>
             <span class="s2">&quot;locationIds&quot;</span><span class="p">:</span> <span class="p">[</span>
-              <span class="s2">&quot;locationIds&quot;</span>
+              <span class="s2">&quot;8E451D96092E5BB94D06F6F216972F1C&quot;</span>
             <span class="p">]</span>
           <span class="p">}</span>
         <span class="p">],</span>
         <span class="s2">&quot;desc&quot;</span><span class="p">:</span> <span class="s2">&quot;Created automatically during product installation.&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;domainid&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
         <span class="s2">&quot;enabled&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
-        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;id&quot;</span><span class="p">,</span>
-        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1670774922808</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;7C1FC997092E5BB90C24C0EA3BA7798A&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;lastmodifiedtime&quot;</span><span class="p">:</span> <span class="mi">1719408684497</span><span class="p">,</span>
         <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Client Upgrade policy&quot;</span><span class="p">,</span>
         <span class="s2">&quot;policytype&quot;</span><span class="p">:</span> <span class="s2">&quot;upgrade&quot;</span><span class="p">,</span>
         <span class="s2">&quot;sources&quot;</span><span class="p">:</span> <span class="p">[],</span>
@@ -7970,19 +6746,703 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
     <span class="s2">&quot;firstPage&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
     <span class="s2">&quot;lastPage&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
     <span class="s2">&quot;number&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
-    <span class="s2">&quot;numberOfElements&quot;</span><span class="p">:</span> <span class="mi">20</span><span class="p">,</span>
-    <span class="s2">&quot;size&quot;</span><span class="p">:</span> <span class="mi">20</span><span class="p">,</span>
+    <span class="s2">&quot;numberOfElements&quot;</span><span class="p">:</span> <span class="mi">15</span><span class="p">,</span>
+    <span class="s2">&quot;size&quot;</span><span class="p">:</span> <span class="mi">15</span><span class="p">,</span>
     <span class="s2">&quot;sort&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
-    <span class="s2">&quot;totalElements&quot;</span><span class="p">:</span> <span class="mi">20</span><span class="p">,</span>
+    <span class="s2">&quot;totalElements&quot;</span><span class="p">:</span> <span class="mi">15</span><span class="p">,</span>
     <span class="s2">&quot;totalPages&quot;</span><span class="p">:</span> <span class="mi">1</span>
   <span class="p">},</span>
-  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1100</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-10 10:42:05&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domainid</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_id</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">json</span> <span class="kn">import</span> <span class="n">dumps</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_policy_summary_results</span>
+
+<span class="k">if</span> <span class="ow">not</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;SEP Policy Summary for Domain: </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_id</span><span class="si">}</span><span class="s2"> error. Reason: </span><span class="si">{</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Policy Summary for Domain: </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_id</span><span class="si">}</span><span class="se">\n\n</span><span class="si">{</span><span class="n">dumps</span><span class="p">(</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;content&#39;</span><span class="p">),</span><span class="w"> </span><span class="n">indent</span><span class="o">=</span><span class="mi">4</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sep-move-endpoint">
+<h2>Function - SEP - Move endpoint<a class="headerlink" href="#function-sep-move-endpoint" title="Link to this heading">¶</a></h2>
+<p>Check for and move an endpoint to a different group.</p>
+<p><img alt="screenshot: fn-sep---move-endpoint " src="fn_sep/doc/screenshots/fn-sep---move-endpoint.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_groupid</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Group id on which to run the SEP command.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_hardwarekey</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Hardware key of SEP computer.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
+    <span class="p">{</span>
+      <span class="s2">&quot;responseCode&quot;</span><span class="p">:</span> <span class="s2">&quot;200&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;responseMessage&quot;</span><span class="p">:</span> <span class="s2">&quot;OK&quot;</span>
+    <span class="p">}</span>
+  <span class="p">],</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_groupid&quot;</span><span class="p">:</span> <span class="s2">&quot;23899461092E5BB937223FCF3A0605E3&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_hardwarekey&quot;</span><span class="p">:</span> <span class="s2">&quot;8DACE2559C1C951E09CC0BF71D973BB7&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">883</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-18 10:48:55&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">content</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_groups_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">full_path_name</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">[])[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;fullPathName&quot;</span><span class="p">)</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_hardwarekey</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">hardwareKey</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_groupid</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">[])[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_move_client script ##</span>
+<span class="c1"># List of fields in datatable fn_amp_get_computers script</span>
+<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_set_move_client&quot;</span>
+<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Move Endpoint&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">move_endpoint_results</span>
+<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">[])</span>
+<span class="n">HW_KEY</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_hardwarekey&quot;</span><span class="p">)</span>
+<span class="n">GROUP_ID</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_groupid&quot;</span><span class="p">)</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
+
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+<span class="k">if</span> <span class="n">CONTENT</span><span class="p">:</span>
+  <span class="n">response_msg</span> <span class="o">=</span> <span class="n">CONTENT</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;responseMessage&quot;</span><span class="p">)</span>
+  <span class="k">if</span> <span class="n">response_msg</span> <span class="o">==</span> <span class="s2">&quot;OK&quot;</span><span class="p">:</span>
+    <span class="n">oldfullpath</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_oldpathname</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;oldPathName&quot;</span><span class="p">)</span>
+    <span class="n">fullpathname</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_fullpathname</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;fullPathName&quot;</span><span class="p">)</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook: &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Successfully moved computer &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; &quot;</span> \
+               <span class="s2">&quot;from group &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; to group &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt;.&quot;</span>\
+        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">computerName</span><span class="p">,</span> <span class="n">oldfullpath</span><span class="p">,</span> <span class="n">fullpathname</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+    <span class="n">row</span><span class="o">.</span><span class="n">group_id</span> <span class="o">=</span> <span class="n">GROUP_ID</span>
+    <span class="k">if</span> <span class="n">fullpathname</span><span class="p">:</span>
+      <span class="n">row</span><span class="o">.</span><span class="n">group_name</span> <span class="o">=</span> <span class="n">fullpathname</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook: &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Unsuccessful move of computer &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; &quot;</span> \
+               <span class="s2">&quot;to group with id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt;. Received response &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt;.&quot;</span>\
+        <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">computerName</span><span class="p">,</span> <span class="n">GROUP_ID</span><span class="p">,</span> <span class="n">response_msg</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">noteText</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook: &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Move unsuccessful for computer with hardware id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; &quot;</span> \
+             <span class="s2">&quot;to group with id &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;.&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">HW_KEY</span><span class="p">,</span> <span class="n">GROUP_ID</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sep-quarantine-endpoints">
+<h2>Function - SEP - Quarantine Endpoints<a class="headerlink" href="#function-sep-quarantine-endpoints" title="Link to this heading">¶</a></h2>
+<p>Quarantine/un-quarantine Symantec Endpoint Protection endpoints. The function will add or remove endpoints to or from network quarantine.</p>
+<p><img alt="screenshot: fn-sep---quarantine-endpoints " src="fn_sep/doc/screenshots/fn-sep---quarantine-endpoints.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The list of computer ids on which to run the SEP command.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_group_ids</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The list of groups on which to run the SEP command.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_hardwarekey</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Hardware key of SEP computer.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_undo</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">boolean</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Boolean value, if set to true, will undo operation.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;commandID_computer&quot;</span><span class="p">:</span> <span class="s2">&quot;1CA9D4F37DD94CA88A9D93D09402E3D3&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;commandID_group&quot;</span><span class="p">:</span> <span class="s2">&quot;89637CF1D7204D028522C81C4389301B&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;01ECF4E8092E5BB91E4D52E45C3ABE4D&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_group_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;E5E684A6092E5BB90F46E84BB6F35BBC&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_hardwarekey&quot;</span><span class="p">:</span> <span class="s2">&quot;8DACE2559C1C951E09CC0BF71D973BB7&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_undo&quot;</span><span class="p">:</span> <span class="n">false</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1016</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-21 08:40:30&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_computer_ids</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">uniqueId</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_group_ids</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">group_id</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_hardwarekey</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">hardwareKey</span>
+
+<span class="c1"># un-quarantine the endpoint</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_undo</span> <span class="o">=</span> <span class="kc">True</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_quarantine_endpoints script ##</span>
+<span class="c1"># Globals</span>
+<span class="c1"># List of fields in datatable fn_sep_quarantine_endpoints script</span>
+<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;quarantine_commandid&quot;</span><span class="p">]</span>
+<span class="n">fn_name</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_quarantine_endpoints&quot;</span>
+<span class="n">wf_name</span> <span class="o">=</span> <span class="s2">&quot;Quarantine Endpoint&quot;</span>
+<span class="c1"># Processing</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">quarantine_ep_results</span>
+<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">inputs</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">query_execution_date</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
+
+<span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Executed with command id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for endpoint &quot;</span> \
+              <span class="s2">&quot;&lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;commandID_computer&quot;</span><span class="p">),</span> <span class="n">row</span><span class="o">.</span><span class="n">computerName</span><span class="p">,</span> <span class="n">fn_name</span><span class="p">)</span>
+  <span class="n">row</span><span class="o">.</span><span class="n">query_execution_date</span> <span class="o">=</span> <span class="n">query_execution_date</span>
+  <span class="n">row</span><span class="o">.</span><span class="n">quarantine_commandid</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;commandID_computer&quot;</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There was &lt;b&gt;no&lt;/b&gt; results returned for SOAR function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span> \
+               <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">fn_name</span><span class="p">)</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sep-scan-endpoints">
+<h2>Function - SEP - Scan Endpoints<a class="headerlink" href="#function-sep-scan-endpoints" title="Link to this heading">¶</a></h2>
+<p>Initiates an Evidence of Compromise (EOC) scan  of an artifact value  against  a list of endpoints or groups. The function can also be used to complete a remediation (quarantine) scan action  for hash value (MD5, SHA1 or SHA256).</p>
+<p><img alt="screenshot: fn-sep---scan-endpoints " src="fn_sep/doc/screenshots/fn-sep---scan-endpoints.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The list of computer ids on which to run the SEP command.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_description</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SEP object (e.g. scan) description.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_file_path</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The file path of the suspect file.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_group_ids</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The list of groups on which to run the SEP command.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_md5</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The MD5 hash value of the suspicious file.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_scan_action</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Action to be performed during a scan.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_scan_type</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SEP eoc scan type. Possible values are:  FULL_SCAN and QUICK_SCAN.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sha1</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SHA1 hash value of the suspicious file.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sha256</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SHA256 hash value of the suspicious file.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;commandID_computer&quot;</span><span class="p">:</span> <span class="s2">&quot;A0B9FC7873584EEAA44E1C3F78882D28&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;01ECF4E8092E5BB91E4D52E45C3ABE4D&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_description&quot;</span><span class="p">:</span> <span class="s2">&quot;Scan eoc for suspicious hash of type Malware SHA-256 Hash and value 1ac32478198ae72153801c58d2e437f27827f434fd810ae8d6ec6bc8f54350fb in the SEP environment.&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_file_path&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;sep_md5&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;sep_scan_action&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;sep_scan_type&quot;</span><span class="p">:</span> <span class="s2">&quot;QUICK_SCAN&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_sha1&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;sep_sha256&quot;</span><span class="p">:</span> <span class="s2">&quot;1ac32478198ae72153801c58d2e437f27827f434fd810ae8d6ec6bc8f54350fb&quot;</span>
+  <span class="p">},</span>
   <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
-    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">2390</span><span class="p">,</span>
-    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1002</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
     <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.1&quot;</span><span class="p">,</span>
-    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2023-01-05 10:21:01&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-16 08:46:57&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span>
+<span class="n">GET_COMPUTERS_CONTENT</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_computers_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">ARTIFACT_TYPE</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">type</span>
+<span class="n">ARTIFACT_VALUE</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
+<span class="n">ARTIFACT_DESCRIPTION</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">description</span>
+<span class="n">ARTIFACT_TYPE_TO_ROW</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;File Name&quot;</span><span class="p">:</span> <span class="s2">&quot;file_name&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;File Path&quot;</span><span class="p">:</span> <span class="s2">&quot;file_path&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;Malware MD5 Hash&quot;</span><span class="p">:</span> <span class="s2">&quot;md5&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;Malware SHA-1 Hash&quot;</span><span class="p">:</span> <span class="s2">&quot;sha1&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;Malware SHA-256 Hash&quot;</span><span class="p">:</span> <span class="s2">&quot;sha256&quot;</span>
+<span class="p">}</span>
+<span class="n">ARTIFACT_TYPES</span> <span class="o">=</span> <span class="p">[</span><span class="s1">&#39;file_name&#39;</span><span class="p">,</span> <span class="s1">&#39;file_path&#39;</span><span class="p">,</span> <span class="s1">&#39;md5&#39;</span><span class="p">,</span> <span class="s1">&#39;sha1&#39;</span><span class="p">,</span> <span class="s1">&#39;sha256&#39;</span><span class="p">]</span>
+<span class="n">COMPUTER_IDS</span> <span class="o">=</span> <span class="p">[]</span>
+
+<span class="k">def</span> <span class="nf">set_inputs</span><span class="p">(</span><span class="n">fn</span><span class="p">,</span> <span class="n">fp</span><span class="p">,</span> <span class="n">md5</span><span class="p">,</span> <span class="n">sha1</span><span class="p">,</span> <span class="n">sha256</span><span class="p">):</span>
+  <span class="k">global</span> <span class="n">COMPUTER_IDS</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_file_path</span> <span class="o">=</span> <span class="n">fn</span> <span class="k">if</span> <span class="n">fp</span> <span class="ow">is</span> <span class="kc">None</span> <span class="k">else</span> <span class="n">fp</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_md5</span> <span class="o">=</span> <span class="n">md5</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_sha1</span> <span class="o">=</span> <span class="n">sha1</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_sha256</span> <span class="o">=</span> <span class="n">sha256</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_computer_ids</span> <span class="o">=</span> <span class="s1">&#39;,&#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">COMPUTER_IDS</span><span class="p">)</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_scan_type</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_scan_type</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_scan_action</span> <span class="o">=</span> <span class="kc">None</span>
+  <span class="k">if</span> <span class="n">ARTIFACT_DESCRIPTION</span><span class="p">:</span>
+    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_description</span> <span class="o">=</span> <span class="s2">&quot;Scan eoc for </span><span class="si">{0}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">ARTIFACT_DESCRIPTION</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">))</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_description</span> <span class="o">=</span> <span class="s2">&quot;Scan eoc for suspicious hash of type </span><span class="si">{0}</span><span class="s2"> and value </span><span class="si">{1}</span><span class="s2"> in the SEP environment.&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">ARTIFACT_TYPE</span><span class="p">,</span> <span class="n">ARTIFACT_VALUE</span><span class="p">)</span>
+
+<span class="c1"># Get computers to run scan against from previous step.</span>
+<span class="k">if</span> <span class="n">GET_COMPUTERS_CONTENT</span> <span class="ow">and</span> <span class="n">GET_COMPUTERS_CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;endpoints_matching_ids&quot;</span><span class="p">):</span>
+  <span class="n">COMPUTER_IDS</span> <span class="o">=</span> <span class="n">GET_COMPUTERS_CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;endpoints_matching_ids&quot;</span><span class="p">)</span>
+<span class="c1"># Assign values to correct row based on artifact type</span>
+<span class="n">types</span> <span class="o">=</span> <span class="p">[</span><span class="kc">None</span> <span class="k">if</span> <span class="n">t</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">ARTIFACT_TYPE_TO_ROW</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">ARTIFACT_TYPE</span><span class="p">)</span> <span class="k">else</span> <span class="n">ARTIFACT_VALUE</span> <span class="k">for</span> <span class="n">t</span> <span class="ow">in</span> <span class="n">ARTIFACT_TYPES</span><span class="p">]</span>
+<span class="n">set_inputs</span><span class="p">(</span><span class="o">*</span><span class="n">types</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_upload_file_to_sepm script ##</span>
+<span class="c1"># List of fields in datatable fn_sep_get_command_status script</span>
+<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;scan_commandID&quot;</span><span class="p">]</span>
+<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_scan_endpoints&quot;</span>
+<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Initiate EOC Scan for Artifact&quot;</span>
+
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">scan_eoc_results</span>
+<span class="n">CONTENT</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">QUERY_EXECUTION_DATE</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;metrics&quot;</span><span class="p">,</span> <span class="p">{})</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">)</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
+
+<span class="k">if</span> <span class="n">CONTENT</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Returned command id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for a &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; &quot;</span> \
+              <span class="s2">&quot;scan on artifact &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">CONTENT</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;commandID_computer&quot;</span><span class="p">),</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_scan_type&quot;</span><span class="p">),</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There was &lt;b&gt;no&lt;/b&gt; command id returned for a &quot;</span> \
+              <span class="s2">&quot;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; scan on artifact &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">WF_NAME</span><span class="p">,</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_scan_type&quot;</span><span class="p">),</span> <span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_file_path&quot;</span><span class="p">),</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="n">FN_NAME</span><span class="p">)</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sep-update-fingerprint-list">
+<h2>Function - SEP - Update Fingerprint List<a class="headerlink" href="#function-sep-update-fingerprint-list" title="Link to this heading">¶</a></h2>
+<p>Updates an existing fingerprint list with a set of hash values.
+Note: Currently supports MD5 and SHA256 hash type.</p>
+<p><img alt="screenshot: fn-sep---update-fingerprint-list " src="fn_sep/doc/screenshots/fn-sep---update-fingerprint-list.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_description</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SEP object (e.g. scan) description.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_domainid</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SEPM domain id.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Id of SEP fingerprint list</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprintlist_name</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>Name of a SEP fingerprint list.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_hash_value</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The hash value. Can be MD5 or SHA256 hash value.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_description&quot;</span><span class="p">:</span> <span class="s2">&quot;Fingerprint list </span><span class="se">\u0027</span><span class="s2">Blacklist</span><span class="se">\u0027</span><span class="s2">&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_domainid&quot;</span><span class="p">:</span> <span class="s2">&quot;6E70F043092E5BB93F74FD57C083F99E&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_fingerprintlist_content&quot;</span><span class="p">:</span> <span class="s2">&quot;[{</span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">9a4e26d0c4ab855d5346bae28272bbeeb1ab713b29a4aab030770655f05acc25</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF8C053969C0A52FF267D25138C71553</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">02E188239C4A7761C2F4C63964B6A754E15A388980F4050AC8C327D1FA30255F</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF8D7335A370D17A1379A949AF595F78</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">6E46434DACCDED82FA235FA14A019C20CF3AAFDAAB3F8EB81EBD0195C8F1D909</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF8D847F4173DBFCAF0A25C6C17C7B99</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">BC56124B126D2A2F468125C38789FF19C9655FDD3A84990A1B90E2F91BCA1FD9</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF8F37FECFB4F7A56531E413883E03F5</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">AD49D17F25670CF54B14DC7FE3EC086D9FCB92DEB4375B598AB95ECCD676CDBC</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF8FFEA7310D9A4A642CC8018227B91B</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">924D3456B5D72F6792CAE92895CFA9C0FEBA74616D92C8CD63639F77646B6B05</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF9171426D5A9490D548B08A5CA9C805</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">1F83EF7D0548828F101A6C760F1D208E2B220186ED71E38942D6CF6EF95FF756</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF91FA115BA27CD56716623DC6933946</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">05C2FB7565D2953D46E458D96000CD589AC14C4E4C33E718E38BE4739A9F7504</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF92B0EA7579E691C1FF669FAB5AC186</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">048E17562A6C601D3EAFF05FF62318944C9E7083825F587AD0F5C1C2C26CBD71</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF93C7959F24921381B8338686B0509C</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">2C6DCF143C41A5780DD24B48CA08EFC96595D86F4DB1FCD10D59E28EC1DBB0E2</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF95B2B128EB6B0BDDDF39CD05C78A0F</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">DF1AE05C349A5C4E9D3187D0D85BD6172FB131BD5B826A1FFC947DB9A09F3DCF</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF9932C30F72B19E57D9B07F230487E7</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FBD7F130718C6A73E0AFD15D1F8D843426604A866EC63624357F8A952B484AD1</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF995A3411623293F7E3FD72143D04AB</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">ACEA65301D759F922BDB1AB8DD52B57828FF4D64106A93C3EEAF89553466EA58</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF9CD8F4947AD1474D29187220BC3972</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">AE17F31CBEEC0471392A42E85CB8B258351351212AB028C0B6B5C101C76083D9</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF9CF495023DD6D5BCE4187214B1469B</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">8D9FE0851D4D35D312F35E83618F63DFCBB4A045B5348468E04AE3CA61782F74</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF9D51FB459CF535F33003FABB0E7FD9</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">6D36FEB1167103BFE37251D1B049C449466A21590710F1E7F20C9B0C69511F7B</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF9E058DAC27FCC739884D3DBE43D81F</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">8C6A42FC8D9262A7E84C39566AB25931FBD77A7F9B5F1806DB69B297ADC87F3C</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF9E1E7E499D8C6336FA697C7142FA0C</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FD8862560FFA44B8177F1B1E053C1E820F2E19636F28E75A9AC427DBA0E15534</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FF9E62ECB2BFD5B9CA608A40A96DEB04</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">95A9CB94CCB3F30029E1C977B63A845FE129C02E6CAF26AD234AB66AA9AF1C6C</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FFA44FD7FEDA32632E8CE84AD0F9101B</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">2A0746A7876C1A430F9C9A5BE4BE28CAA2FF4F73477651AE5CC74462278F333B</span><span class="se">\u0027</span><span class="s2">}, {</span><span class="se">\u0027</span><span class="s2">MD5</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">FFA6335553397F28CA47ADC34343CA62</span><span class="se">\u0027</span><span class="s2">, </span><span class="se">\u0027</span><span class="s2">SHA256</span><span class="se">\u0027</span><span class="s2">: </span><span class="se">\u0027</span><span class="s2">0D43D4D40C9854EB158DDE164699D02F47B21D68CEACAFEB2F469587B861C356</span><span class="se">\u0027</span><span class="s2">}]&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_fingerprintlist_id&quot;</span><span class="p">:</span> <span class="s2">&quot;C5C4CAC9092E5BB9315A5137B5B8DC8B&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_fingerprintlist_name&quot;</span><span class="p">:</span> <span class="s2">&quot;Blacklist&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_hash_value&quot;</span><span class="p">:</span> <span class="s2">&quot;0b9e4cb2af3dd1686accf0c469ce7b60&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1685</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-11 10:29:26&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;</span><span class="se">\&quot;\&quot;</span><span class="s2">&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">domain_content</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_domains_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">[])</span>
+<span class="n">fpl_content</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_fingerprintlist_results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">fpl_data</span> <span class="o">=</span> <span class="n">fpl_content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="p">[])</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span>
+
+<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">domain_content</span><span class="p">)):</span>
+  <span class="k">if</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;name&quot;</span><span class="p">)</span> <span class="o">==</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_domain_name</span><span class="p">:</span>
+    <span class="n">inputs</span><span class="o">.</span><span class="n">sep_domainid</span> <span class="o">=</span> <span class="n">domain_content</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
+    <span class="k">break</span>
+
+<span class="k">if</span> <span class="n">fpl_content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;name&quot;</span><span class="p">)</span> <span class="o">==</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span><span class="p">:</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_id</span> <span class="o">=</span> <span class="n">fpl_content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">)</span>
+  <span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span>
+
+  <span class="k">if</span> <span class="n">fpl_data</span><span class="p">:</span>
+    <span class="c1"># If the fingerprintlist a list of dictionaries, then it is using the new format.</span>
+    <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">fpl_data</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="nb">dict</span><span class="p">):</span>
+      <span class="c1"># Get hash type</span>
+      <span class="n">hash_type</span> <span class="o">=</span> <span class="s2">&quot;MD5&quot;</span>
+      <span class="k">if</span> <span class="n">artifact</span><span class="o">.</span><span class="n">type</span> <span class="o">==</span> <span class="s2">&quot;Malware SHA-256 Hash&quot;</span><span class="p">:</span>
+        <span class="n">hash_type</span> <span class="o">=</span> <span class="s2">&quot;SHA256&quot;</span>
+
+      <span class="n">fpl_data</span><span class="o">.</span><span class="n">append</span><span class="p">({</span><span class="n">hash_type</span><span class="p">:</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">})</span>
+      <span class="n">inputs</span><span class="o">.</span><span class="n">sep_hash_value</span> <span class="o">=</span> <span class="nb">str</span><span class="p">(</span><span class="n">fpl_data</span><span class="p">)</span>
+    <span class="k">else</span><span class="p">:</span>
+      <span class="n">inputs</span><span class="o">.</span><span class="n">sep_hash_value</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span> <span class="o">+</span> <span class="s1">&#39;,&#39;</span> <span class="o">+</span> <span class="s1">&#39;,&#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">fpl_data</span><span class="p">)</span>
+
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_description</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;Fingerprint list &#39;</span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_fingerprintlist_name</span><span class="si">}</span><span class="s2">&#39;&quot;</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_update_fingerprint_list script ##</span>
+<span class="n">FN_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_update_fingerprint_list&quot;</span>
+<span class="n">WF_NAME</span> <span class="o">=</span> <span class="s2">&quot;Add Hash to Fingerprint List&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">update_fingerprintlist_results</span>
+<span class="n">INPUTS</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">)</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="kc">None</span>
+<span class="n">hash_type</span> <span class="o">=</span> <span class="s2">&quot;MD5&quot;</span>
+<span class="k">if</span> <span class="n">artifact</span><span class="o">.</span><span class="n">type</span> <span class="o">==</span> <span class="s2">&quot;Malware SHA-256 Hash&quot;</span><span class="p">:</span>
+  <span class="n">hash_type</span> <span class="o">=</span> <span class="s2">&quot;SHA256&quot;</span>
+
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="c1"># If we got here we assume we are successful, no status message is returned by api.</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook: &lt;b&gt;</span><span class="si">{</span><span class="n">WF_NAME</span><span class="si">}</span><span class="s2">&lt;/b&gt;</span><span class="se">\n</span><span class="s2">Successfully added </span><span class="si">{</span><span class="n">hash_type</span><span class="si">}</span><span class="s2"> hash &lt;b&gt;</span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2">&lt;/b&gt; to fingerprint &quot;</span> \
+              <span class="sa">f</span><span class="s2">&quot;list &lt;b&gt;</span><span class="si">{</span><span class="n">INPUTS</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;sep_fingerprintlist_name&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{</span><span class="n">FN_NAME</span><span class="si">}</span><span class="s2">&lt;/b&gt;&quot;</span>
+
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook: &lt;b&gt;</span><span class="si">{</span><span class="n">WF_NAME</span><span class="si">}</span><span class="s2">&lt;/b&gt;</span><span class="se">\n</span><span class="s2">Failed with reason: </span><span class="si">{</span><span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;reason&#39;</span><span class="p">)</span><span class="si">}</span><span class="s2">&quot;</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note_text</span><span class="p">))</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sep-upload-file-to-sepm">
+<h2>Function - SEP - Upload File to SEPM<a class="headerlink" href="#function-sep-upload-file-to-sepm" title="Link to this heading">¶</a></h2>
+<p>Upload a file from an endpoint back to the SEPM server.<br />
+Note: Only supports executable file types such as binary executable (.exe), batch (.bat), Windows installer package (.msi) etc. File source can be FILESYTEM, QUARANTINE or BOTH</p>
+<p><img alt="screenshot: fn-sep---upload-file-to-sepm " src="fn_sep/doc/screenshots/fn-sep---upload-file-to-sepm.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_computer_ids</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The list of computer ids on which to run the SEP command.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_file_path</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The file path of the suspect file.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_md5</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The MD5 hash value of the suspicious file.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sha1</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SHA1 hash value of the suspicious file.</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sep_sha256</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The SHA256 hash value of the suspicious file.</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sep_source</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>The file source from where to search for the suspicious file. Possible values are: FILESYSTEM (default), QUARANTINE, or BOTH.</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;commandID&quot;</span><span class="p">:</span> <span class="s2">&quot;C9456A597A0E42A89F243B8A537A056D&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sep_computer_ids&quot;</span><span class="p">:</span> <span class="s2">&quot;01ECF4E8092E5BB91E4D52E45C3ABE4D&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_file_path&quot;</span><span class="p">:</span> <span class="s2">&quot;C:</span><span class="se">\\</span><span class="s2">Users</span><span class="se">\\</span><span class="s2">Administrator</span><span class="se">\\</span><span class="s2">Desktop</span><span class="se">\\</span><span class="s2">tesy.txt&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_md5&quot;</span><span class="p">:</span> <span class="s2">&quot;44d88612fea8a8f36de82e1278abb02f&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sep_sha1&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;sep_sha256&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;sep_source&quot;</span><span class="p">:</span> <span class="s2">&quot;QUARANTINE&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">7428</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;local&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sep&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.2.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-29 09:49:39&quot;</span><span class="p">,</span>
     <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
   <span class="p">},</span>
   <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
@@ -7994,22 +7454,58 @@ <h2>Function - SEP: Get Policy Summary<a class="headerlink" href="#function-sep-
 </div>
 </p>
 </details>
-<details><summary>Steps to Fetch "sep_domainid": </summary>
-<p>
-<p>Value of <code class="docutils literal notranslate"><span class="pre">sep_domainid</span></code> field can be refered from <a class="reference internal" href="#function---sep---get-domains"><span class="xref myst">Function - SEP - Get Domains</span></a> function’s output. <br>
-Ex. <code class="docutils literal notranslate"><span class="pre">id</span></code> attribute from following path <code class="docutils literal notranslate"><span class="pre">content--&gt;id</span></code>.</p>
-</p>
-</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_computer_ids</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">computer_id</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_file_path</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">file_path</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_source</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sep_source</span>
+<span class="n">hash_lengths</span>  <span class="o">=</span> <span class="p">[</span><span class="mi">64</span><span class="p">,</span> <span class="mi">40</span><span class="p">,</span> <span class="mi">32</span><span class="p">]</span>
+<span class="n">hvs</span> <span class="o">=</span> <span class="p">[</span><span class="kc">None</span> <span class="k">if</span> <span class="n">h</span> <span class="o">!=</span> <span class="nb">len</span><span class="p">(</span><span class="n">row</span><span class="o">.</span><span class="n">hash_value</span><span class="p">)</span> <span class="k">else</span> <span class="n">row</span><span class="o">.</span><span class="n">hash_value</span> <span class="k">for</span> <span class="n">h</span> <span class="ow">in</span> <span class="n">hash_lengths</span><span class="p">]</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_sha256</span> <span class="o">=</span> <span class="n">hvs</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_sha1</span> <span class="o">=</span> <span class="n">hvs</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sep_md5</span> <span class="o">=</span> <span class="n">hvs</span><span class="p">[</span><span class="mi">2</span><span class="p">]</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1">## Symantec Endpoint Protection - fn_sep_upload_file_to_sepm script ##</span>
+<span class="c1"># Globals</span>
+<span class="c1"># List of fields in datatable fn_sep_get_command_status script</span>
+<span class="n">DATA_TBL_FIELDS</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;commandID&quot;</span><span class="p">]</span>
+<span class="n">fn_name</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_upload_file_to_sepm&quot;</span>
+<span class="n">wf_name</span> <span class="o">=</span> <span class="s2">&quot;Upload file to SEPM server&quot;</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">upload_file_results</span>
+<span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+<span class="n">inputs</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">,</span> <span class="p">{})</span>
+
+<span class="c1"># Processing</span>
+<span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+  <span class="n">noteText</span> <span class="o">=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">Command executed with id &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt; for artifact with &quot;</span> \
+             <span class="s2">&quot;type &lt;b&gt;</span><span class="si">{2}</span><span class="s2">&lt;/b&gt; and value &lt;b&gt;</span><span class="si">{3}</span><span class="s2">&lt;/b&gt; from source &lt;b&gt;</span><span class="si">{4}</span><span class="s2">&lt;/b&gt; for SOAR function &lt;b&gt;</span><span class="si">{5}</span><span class="s2">&lt;/b&gt;&quot;</span>\
+      <span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;commandID&quot;</span><span class="p">),</span> <span class="n">row</span><span class="o">.</span><span class="n">artifact_type</span><span class="p">,</span> <span class="n">row</span><span class="o">.</span><span class="n">artifact_value</span><span class="p">,</span> <span class="n">inputs</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sep_source&quot;</span><span class="p">),</span> <span class="n">fn_name</span><span class="p">)</span>
+  <span class="n">row</span><span class="o">.</span><span class="n">upload_commandid</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;commandID&quot;</span><span class="p">)</span>
+
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">noteText</span> <span class="o">+=</span> <span class="s2">&quot;Symantec SEP Integration:</span><span class="se">\n</span><span class="s2">Playbook &lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;:</span><span class="se">\n</span><span class="s2">There was &lt;b&gt;no&lt;/b&gt; results returned for SOAR &quot;</span> \
+              <span class="s2">&quot;function &lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">wf_name</span><span class="p">,</span> <span class="n">fn_name</span><span class="p">)</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">noteText</span><span class="p">))</span>
+</pre></div>
+</div>
+</p>
+</details>
 </section>
 <hr class="docutils" />
 <section id="script-scr-sep-add-artifact-from-scan-results">
 <h2>Script - scr_sep_add_artifact_from_scan_results<a class="headerlink" href="#script-scr-sep-add-artifact-from-scan-results" title="Link to this heading">¶</a></h2>
-<p>Script for Symantec SEP to add a IBM SOAR artifact from a property of the ‘Symantec SEP - EOC scan results’ data-table.
+<p>Script for Symantec SEP to add a SOAR artifact from a property of the ‘Symantec SEP - EOC scan results’ data-table.
 The supported artifact types supported are: “File Path”, “Malware SHA-256 Hash” and “System Name”.</p>
 <p><strong>Object:</strong> sep_eoc_scan_results</p>
 <details><summary>Script Text:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1"># Create a Resilient artifact based on a dropdown which selects the corresponding data-table field.</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1"># Create a SOAR artifact based on a dropdown which selects the corresponding data-table field.</span>
 <span class="n">ARTIFACT_TYPE</span> <span class="o">=</span> <span class="n">rule</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sep_artifact_type_scan_results</span>
 <span class="n">FUNCTION_NAME</span> <span class="o">=</span> <span class="s2">&quot;fn_sep_scan_endpoints&quot;</span>
 
@@ -8146,11 +7642,227 @@ <h2>Script - scr_sep_parse_email_notification<a class="headerlink" href="#script
 </details>
 </section>
 <hr class="docutils" />
-<section id="data-table-symantec-sep-endpoint-details">
-<h2>Data Table - Symantec SEP - Endpoint details<a class="headerlink" href="#data-table-symantec-sep-endpoint-details" title="Link to this heading">¶</a></h2>
+<section id="playbooks">
+<h2>Playbooks<a class="headerlink" href="#playbooks" title="Link to this heading">¶</a></h2>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Playbook Name</p></th>
+<th class="head"><p>Description</p></th>
+<th class="head"><p>Activation Type</p></th>
+<th class="head"><p>Object</p></th>
+<th class="head"><p>Status</p></th>
+<th class="head"><p>Condition</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>SEP: Add Artifact from Scan Result - Example (PB)</p></td>
+<td><p>add a SOAR artifact from a property of the ‘Symantec SEP - EOC scan results’ data-table. The supported artifact types supported are: “File Path”, “Malware SHA-256 Hash” and “System Name”.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_eoc_scan_results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_eoc_scan_results.file_path</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.computer_name</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.scan_command_state</span> <span class="pre">contains</span> <span class="pre">Completed</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.hash_value</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">(sep_eoc_scan_results.scan_result</span> <span class="pre">contains</span> <span class="pre">Hash</span> <span class="pre">match</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.scan_result</span> <span class="pre">contains</span> <span class="pre">Full</span> <span class="pre">match)</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Add Hash to Blacklist - Example (PB)</p></td>
+<td><p>Create a new blacklist fingerprint list and add an MD5 hash if the fingerprint list doesn’t already exist. Add an MD5 hash to an existing blacklist fingerprint list if it already exists.</p></td>
+<td><p>Manual</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">in</span> <span class="pre">['Malware</span> <span class="pre">MD5</span> <span class="pre">Hash',</span> <span class="pre">'Malware</span> <span class="pre">SHA-256</span> <span class="pre">Hash']</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Assign Blacklist to lockdown group - Example (PB)</p></td>
+<td><p>Assign a blacklist fingerprint list to a group for system lockdown.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_groups</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_groups.group_id</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_groups.policyInheritanceEnabled</span> <span class="pre">equals</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Cancel a Command - Example (PB)</p></td>
+<td><p>Cancel an existing pending command</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Delete Blacklist - Example (PB)</p></td>
+<td><p>Delete an existing blacklist fingerprint list. Note: Also removes it from any group to which it has been assigned.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_fingerprint_lists</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_fingerprint_lists.list_id</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Delete Hash from Blacklist - Example (PB)</p></td>
+<td><p>Update a blacklist fingerprint list to remove an MD5 hash. Note: The fingerprint list will be deleted if only a single MD5 hash is remaining in the list.</p></td>
+<td><p>Manual</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">in</span> <span class="pre">['Malware</span> <span class="pre">MD5</span> <span class="pre">Hash',</span> <span class="pre">'Malware</span> <span class="pre">SHA-256</span> <span class="pre">Hash']</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Get Blacklist information - Example (PB)</p></td>
+<td><p>Get a blacklist fingerprint list information for a specified name.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Get Critical Events - Example (PB)</p></td>
+<td><p>Gets information related to critical events.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Get Endpoint Details - Example (PB)</p></td>
+<td><p>Get endpoint details for Evidence of Compromise (EOC) data table row “computer_name” value.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_eoc_scan_results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_eoc_scan_results.computer_name</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Get Endpoint Details for artifact - Example (PB)</p></td>
+<td><p>Get endpoint details for artifact value. Artifact value will be “DNS name” or “System name”</p></td>
+<td><p>Manual</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">equals</span> <span class="pre">DNS</span> <span class="pre">Name</span> <span class="pre">OR</span> <span class="pre">artifact.type</span> <span class="pre">equals</span> <span class="pre">System</span> <span class="pre">Name</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Get Endpoints status summary - Example (PB)</p></td>
+<td><p>Get overall Endpoint status summary.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Get Endpoints status summary (refresh) - Example (PB)</p></td>
+<td><p>Get overall Endpoint status summary.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_endpoint_status_summary</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Get Exceptions Policy - Example (PB)</p></td>
+<td><p>Get the exception’s policy for the specified policy ID.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Get File Content as Base64 string - Example (PB)</p></td>
+<td><p>Get contents of a file uploaded to SEPM server as a Base64 string.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_eoc_scan_results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_eoc_scan_results.file_id</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.file_upload_status</span> <span class="pre">contains</span> <span class="pre">Completed</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.scan_command_state</span> <span class="pre">contains</span> <span class="pre">Completed</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.scan_commandid</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Get Firewall Policy - Example (PB)</p></td>
+<td><p>Get the firewall policy for the specified policy ID.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Get Groups information - Example (PB)</p></td>
+<td><p>Get groups information.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Get Non-Compliant Endpoints status details - Example (PB)</p></td>
+<td><p>Get further details for Endpoints with non-compliant status.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_endpoint_status_summary</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_endpoint_status_summary.non_compliant</span> <span class="pre">gt</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Get Policy Summary - Example (PB)</p></td>
+<td><p>Get the summary information for policies within a specific Domain. Also gets the list of groups to which the policies are assigned.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Get Quarantine status - Example (PB)</p></td>
+<td><p>Get the status of a Quarantine Endpoint command.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_endpoint_details</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_endpoint_details.computerName</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.quarantine_commandid</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.uniqueId</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Get Remediation status - Example (PB)</p></td>
+<td><p>Get the status of a remediation scan command.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_eoc_scan_results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_eoc_scan_results.remediation_status</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">(sep_eoc_scan_results.remediation_status</span> <span class="pre">contains</span> <span class="pre">In</span> <span class="pre">progress</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.remediation_status</span> <span class="pre">contains</span> <span class="pre">Waiting/Not</span> <span class="pre">received</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.remediation_status</span> <span class="pre">contains</span> <span class="pre">Received)</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Get Scan results - Example (PB)</p></td>
+<td><p>Get the results of a scan EOC command.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_eoc_scan_results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_eoc_scan_results.scan_command_state</span> <span class="pre">not_contains</span> <span class="pre">Completed</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.scan_command_state</span> <span class="pre">not_contains</span> <span class="pre">Timedout</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.scan_commandid</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">(sep_eoc_scan_results.scan_command_state</span> <span class="pre">contains</span> <span class="pre">In</span> <span class="pre">progress</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.scan_command_state</span> <span class="pre">contains</span> <span class="pre">Received</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.scan_command_state</span> <span class="pre">contains</span> <span class="pre">Waiting/Not</span> <span class="pre">received)</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Get Upload status - Example (PB)</p></td>
+<td><p>Get the status of an Upload command.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_eoc_scan_results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_eoc_scan_results.file_upload_status</span> <span class="pre">contains</span> <span class="pre">In</span> <span class="pre">progress</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.upload_commandid</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Initiate EOC Scan for Artifact - Example (PB)</p></td>
+<td><p>Initiate an Evidence of Compromise (EOC) scan on artifacts of type file (name or path) or hash (MD5, SHA1 or SHA256) against all endpoints. Use the returned command ID to get the initial command status and information on any matches for each endpoint.</p></td>
+<td><p>Manual</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">equals</span> <span class="pre">File</span> <span class="pre">Name</span> <span class="pre">OR</span> <span class="pre">artifact.type</span> <span class="pre">equals</span> <span class="pre">File</span> <span class="pre">Path</span> <span class="pre">OR</span> <span class="pre">artifact.type</span> <span class="pre">equals</span> <span class="pre">Malware</span> <span class="pre">MD5</span> <span class="pre">Hash</span> <span class="pre">OR</span> <span class="pre">artifact.type</span> <span class="pre">equals</span> <span class="pre">Malware</span> <span class="pre">SHA-1</span> <span class="pre">Hash</span> <span class="pre">OR</span> <span class="pre">artifact.type</span> <span class="pre">equals</span> <span class="pre">Malware</span> <span class="pre">SHA-256</span> <span class="pre">Hash</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Move Endpoint - Example (PB)</p></td>
+<td><p>Move an endpoint to a different group.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_endpoint_details</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_endpoint_details.hardwareKey</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.uniqueId</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Quarantine Endpoint - Example (PB)</p></td>
+<td><p>Quarantine or un-quarantine an endpoint. Add or remove endpoints to or from network quarantine.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_endpoint_details</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_endpoint_details.computerName</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.endpoint_quarantine_status</span> <span class="pre">not_equals</span> <span class="pre">Quarantined</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.group_id</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.hardwareKey</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.quarantine_command_state</span> <span class="pre">not_contains</span> <span class="pre">In</span> <span class="pre">progress</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.uniqueId</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Remediate Artifact on Endpoint - Example (PB)</p></td>
+<td><p>Initiate a file quarantine scan on Symantec Endpoint Protection endpoints and get initial command status. A remediation action quarantines all copies of the selected file on the target endpoint(s) by hash value (SHA256, SHA1 or MD5).</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_eoc_scan_results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_eoc_scan_results.scan_commandid</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.scan_command_state</span> <span class="pre">contains</span> <span class="pre">Completed</span> <span class="pre">AND</span> <span class="pre">(sep_eoc_scan_results.scan_result</span> <span class="pre">contains</span> <span class="pre">FULL_MATCH</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.scan_result</span> <span class="pre">contains</span> <span class="pre">HASH_MATCH</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.scan_result</span> <span class="pre">contains</span> <span class="pre">PARTIAL_MATCH)</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.remediation_status</span> <span class="pre">not_contains</span> <span class="pre">Completed</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.remediation_status</span> <span class="pre">not_contains</span> <span class="pre">In</span> <span class="pre">progress</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.remediation_status</span> <span class="pre">not_contains</span> <span class="pre">Unexpected</span> <span class="pre">status</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.remediation_status</span> <span class="pre">not_contains</span> <span class="pre">No</span> <span class="pre">match</span> <span class="pre">found</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.remediation_status</span> <span class="pre">not_contains</span> <span class="pre">Failed</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>SEP: Un-Quarantine Endpoint - Example (PB)</p></td>
+<td><p>Quarantine or un-quarantine an endpoint. Add or remove endpoints to or from network quarantine.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_endpoint_details</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_endpoint_details.computerName</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.endpoint_quarantine_status</span> <span class="pre">equals</span> <span class="pre">Quarantined</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.group_id</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.hardwareKey</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.quarantine_command_state</span> <span class="pre">not_contains</span> <span class="pre">In</span> <span class="pre">progress</span> <span class="pre">AND</span> <span class="pre">sep_endpoint_details.uniqueId</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>SEP: Upload file to SEPM server - Example (PB)</p></td>
+<td><p>Request a file discovered by an EOC scan be uploaded to the SEPM server. Note: Only supports file executable types such as binary executable (.exe), batch (.bat), Windows installer package (.msi) etc.</p></td>
+<td><p>Manual</p></td>
+<td><p>sep_eoc_scan_results</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sep_eoc_scan_results.scan_commandid</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.scan_command_state</span> <span class="pre">contains</span> <span class="pre">Completed</span> <span class="pre">AND</span> <span class="pre">(sep_eoc_scan_results.scan_result</span> <span class="pre">contains</span> <span class="pre">Full</span> <span class="pre">match</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.scan_result</span> <span class="pre">contains</span> <span class="pre">Hash</span> <span class="pre">match</span> <span class="pre">OR</span> <span class="pre">sep_eoc_scan_results.scan_result</span> <span class="pre">contains</span> <span class="pre">Partial</span> <span class="pre">match)</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.file_upload_status</span> <span class="pre">not_contains</span> <span class="pre">In</span> <span class="pre">progress</span> <span class="pre">AND</span> <span class="pre">sep_eoc_scan_results.file_upload_status</span> <span class="pre">not_contains</span> <span class="pre">Completed</span></code></p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+<hr class="docutils" />
+<section id="data-table-symantec-sep-critical-events">
+<h2>Data Table - Symantec SEP - Critical Events<a class="headerlink" href="#data-table-symantec-sep-critical-events" title="Link to this heading">¶</a></h2>
+<p><img alt="screenshot: dt-symantec-sep---critical-events" src="fn_sep/doc/screenshots/dt-symantec-sep---critical-events.png" /></p>
 <section id="api-name">
 <h3>API Name:<a class="headerlink" href="#api-name" title="Link to this heading">¶</a></h3>
-<p>sep_endpoint_details</p>
+<p>sep_critical_events</p>
 </section>
 <section id="columns">
 <h3>Columns:<a class="headerlink" href="#columns" title="Link to this heading">¶</a></h3>
@@ -8164,6 +7876,61 @@ <h3>Columns:<a class="headerlink" href="#columns" title="Link to this heading">
 </tr>
 </thead>
 <tbody>
+<tr class="row-even"><td><p>Acknowledged</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">acknowledged</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">boolean</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Date Added</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">date_added</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">datetimepicker</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Event Date</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">event_date</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Event Id</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">event_id</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Message</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">message</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Subject</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">subject</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+</section>
+<hr class="docutils" />
+<section id="data-table-symantec-sep-endpoint-details">
+<h2>Data Table - Symantec SEP - Endpoint details<a class="headerlink" href="#data-table-symantec-sep-endpoint-details" title="Link to this heading">¶</a></h2>
+<p><img alt="screenshot: dt-symantec-sep---endpoint-details" src="fn_sep/doc/screenshots/dt-symantec-sep---endpoint-details.png" /></p>
+<section id="id1">
+<h3>API Name:<a class="headerlink" href="#id1" title="Link to this heading">¶</a></h3>
+<p>sep_endpoint_details</p>
+</section>
+<section id="id2">
+<h3>Columns:<a class="headerlink" href="#id2" title="Link to this heading">¶</a></h3>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Column Name</p></th>
+<th class="head"><p>API Access Name</p></th>
+<th class="head"><p>Type</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
 <tr class="row-even"><td><p>Computer name</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">computerName</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
@@ -8174,7 +7941,7 @@ <h3>Columns:<a class="headerlink" href="#columns" title="Link to this heading">
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
 <td><p>Description of an endpoint in the SEP environment.</p></td>
 </tr>
-<tr class="row-even"><td><p>Endpoint quarantine status</p></td>
+<tr class="row-even"><td><p>Endpoint Quarantine Status</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">endpoint_quarantine_status</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
 <td><p>Quarantine status of an endpoint. Possible statuses are ‘Un-Quarantined’ and ‘Quarantined’. Note: Only applicable for MS Windows endpoints.</p></td>
@@ -8247,12 +8014,13 @@ <h3>Columns:<a class="headerlink" href="#columns" title="Link to this heading">
 <hr class="docutils" />
 <section id="data-table-symantec-sep-endpoint-status-summary">
 <h2>Data Table - Symantec SEP - Endpoint status summary<a class="headerlink" href="#data-table-symantec-sep-endpoint-status-summary" title="Link to this heading">¶</a></h2>
-<section id="id1">
-<h3>API Name:<a class="headerlink" href="#id1" title="Link to this heading">¶</a></h3>
+<p><img alt="screenshot: dt-symantec-sep---endpoint-status-summary" src="fn_sep/doc/screenshots/dt-symantec-sep---endpoint-status-summary.png" /></p>
+<section id="id3">
+<h3>API Name:<a class="headerlink" href="#id3" title="Link to this heading">¶</a></h3>
 <p>sep_endpoint_status_summary</p>
 </section>
-<section id="id2">
-<h3>Columns:<a class="headerlink" href="#id2" title="Link to this heading">¶</a></h3>
+<section id="id4">
+<h3>Columns:<a class="headerlink" href="#id4" title="Link to this heading">¶</a></h3>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
 <thead>
@@ -8311,12 +8079,13 @@ <h3>Columns:<a class="headerlink" href="#id2" title="Link to this heading">¶</a
 <hr class="docutils" />
 <section id="data-table-symantec-sep-eoc-scan-results">
 <h2>Data Table - Symantec SEP - EOC scan results<a class="headerlink" href="#data-table-symantec-sep-eoc-scan-results" title="Link to this heading">¶</a></h2>
-<section id="id3">
-<h3>API Name:<a class="headerlink" href="#id3" title="Link to this heading">¶</a></h3>
+<p><img alt="screenshot: dt-symantec-sep---eoc-scan-results" src="fn_sep/doc/screenshots/dt-symantec-sep---eoc-scan-results.png" /></p>
+<section id="id5">
+<h3>API Name:<a class="headerlink" href="#id5" title="Link to this heading">¶</a></h3>
 <p>sep_eoc_scan_results</p>
 </section>
-<section id="id4">
-<h3>Columns:<a class="headerlink" href="#id4" title="Link to this heading">¶</a></h3>
+<section id="id6">
+<h3>Columns:<a class="headerlink" href="#id6" title="Link to this heading">¶</a></h3>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
 <thead>
@@ -8330,22 +8099,22 @@ <h3>Columns:<a class="headerlink" href="#id4" title="Link to this heading">¶</a
 <tr class="row-even"><td><p>Artifact id</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">artifact_id</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The ID of the artifact</p></td>
 </tr>
 <tr class="row-odd"><td><p>Artifact type</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">artifact_type</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The SOAR artifact type. Either Malware SHA-256 Hash, Malware SHA-1 Hash, Malware MD5 Hash, File Name, or File Path</p></td>
 </tr>
 <tr class="row-even"><td><p>Artifact value</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">artifact_value</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The value of the SOAR artifact</p></td>
 </tr>
 <tr class="row-odd"><td><p>Computer name</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">computer_name</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>Name of the SEP computer</p></td>
 </tr>
 <tr class="row-even"><td><p>File path</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">file_path</span></code></p></td>
@@ -8355,7 +8124,7 @@ <h3>Columns:<a class="headerlink" href="#id4" title="Link to this heading">¶</a
 <tr class="row-odd"><td><p>File upload  status</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">file_upload_status</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The status of the file upload from SEP</p></td>
 </tr>
 <tr class="row-even"><td><p>Hash value</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">hash_value</span></code></p></td>
@@ -8365,12 +8134,12 @@ <h3>Columns:<a class="headerlink" href="#id4" title="Link to this heading">¶</a
 <tr class="row-odd"><td><p>Query execution date</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">query_execution_date</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>Time the Query was executed</p></td>
 </tr>
 <tr class="row-even"><td><p>Remediation status</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">remediation_status</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The remediation status from SEP</p></td>
 </tr>
 <tr class="row-odd"><td><p>Scan command state</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">scan_command_state</span></code></p></td>
@@ -8385,22 +8154,22 @@ <h3>Columns:<a class="headerlink" href="#id4" title="Link to this heading">¶</a
 <tr class="row-odd"><td><p>SEP computer id</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">computer_id</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The SEP computer ID</p></td>
 </tr>
 <tr class="row-even"><td><p>SEP file id</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">file_id</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The file ID from SEP</p></td>
 </tr>
 <tr class="row-odd"><td><p>SEP remediation command id</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">remediation_commandid</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The remediation command ID from SEP</p></td>
 </tr>
 <tr class="row-even"><td><p>SEP scan command id</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">scan_commandid</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The scan command ID from SEP</p></td>
 </tr>
 <tr class="row-odd"><td><p>SEP Scan type</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">scan_type</span></code></p></td>
@@ -8410,7 +8179,7 @@ <h3>Columns:<a class="headerlink" href="#id4" title="Link to this heading">¶</a
 <tr class="row-even"><td><p>SEP upload command id</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">upload_commandid</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>-</p></td>
+<td><p>The upload command ID from SEP</p></td>
 </tr>
 </tbody>
 </table>
@@ -8420,12 +8189,13 @@ <h3>Columns:<a class="headerlink" href="#id4" title="Link to this heading">¶</a
 <hr class="docutils" />
 <section id="data-table-symantec-sep-fingerprint-lists">
 <h2>Data Table - Symantec SEP - Fingerprint lists<a class="headerlink" href="#data-table-symantec-sep-fingerprint-lists" title="Link to this heading">¶</a></h2>
-<section id="id5">
-<h3>API Name:<a class="headerlink" href="#id5" title="Link to this heading">¶</a></h3>
+<p><img alt="screenshot: dt-symantec-sep---fingerprint-lists" src="fn_sep/doc/screenshots/dt-symantec-sep---fingerprint-lists.png" /></p>
+<section id="id7">
+<h3>API Name:<a class="headerlink" href="#id7" title="Link to this heading">¶</a></h3>
 <p>sep_fingerprint_lists</p>
 </section>
-<section id="id6">
-<h3>Columns:<a class="headerlink" href="#id6" title="Link to this heading">¶</a></h3>
+<section id="id8">
+<h3>Columns:<a class="headerlink" href="#id8" title="Link to this heading">¶</a></h3>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
 <thead>
@@ -8446,15 +8216,15 @@ <h3>Columns:<a class="headerlink" href="#id6" title="Link to this heading">¶</a
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
 <td><p>SEP list description.</p></td>
 </tr>
-<tr class="row-even"><td><p>List name</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">list_name</span></code></p></td>
+<tr class="row-even"><td><p>Hash values</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">hash_values</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>SEP list name.</p></td>
+<td><p>Hash values in list.</p></td>
 </tr>
-<tr class="row-odd"><td><p>MD5 Hash values</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">hash_values</span></code></p></td>
+<tr class="row-odd"><td><p>List name</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">list_name</span></code></p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
-<td><p>Hash values in list (Currently MD5 only supported).</p></td>
+<td><p>SEP list name.</p></td>
 </tr>
 <tr class="row-even"><td><p>Query Execution date</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">query_execution_date</span></code></p></td>
@@ -8479,12 +8249,13 @@ <h3>Columns:<a class="headerlink" href="#id6" title="Link to this heading">¶</a
 <hr class="docutils" />
 <section id="data-table-symantec-sep-groups">
 <h2>Data Table - Symantec SEP - Groups<a class="headerlink" href="#data-table-symantec-sep-groups" title="Link to this heading">¶</a></h2>
-<section id="id7">
-<h3>API Name:<a class="headerlink" href="#id7" title="Link to this heading">¶</a></h3>
+<p><img alt="screenshot: dt-symantec-sep---groups" src="fn_sep/doc/screenshots/dt-symantec-sep---groups.png" /></p>
+<section id="id9">
+<h3>API Name:<a class="headerlink" href="#id9" title="Link to this heading">¶</a></h3>
 <p>sep_groups</p>
 </section>
-<section id="id8">
-<h3>Columns:<a class="headerlink" href="#id8" title="Link to this heading">¶</a></h3>
+<section id="id10">
+<h3>Columns:<a class="headerlink" href="#id10" title="Link to this heading">¶</a></h3>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
 <thead>
@@ -8548,12 +8319,13 @@ <h3>Columns:<a class="headerlink" href="#id8" title="Link to this heading">¶</a
 <hr class="docutils" />
 <section id="data-table-symantec-sep-non-compliant-endpoints-status-details">
 <h2>Data Table - Symantec SEP - Non-compliant Endpoints status details<a class="headerlink" href="#data-table-symantec-sep-non-compliant-endpoints-status-details" title="Link to this heading">¶</a></h2>
-<section id="id9">
-<h3>API Name:<a class="headerlink" href="#id9" title="Link to this heading">¶</a></h3>
+<p><img alt="screenshot: dt-symantec-sep---non-compliant-endpoints-status-details" src="fn_sep/doc/screenshots/dt-symantec-sep---non-compliant-endpoints-status-details.png" /></p>
+<section id="id11">
+<h3>API Name:<a class="headerlink" href="#id11" title="Link to this heading">¶</a></h3>
 <p>sep_endpoints_non_compliant_details</p>
 </section>
-<section id="id10">
-<h3>Columns:<a class="headerlink" href="#id10" title="Link to this heading">¶</a></h3>
+<section id="id12">
+<h3>Columns:<a class="headerlink" href="#id12" title="Link to this heading">¶</a></h3>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
 <thead>
@@ -8655,118 +8427,6 @@ <h3>Columns:<a class="headerlink" href="#id10" title="Link to this heading">¶</
 </section>
 </section>
 <hr class="docutils" />
-<section id="rules">
-<h2>Rules<a class="headerlink" href="#rules" title="Link to this heading">¶</a></h2>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head"><p>Rule Name</p></th>
-<th class="head"><p>Object</p></th>
-<th class="head"><p>Workflow Triggered</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td><p>Example: SEP - Add Artifact from Scan Result</p></td>
-<td><p>sep_eoc_scan_results</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Add Hash to Blacklist</p></td>
-<td><p>artifact</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_add_fingerprint_list</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Assign Blacklist to lockdown group</p></td>
-<td><p>sep_groups</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_assign_fingerprint_list_to_lockdown_group</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Delete Blacklist</p></td>
-<td><p>sep_fingerprint_lists</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_delete_fingerprint_list</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Delete Hash from Blacklist</p></td>
-<td><p>artifact</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_delete_hash_from_fingerprint_list</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Get Blacklist information</p></td>
-<td><p>incident</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_blacklist_information</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Get Endpoint Details</p></td>
-<td><p>sep_eoc_scan_results</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_endpoint_details</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Get Endpoint Details for artifact</p></td>
-<td><p>artifact</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_endpoint_details_for_artifact</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Get Endpoints status summary</p></td>
-<td><p>incident</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_endpoints_status</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Get Endpoints status summary (refresh)</p></td>
-<td><p>sep_endpoint_status_summary</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_endpoints_status_refresh</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Get File Content as Base64 string</p></td>
-<td><p>sep_eoc_scan_results</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_file_content_as_base64_string</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Get Groups information</p></td>
-<td><p>incident</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_groups_information</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Get Non-Compliant Endpoints status details</p></td>
-<td><p>sep_endpoint_status_summary</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_endpoints_status_details</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Get Quarantine status</p></td>
-<td><p>sep_endpoint_details</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_quarantine_status</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Get Remediation status</p></td>
-<td><p>sep_eoc_scan_results</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_remediation_status</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Get Scan results</p></td>
-<td><p>sep_eoc_scan_results</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_scan_results</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Get Upload status</p></td>
-<td><p>sep_eoc_scan_results</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_get_upload_status</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Initiate EOC Scan for Artifact</p></td>
-<td><p>artifact</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_initiate_eoc_scan_for_artifact</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Move Endpoint</p></td>
-<td><p>sep_endpoint_details</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_move_endpoint</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Parse notification</p></td>
-<td><p>__emailmessage</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Quarantine Endpoint</p></td>
-<td><p>sep_endpoint_details</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_quarantine_endpoint</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Remediate Artifact on Endpoint</p></td>
-<td><p>sep_eoc_scan_results</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_remediate_artifact_on_endpoint</span></code></p></td>
-</tr>
-<tr class="row-even"><td><p>Example: SEP - Un-Quarantine Endpoint</p></td>
-<td><p>sep_endpoint_details</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_quarantine_endpoint</span></code></p></td>
-</tr>
-<tr class="row-odd"><td><p>Example: SEP - Upload file to SEPM server</p></td>
-<td><p>sep_eoc_scan_results</p></td>
-<td><p><code class="docutils literal notranslate"><span class="pre">wf_sep_upload_file_to_sepm</span></code></p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</section>
-<hr class="docutils" />
 <section id="troubleshooting-support">
 <h2>Troubleshooting &amp; Support<a class="headerlink" href="#troubleshooting-support" title="Link to this heading">¶</a></h2>
 <p>Refer to the documentation listed in the Requirements section for troubleshooting information.</p>
@@ -8835,6 +8495,7 @@ <h3>For Support<a class="headerlink" href="#for-support" title="Link to this hea
 <li><a class="reference internal" href="#">Symantec Endpoint Protection</a><ul>
 <li><a class="reference internal" href="#table-of-contents">Table of Contents</a></li>
 <li><a class="reference internal" href="#release-notes">Release Notes</a></li>
+<li><a class="reference internal" href="#changes">1.2.0 Changes</a></li>
 <li><a class="reference internal" href="#overview">Overview</a><ul>
 <li><a class="reference internal" href="#key-features">Key Features</a></li>
 </ul>
@@ -8855,56 +8516,61 @@ <h3>For Support<a class="headerlink" href="#for-support" title="Link to this hea
 </li>
 <li><a class="reference internal" href="#function-sep-add-fingerprint-list">Function - SEP - Add Fingerprint List</a></li>
 <li><a class="reference internal" href="#function-sep-assign-fingerprint-list-to-group">Function - SEP - Assign Fingerprint List to Group</a></li>
+<li><a class="reference internal" href="#function-sep-cancel-a-command">Function - SEP - Cancel a Command</a></li>
 <li><a class="reference internal" href="#function-sep-delete-fingerprint-list">Function - SEP - Delete Fingerprint List</a></li>
 <li><a class="reference internal" href="#function-sep-get-command-status">Function - SEP - Get Command Status</a></li>
 <li><a class="reference internal" href="#function-sep-get-computers">Function - SEP - Get Computers</a></li>
+<li><a class="reference internal" href="#function-sep-get-critical-events-info">Function - SEP - Get Critical Events Info</a></li>
 <li><a class="reference internal" href="#function-sep-get-domains">Function - SEP - Get Domains</a></li>
+<li><a class="reference internal" href="#function-sep-get-exceptions-policy">Function - SEP - Get Exceptions Policy</a></li>
 <li><a class="reference internal" href="#function-sep-get-file-content-as-base64">Function - SEP - Get File Content as Base64</a></li>
 <li><a class="reference internal" href="#function-sep-get-fingerprint-list">Function - SEP - Get Fingerprint List</a></li>
+<li><a class="reference internal" href="#function-sep-get-firewall-policy">Function - SEP - Get Firewall Policy</a></li>
 <li><a class="reference internal" href="#function-sep-get-groups">Function - SEP - Get Groups</a></li>
+<li><a class="reference internal" href="#function-sep-get-policy-summary">Function - SEP - Get Policy Summary</a></li>
 <li><a class="reference internal" href="#function-sep-move-endpoint">Function - SEP - Move endpoint</a></li>
 <li><a class="reference internal" href="#function-sep-quarantine-endpoints">Function - SEP - Quarantine Endpoints</a></li>
 <li><a class="reference internal" href="#function-sep-scan-endpoints">Function - SEP - Scan Endpoints</a></li>
 <li><a class="reference internal" href="#function-sep-update-fingerprint-list">Function - SEP - Update Fingerprint List</a></li>
 <li><a class="reference internal" href="#function-sep-upload-file-to-sepm">Function - SEP - Upload File to SEPM</a></li>
-<li><a class="reference internal" href="#function-sep-cancel-a-command">Function - SEP: Cancel a Command</a></li>
-<li><a class="reference internal" href="#function-sep-get-critical-events-info">Function - SEP: Get Critical Events Info</a></li>
-<li><a class="reference internal" href="#function-sep-get-exceptions-policy">Function - SEP: Get Exceptions Policy</a></li>
-<li><a class="reference internal" href="#function-sep-get-firewall-policy">Function - SEP: Get Firewall Policy</a></li>
-<li><a class="reference internal" href="#function-sep-get-policy-summary">Function - SEP: Get Policy Summary</a></li>
 <li><a class="reference internal" href="#script-scr-sep-add-artifact-from-scan-results">Script - scr_sep_add_artifact_from_scan_results</a></li>
 <li><a class="reference internal" href="#script-scr-sep-parse-email-notification">Script - scr_sep_parse_email_notification</a></li>
-<li><a class="reference internal" href="#data-table-symantec-sep-endpoint-details">Data Table - Symantec SEP - Endpoint details</a><ul>
+<li><a class="reference internal" href="#playbooks">Playbooks</a></li>
+<li><a class="reference internal" href="#data-table-symantec-sep-critical-events">Data Table - Symantec SEP - Critical Events</a><ul>
 <li><a class="reference internal" href="#api-name">API Name:</a></li>
 <li><a class="reference internal" href="#columns">Columns:</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#data-table-symantec-sep-endpoint-status-summary">Data Table - Symantec SEP - Endpoint status summary</a><ul>
+<li><a class="reference internal" href="#data-table-symantec-sep-endpoint-details">Data Table - Symantec SEP - Endpoint details</a><ul>
 <li><a class="reference internal" href="#id1">API Name:</a></li>
 <li><a class="reference internal" href="#id2">Columns:</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#data-table-symantec-sep-eoc-scan-results">Data Table - Symantec SEP - EOC scan results</a><ul>
+<li><a class="reference internal" href="#data-table-symantec-sep-endpoint-status-summary">Data Table - Symantec SEP - Endpoint status summary</a><ul>
 <li><a class="reference internal" href="#id3">API Name:</a></li>
 <li><a class="reference internal" href="#id4">Columns:</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#data-table-symantec-sep-fingerprint-lists">Data Table - Symantec SEP - Fingerprint lists</a><ul>
+<li><a class="reference internal" href="#data-table-symantec-sep-eoc-scan-results">Data Table - Symantec SEP - EOC scan results</a><ul>
 <li><a class="reference internal" href="#id5">API Name:</a></li>
 <li><a class="reference internal" href="#id6">Columns:</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#data-table-symantec-sep-groups">Data Table - Symantec SEP - Groups</a><ul>
+<li><a class="reference internal" href="#data-table-symantec-sep-fingerprint-lists">Data Table - Symantec SEP - Fingerprint lists</a><ul>
 <li><a class="reference internal" href="#id7">API Name:</a></li>
 <li><a class="reference internal" href="#id8">Columns:</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#data-table-symantec-sep-non-compliant-endpoints-status-details">Data Table - Symantec SEP - Non-compliant Endpoints status details</a><ul>
+<li><a class="reference internal" href="#data-table-symantec-sep-groups">Data Table - Symantec SEP - Groups</a><ul>
 <li><a class="reference internal" href="#id9">API Name:</a></li>
 <li><a class="reference internal" href="#id10">Columns:</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#rules">Rules</a></li>
+<li><a class="reference internal" href="#data-table-symantec-sep-non-compliant-endpoints-status-details">Data Table - Symantec SEP - Non-compliant Endpoints status details</a><ul>
+<li><a class="reference internal" href="#id11">API Name:</a></li>
+<li><a class="reference internal" href="#id12">Columns:</a></li>
+</ul>
+</li>
 <li><a class="reference internal" href="#troubleshooting-support">Troubleshooting &amp; Support</a><ul>
 <li><a class="reference internal" href="#for-support">For Support</a></li>
 </ul>
diff --git a/fn_service_now/README.html b/fn_service_now/README.html
index 650ad3749..5738443b0 100644
--- a/fn_service_now/README.html
+++ b/fn_service_now/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_service_now/docs/customize_resilient_guide/README.html b/fn_service_now/docs/customize_resilient_guide/README.html
index 546bb4ff2..c3edafc91 100644
--- a/fn_service_now/docs/customize_resilient_guide/README.html
+++ b/fn_service_now/docs/customize_resilient_guide/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_service_now/docs/customize_snow_guide/README.html b/fn_service_now/docs/customize_snow_guide/README.html
index 0a1c9ba5c..8182b7919 100644
--- a/fn_service_now/docs/customize_snow_guide/README.html
+++ b/fn_service_now/docs/customize_snow_guide/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_service_now/docs/install_guide/README.html b/fn_service_now/docs/install_guide/README.html
index 20bd4adc4..07ae63f21 100644
--- a/fn_service_now/docs/install_guide/README.html
+++ b/fn_service_now/docs/install_guide/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_shadowserver/README.html b/fn_shadowserver/README.html
index 50dba9f2a..714c0d2a8 100644
--- a/fn_shadowserver/README.html
+++ b/fn_shadowserver/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -490,7 +492,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM Security SOAR app for Shadowserver</strong></p>
-<p><img alt="screenshot: main" src="../_images/main60.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main61.png" /></p>
 <p>Queries Shadowserver to check if the hash provided matches an entry in our database. Returns details on the data source if there is a match.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_shodan/README.html b/fn_shodan/README.html
index ae703a872..f0db939a8 100644
--- a/fn_shodan/README.html
+++ b/fn_shodan/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -468,7 +470,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>A function to lookup IP Addresses in Shodan</strong></p>
-<p><img alt="screenshot: main" src="../_images/main61.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main62.png" /></p>
 <p>This is a simple function which takes IP Address artifacts and returns the results from https://www.shodan.io/.</p>
 <p>It will update the description of the artifact and add a note to the incident with the Vulnerabilities, Ports and more from Shodan.</p>
 <p>You will need an API key for Shodan - https://developer.shodan.io/billing/signup</p>
diff --git a/fn_siemplify/README.html b/fn_siemplify/README.html
index ae56fbd2c..42d5dbeba 100644
--- a/fn_siemplify/README.html
+++ b/fn_siemplify/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -512,7 +514,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Siemplify App for IBM QRadar SOAR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main62.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main63.png" /></p>
 <p>Bi-directional synchronization with Siemplify Cases, Entities, Attachments and Insights. Additional capabilities exist to list and add entries to the Siemplify Blocklist and Custom List.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -2574,7 +2576,7 @@ <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts29.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts30.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_slack/README.html b/fn_slack/README.html
index 42356197f..fd1fea3f0 100644
--- a/fn_slack/README.html
+++ b/fn_slack/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_snapshot_url/README.html b/fn_snapshot_url/README.html
index c2d19ad00..6b3c95eec 100644
--- a/fn_snapshot_url/README.html
+++ b/fn_snapshot_url/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_soar_utils/README.html b/fn_soar_utils/README.html
index 8bb84b71d..a2a9147b8 100644
--- a/fn_soar_utils/README.html
+++ b/fn_soar_utils/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -410,24 +412,7 @@
           </label>
         </div>
         <article role="main" id="furo-main-content">
-          <!--
-  This README.md is generated by running:
-  "resilient-sdk docgen -p fn_soar_utils"
-
-  It is best edited using a Text Editor with a Markdown Previewer. VS Code
-  is a good example. Checkout https://guides.github.com/features/mastering-markdown/
-  for tips on writing with Markdown
-
-  All fields followed by "::CHANGE_ME::"" should be manually edited
-
-  If you make manual edits and run docgen again, a .bak file will be created
-
-  Store any screenshots in the "doc/screenshots" directory and reference them like:
-  ![screenshot: screenshot_1](./screenshots/screenshot_1.png)
-
-  NOTE: If your app is available in the container-format only, there is no need to mention the integration server in this readme.
--->
-<section id="soar-utilities">
+          <section id="soar-utilities">
 <h1>SOAR Utilities<a class="headerlink" href="#soar-utilities" title="Link to this heading">¶</a></h1>
 <section id="table-of-contents">
 <h2>Table of Contents<a class="headerlink" href="#table-of-contents" title="Link to this heading">¶</a></h2>
@@ -487,11 +472,15 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p>1.0.1</p></td>
-<td><p>1/2023</p></td>
+<tr class="row-even"><td><p>1.0.2</p></td>
+<td><p>09/2024</p></td>
+<td><p>Bug fix for attachment zip list function</p></td>
+</tr>
+<tr class="row-odd"><td><p>1.0.1</p></td>
+<td><p>01/2023</p></td>
 <td><p>Bug fix and doc improvements</p></td>
 </tr>
-<tr class="row-odd"><td><p>1.0.0</p></td>
+<tr class="row-even"><td><p>1.0.0</p></td>
 <td><p>10/2022</p></td>
 <td><p>Initial Release</p></td>
 </tr>
@@ -507,7 +496,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Useful workflow functions for common automation and integration activities in the SOAR platform.</strong></p>
-<p><img alt="screenshot: main" src="../_images/main63.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main64.png" /></p>
 </section>
 <section id="soar-functions-taken-from-fn-utilities-to-simplify-development-of-integrations-by-wrapping-each-external-activity-into-an-individual-workflow-playbook-component-the-soar-platform-sends-data-from-artifacts-attachments-incident-data-etc-to-the-function-component-and-returns-results-to-the-workflow-playbook-the-results-can-be-acted-upon-by-scripts-rules-and-workflow-playbook-decision-points-to-dynamically-orchestrate-the-security-incident-response-activities">
 <h2>SOAR functions taken from fn_utilities to simplify development of integrations by wrapping each external activity into an individual workflow/playbook component. The SOAR Platform sends data from artifacts, attachments, incident data, etc. to the function component and returns results to the workflow/playbook. The results can be acted upon by scripts, rules, and workflow/playbook decision points to dynamically orchestrate the security incident response activities.<a class="headerlink" href="#soar-functions-taken-from-fn-utilities-to-simplify-development-of-integrations-by-wrapping-each-external-activity-into-an-individual-workflow-playbook-component-the-soar-platform-sends-data-from-artifacts-attachments-incident-data-etc-to-the-function-component-and-returns-results-to-the-workflow-playbook-the-results-can-be-acted-upon-by-scripts-rules-and-workflow-playbook-decision-points-to-dynamically-orchestrate-the-security-incident-response-activities" title="Link to this heading">¶</a></h2>
@@ -517,14 +506,14 @@ <h3>SOAR platform<a class="headerlink" href="#soar-platform" title="Link to this
 <p>The SOAR platform supports two app deployment mechanisms, App Host and integration server.</p>
 <p>If deploying to a SOAR platform with an App Host, the requirements are:</p>
 <ul class="simple">
-<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">45</span></code>.</p></li>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0</span></code>.</p></li>
 <li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
 </ul>
 <p>If deploying to a SOAR platform with an integration server, the requirements are:</p>
 <ul>
-<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">45</span></code>.</p></li>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0</span></code>.</p></li>
 <li><p>The app is in the older integration format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file which contains a <code class="docutils literal notranslate"><span class="pre">tar.gz</span></code> file).</p></li>
-<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient-circuits&gt;=46.0.0</span></code>.</p></li>
+<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient-circuits&gt;=51.0.0</span></code>.</p></li>
 <li><p>If using an API key account, make sure the account provides the following minimum permissions:</p>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
@@ -557,7 +546,7 @@ <h3>SOAR platform<a class="headerlink" href="#soar-platform" title="Link to this
 <h3>Cloud Pak for Security<a class="headerlink" href="#cloud-pak-for-security" title="Link to this heading">¶</a></h3>
 <p>If you are deploying to IBM Cloud Pak for Security, the requirements are:</p>
 <ul class="simple">
-<li><p>IBM Cloud Pak for Security &gt;= 1.9.</p></li>
+<li><p>IBM Cloud Pak for Security &gt;= 1.10.</p></li>
 <li><p>Cloud Pak is configured with an App Host.</p></li>
 <li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
 </ul>
@@ -574,10 +563,10 @@ <h3>Proxy Server<a class="headerlink" href="#proxy-server" title="Link to this h
 </section>
 <section id="python-environment">
 <h3>Python Environment<a class="headerlink" href="#python-environment" title="Link to this heading">¶</a></h3>
-<p>Both Python 3.6 and 3.9 are supported.
+<p>Both Python 3.9 and 3.11 are supported.
 Additional package dependencies may exist for each of these packages:</p>
 <ul class="simple">
-<li><p>resilient-circuits&gt;=46.0.0</p></li>
+<li><p>resilient-circuits&gt;=51.0.0</p></li>
 </ul>
 </section>
 </section>
diff --git a/fn_spamhaus_query/README.html b/fn_spamhaus_query/README.html
index 79945a573..2bbe46f6d 100644
--- a/fn_spamhaus_query/README.html
+++ b/fn_spamhaus_query/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -462,7 +464,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Look up IP Addresses + Domain Name in Spamhaus Datasets</strong></p>
-<p><img alt="screenshot: main" src="../_images/main64.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main65.png" /></p>
 <p>If a given artifact appears in one of Spamhaus Datasets, then the artifact’s description is updated with additional enrichment information.</p>
 </section>
 <hr class="docutils" />
diff --git a/fn_splunk_integration/README.html b/fn_splunk_integration/README.html
index fc8cab0c1..aed1eae24 100644
--- a/fn_splunk_integration/README.html
+++ b/fn_splunk_integration/README.html
@@ -3,7 +3,7 @@
   <head><meta charset="utf-8"/>
     <meta name="viewport" content="width=device-width,initial-scale=1"/>
     <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
-<link rel="search" title="Search" href="../search.html" /><link rel="next" title="Task Utilities" href="../fn_task_utils/README.html" /><link rel="prev" title="Spamhaus Lookup" href="../fn_spamhaus_query/README.html" />
+<link rel="search" title="Search" href="../search.html" /><link rel="next" title="Sumo Logic Cloud SIEM" href="../fn_sumo_logic/README.html" /><link rel="prev" title="Spamhaus Lookup" href="../fn_spamhaus_query/README.html" />
 
     <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
         <title>Splunk - QRadar SOAR Apps</title>
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -516,7 +518,7 @@ <h3>1.4.0<a class="headerlink" href="#id1" title="Link to this heading">¶</a></
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Add, Search and Delete artifacts to Splunk ES</strong></p>
-<p><img alt="screenshot: main" src="../_images/main65.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main66.png" /></p>
 <p>Several functions to operate with Splunk ES intel collections, including updates to SplunkES notable events and add, search and delete operations to intel collections based on artifact type values.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -1477,12 +1479,12 @@ <h3>For Support<a class="headerlink" href="#for-support" title="Link to this hea
       <footer>
         
         <div class="related-pages">
-          <a class="next-page" href="../fn_task_utils/README.html">
+          <a class="next-page" href="../fn_sumo_logic/README.html">
               <div class="page-info">
                 <div class="context">
                   <span>Next</span>
                 </div>
-                <div class="title">Task Utilities</div>
+                <div class="title">Sumo Logic Cloud SIEM</div>
               </div>
               <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
             </a>
diff --git a/fn_sumo_logic/README.html b/fn_sumo_logic/README.html
new file mode 100644
index 000000000..95c5362e2
--- /dev/null
+++ b/fn_sumo_logic/README.html
@@ -0,0 +1,3263 @@
+<!doctype html>
+<html class="no-js" lang="en" data-content_root="../">
+  <head><meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width,initial-scale=1"/>
+    <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
+<link rel="search" title="Search" href="../search.html" /><link rel="next" title="Task Utilities" href="../fn_task_utils/README.html" /><link rel="prev" title="Splunk" href="../fn_splunk_integration/README.html" />
+
+    <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
+        <title>Sumo Logic Cloud SIEM - QRadar SOAR Apps</title>
+      <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=a746c00c" />
+    <link rel="stylesheet" type="text/css" href="../_static/styles/furo.css?v=354aac6f" />
+    <link rel="stylesheet" type="text/css" href="../_static/copybutton.css?v=76b2166b" />
+    <link rel="stylesheet" type="text/css" href="../_static/sphinx-design.min.css?v=95c83b7e" />
+    <link rel="stylesheet" type="text/css" href="../_static/styles/furo-extensions.css?v=302659d7" />
+    <link rel="stylesheet" type="text/css" href="../_static/css/custom.css?v=afe95b24" />
+    
+    
+
+
+<style>
+  body {
+    --color-code-background: #f8f8f8;
+  --color-code-foreground: black;
+  
+  }
+  @media not print {
+    body[data-theme="dark"] {
+      --color-code-background: #202020;
+  --color-code-foreground: #d0d0d0;
+  
+    }
+    @media (prefers-color-scheme: dark) {
+      body:not([data-theme="light"]) {
+        --color-code-background: #202020;
+  --color-code-foreground: #d0d0d0;
+  
+      }
+    }
+  }
+</style></head>
+  <body>
+    
+    <script>
+      document.body.dataset.theme = localStorage.getItem("theme") || "auto";
+    </script>
+    
+
+<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
+  <symbol id="svg-toc" viewBox="0 0 24 24">
+    <title>Contents</title>
+    <svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 1024 1024">
+      <path d="M408 442h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8zm-8 204c0 4.4 3.6 8 8 8h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56zm504-486H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 632H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM115.4 518.9L271.7 642c5.8 4.6 14.4.5 14.4-6.9V388.9c0-7.4-8.5-11.5-14.4-6.9L115.4 505.1a8.74 8.74 0 0 0 0 13.8z"/>
+    </svg>
+  </symbol>
+  <symbol id="svg-menu" viewBox="0 0 24 24">
+    <title>Menu</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-menu">
+      <line x1="3" y1="12" x2="21" y2="12"></line>
+      <line x1="3" y1="6" x2="21" y2="6"></line>
+      <line x1="3" y1="18" x2="21" y2="18"></line>
+    </svg>
+  </symbol>
+  <symbol id="svg-arrow-right" viewBox="0 0 24 24">
+    <title>Expand</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-chevron-right">
+      <polyline points="9 18 15 12 9 6"></polyline>
+    </svg>
+  </symbol>
+  <symbol id="svg-sun" viewBox="0 0 24 24">
+    <title>Light mode</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="feather-sun">
+      <circle cx="12" cy="12" r="5"></circle>
+      <line x1="12" y1="1" x2="12" y2="3"></line>
+      <line x1="12" y1="21" x2="12" y2="23"></line>
+      <line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
+      <line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
+      <line x1="1" y1="12" x2="3" y2="12"></line>
+      <line x1="21" y1="12" x2="23" y2="12"></line>
+      <line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
+      <line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
+    </svg>
+  </symbol>
+  <symbol id="svg-moon" viewBox="0 0 24 24">
+    <title>Dark mode</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-moon">
+      <path stroke="none" d="M0 0h24v24H0z" fill="none" />
+      <path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z" />
+    </svg>
+  </symbol>
+  <symbol id="svg-sun-with-moon" viewBox="0 0 24 24">
+    <title>Auto light/dark, in light mode</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
+      class="icon-custom-derived-from-feather-sun-and-tabler-moon">
+      <path style="opacity: 50%" d="M 5.411 14.504 C 5.471 14.504 5.532 14.504 5.591 14.504 C 3.639 16.319 4.383 19.569 6.931 20.352 C 7.693 20.586 8.512 20.551 9.25 20.252 C 8.023 23.207 4.056 23.725 2.11 21.184 C 0.166 18.642 1.702 14.949 4.874 14.536 C 5.051 14.512 5.231 14.5 5.411 14.5 L 5.411 14.504 Z"/>
+      <line x1="14.5" y1="3.25" x2="14.5" y2="1.25"/>
+      <line x1="14.5" y1="15.85" x2="14.5" y2="17.85"/>
+      <line x1="10.044" y1="5.094" x2="8.63" y2="3.68"/>
+      <line x1="19" y1="14.05" x2="20.414" y2="15.464"/>
+      <line x1="8.2" y1="9.55" x2="6.2" y2="9.55"/>
+      <line x1="20.8" y1="9.55" x2="22.8" y2="9.55"/>
+      <line x1="10.044" y1="14.006" x2="8.63" y2="15.42"/>
+      <line x1="19" y1="5.05" x2="20.414" y2="3.636"/>
+      <circle cx="14.5" cy="9.55" r="3.6"/>
+    </svg>
+  </symbol>
+  <symbol id="svg-moon-with-sun" viewBox="0 0 24 24">
+    <title>Auto light/dark, in dark mode</title>
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
+      class="icon-custom-derived-from-feather-sun-and-tabler-moon">
+      <path d="M 8.282 7.007 C 8.385 7.007 8.494 7.007 8.595 7.007 C 5.18 10.184 6.481 15.869 10.942 17.24 C 12.275 17.648 13.706 17.589 15 17.066 C 12.851 22.236 5.91 23.143 2.505 18.696 C -0.897 14.249 1.791 7.786 7.342 7.063 C 7.652 7.021 7.965 7 8.282 7 L 8.282 7.007 Z"/>
+      <line style="opacity: 50%" x1="18" y1="3.705" x2="18" y2="2.5"/>
+      <line style="opacity: 50%" x1="18" y1="11.295" x2="18" y2="12.5"/>
+      <line style="opacity: 50%" x1="15.316" y1="4.816" x2="14.464" y2="3.964"/>
+      <line style="opacity: 50%" x1="20.711" y1="10.212" x2="21.563" y2="11.063"/>
+      <line style="opacity: 50%" x1="14.205" y1="7.5" x2="13.001" y2="7.5"/>
+      <line style="opacity: 50%" x1="21.795" y1="7.5" x2="23" y2="7.5"/>
+      <line style="opacity: 50%" x1="15.316" y1="10.184" x2="14.464" y2="11.036"/>
+      <line style="opacity: 50%" x1="20.711" y1="4.789" x2="21.563" y2="3.937"/>
+      <circle style="opacity: 50%" cx="18" cy="7.5" r="2.169"/>
+    </svg>
+  </symbol>
+  <symbol id="svg-pencil" viewBox="0 0 24 24">
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-pencil-code">
+      <path d="M4 20h4l10.5 -10.5a2.828 2.828 0 1 0 -4 -4l-10.5 10.5v4" />
+      <path d="M13.5 6.5l4 4" />
+      <path d="M20 21l2 -2l-2 -2" />
+      <path d="M17 17l-2 2l2 2" />
+    </svg>
+  </symbol>
+  <symbol id="svg-eye" viewBox="0 0 24 24">
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+      stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-eye-code">
+      <path stroke="none" d="M0 0h24v24H0z" fill="none" />
+      <path d="M10 12a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" />
+      <path
+        d="M11.11 17.958c-3.209 -.307 -5.91 -2.293 -8.11 -5.958c2.4 -4 5.4 -6 9 -6c3.6 0 6.6 2 9 6c-.21 .352 -.427 .688 -.647 1.008" />
+      <path d="M20 21l2 -2l-2 -2" />
+      <path d="M17 17l-2 2l2 2" />
+    </svg>
+  </symbol>
+</svg>
+
+<input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation">
+<input type="checkbox" class="sidebar-toggle" name="__toc" id="__toc">
+<label class="overlay sidebar-overlay" for="__navigation">
+  <div class="visually-hidden">Hide navigation sidebar</div>
+</label>
+<label class="overlay toc-overlay" for="__toc">
+  <div class="visually-hidden">Hide table of contents sidebar</div>
+</label>
+
+<a class="skip-to-content muted-link" href="#furo-main-content">Skip to content</a>
+
+
+
+<div class="page">
+  <header class="mobile-header">
+    <div class="header-left">
+      <label class="nav-overlay-icon" for="__navigation">
+        <div class="visually-hidden">Toggle site navigation sidebar</div>
+        <i class="icon"><svg><use href="#svg-menu"></use></svg></i>
+      </label>
+    </div>
+    <div class="header-center">
+      <a href="../index.html"><div class="brand">QRadar SOAR Apps</div></a>
+    </div>
+    <div class="header-right">
+      <div class="theme-toggle-container theme-toggle-header">
+        <button class="theme-toggle">
+          <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div>
+          <svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
+          <svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
+          <svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
+          <svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
+        </button>
+      </div>
+      <label class="toc-overlay-icon toc-header-icon" for="__toc">
+        <div class="visually-hidden">Toggle table of contents sidebar</div>
+        <i class="icon"><svg><use href="#svg-toc"></use></svg></i>
+      </label>
+    </div>
+  </header>
+  <aside class="sidebar-drawer">
+    <div class="sidebar-container">
+      
+      <div class="sidebar-sticky"><a class="sidebar-brand" href="../index.html">
+  
+  <div class="sidebar-logo-container">
+    <img class="sidebar-logo only-light" src="../_static/IBM_Security_Light.png" alt="Light Logo"/>
+    <img class="sidebar-logo only-dark" src="../_static/IBM_Security_Dark.png" alt="Dark Logo"/>
+  </div>
+  
+  <span class="sidebar-brand-text">QRadar SOAR Apps</span>
+  
+</a><form class="sidebar-search-container" method="get" action="../search.html" role="search">
+  <input class="sidebar-search" placeholder="Search" name="q" aria-label="Search">
+  <input type="hidden" name="check_keywords" value="yes">
+  <input type="hidden" name="area" value="default">
+</form>
+<div id="searchbox"></div><div class="sidebar-scroll"><div class="sidebar-tree">
+  <p class="caption" role="heading"><span class="caption-text">New and Recently Updated Apps</span></p>
+<ul>
+<li class="toctree-l1 has-children"><a class="reference internal" href="../fn_service_now/README.html">ServiceNow</a><input class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" role="switch" type="checkbox"/><label for="toctree-checkbox-1"><div class="visually-hidden">Toggle navigation of ServiceNow</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul>
+<li class="toctree-l2"><a class="reference internal" href="../fn_service_now/docs/install_guide/README.html">ServiceNow Installation Guide</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../fn_service_now/docs/customize_snow_guide/README.html">ServiceNow Customization Guide</a></li>
+<li class="toctree-l2"><a class="reference internal" href="../fn_service_now/docs/customize_resilient_guide/README.html">SOAR Customization Guide</a></li>
+</ul>
+</li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_remedy/README.html">Remedy</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_siemplify/README.html">Siemplify</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_vmware_cbc/README.html">VMware Carbon Black Cloud</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_aws_iam/README.html">AWS IAM</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_symantec_dlp/README.html">Symantec DLP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_resilientfeed/README.html">Data Feeder for SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_wiz/README.html">Wiz</a></li>
+</ul>
+<p class="caption" role="heading"><span class="caption-text">App Development</span></p>
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="../docs/python_api.html">IBM SOAR Python Documentation</a></li>
+</ul>
+<p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
+<ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ansible/README.html">Ansible for SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ansible_tower/README.html">Ansible Tower</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_api_void/README.html">APIVoid Threat Analysis APIs</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_aws_guardduty/README.html">fn_aws_guardduty</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_aws_utilities/README.html">AWS Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_axonius/README.html">Axonius</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_azure_automation_utilities/README.html">Azure Automation Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_bigfix/README.html">BigFix</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_bmc_helix/README.html">BMC Helix</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_calendar_invite/README.html">Calendar Invite</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cisco_amp4ep/README.html">Cisco Secure Endpoint</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cisco_asa/README.html">Cisco ASA</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cisco_enforcement/README.html">Cisco Umbrella Enforcement</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cisco_umbrella_inv/README.html">Cisco Umbrella Investigate</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_clamav/README.html">ClamAV</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cloud_foundry/README.html">Cloud Foundry</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_components/README.html">App Host Components</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_create_webex_meeting/README.html">Cisco WebEx</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_create_zoom_meeting/README.html">Zoom</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_cve_search/README.html">CVE Search</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_darktrace/README.html">Darktrace <!-- omit in toc --></a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_datatable_utils/README.html">Datatable Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_elasticsearch/README.html">ElasticSearch</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_email_header_validation/README.html">Email Header Validation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_exchange/README.html">Microsoft Exchange</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_exchange_online/README.html">Microsoft Exchange Online</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_extrahop/README.html">ExtraHop</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_geocoding/README.html">Google Geocoding</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_github/README.html">GitHub</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_google_cloud_dlp/README.html">Google Cloud DLP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_google_cloud_scc/README.html">Google Cloud Security Command Center</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_googlesafebrowsing/README.html">Google Safe Browsing</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_greynoise/README.html">GreyNoise</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_grpc_interface/README.html">gRPC Interface</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_insights_integration/README.html">Guardium Insights Integration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html">Guardium Integration Application for IBM Resilient.</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#table-of-contents">Table of Contents -</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#about-this-package">About this package</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#use-cases">Use Cases</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#prerequisites">Prerequisites</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#installation">Installation</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#configuration">Configuration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#resilient-configurations">Resilient Configurations</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#rules">Rules</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#run-application">Run Application</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#application-usage-and-details">Application Usage and Details</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#guardium-4a-list-parameter-names-by-report-name">Guardium: 4A. List Parameter Names By Report Name :</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_guardium_integration/README.html#guardium-4b-search-all-guardium-reports">Guardium: 4B. Search All Guardium Reports :</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_hibp/README.html">Have I Been Pwned</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_html2pdf/README.html">HTML to PDF</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_icdx/README.html">Symantec ICDx</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_incident_utils/README.html">Incident Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ioc_parser_v2/README.html">IOC Parser</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ipinfo/README.html">IPInfo</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_isitphishing/README.html">IsItPhishing</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_jira/README.html">Jira</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_joe_sandbox_analysis/README.html">Joe Sandbox Analysis</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_kafka/README.html">Kafka</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ldap_utilities/README.html">IBM SOAR LDAP Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_maas360/README.html">MaaS360</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mandiant/README.html">Mandiant Threat Intelligence</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_atd/README.html">McAfee ATD</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_epo/README.html">McAfee ePO</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_esm/README.html">McAfee ESM</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_opendxl/README.html">McAfee OpenDXL</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mcafee_tie/README.html">McAfee TIE</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_microsoft_defender/README.html">Microsoft Defender</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_microsoft_security_graph/README.html">Microsoft Security Graph Integration for SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_microsoft_sentinel/README.html">Microsoft Sentinel</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_misp/README.html">MISP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mitre_integration/README.html">MITRE ATT&amp;CK</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_mxtoolbox/README.html">About MxToolBox</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_netdevice/README.html">netMiko</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_network_utilities/README.html">Network Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_ocr/README.html">Image OCR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_odbc_query/README.html">ODBC Query</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_outbound_email/README.html">Outbound Email</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pa_panorama/README.html">Palo Alto Panorama</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pagerduty/README.html">PagerDuty</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_parse_utilities/README.html">Parse Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_passivetotal/README.html">PassiveTotal</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pastebin/README.html">PasteBin Creator</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_phish_ai/README.html">Phish.AI</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_phish_tank/README.html">PhishTank Lookup</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pipl/README.html">Pipl</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_playbook_maker/README.html">Playbook Maker</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_playbook_utils/README.html">Playbook Utils</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_proofpoint_tap/README.html">Proofpoint TAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_proofpoint_trap/README.html">Proofpoint TRAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_pulsedive/README.html">Pulsedive</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_qradar_advisor/README.html">QRadar Advisor Functions</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_qradar_enhanced_data/README.html">QRadar Enhanced Data Migration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_qradar_integration/README.html">QRadar Integration</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_query_tor_network/README.html">TOR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_randori/README.html">Randori</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_rapid7_insight_idr/README.html">Rapid7 InsightIDR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_reaqta/README.html">QRadar EDR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_relations/README.html">Parent/Child Relationships</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_rest_api/README.html">REST API Functions for SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_rsa_netwitness/README.html">RSA NetWitness</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_salesforce/README.html">Salesforce</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_soar_utils/README.html">SOAR Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_scheduler/README.html">Scheduler</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_secureworks_ctp/README.html">Secureworks CTP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sentinelone/README.html">SentinelOne</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sep/README.html">Symantec Endpoint Protection</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_shadowserver/README.html">Shadowserver</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_shodan/README.html">Shodan</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_slack/README.html">Slack</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Sumo Logic Cloud SIEM</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_timer/README.html">Timer Function</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_trusteer_ppd/README.html">Trusteer Pinpoint Detect</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_twilio/README.html">Twilio SMS</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_twitter_most_popular/README.html">Twitter Search API</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_url_to_dns/README.html">URL to DNS</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_urlhaus/README.html">URLhaus</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_urlscanio/README.html">URLScan.io</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_utilities/README.html">Utilities (Deprecated)</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_virustotal/README.html">VirusTotal</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_vmray_analyzer/README.html">VMRay Sandbox Analyzer</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_zia/README.html">Zscaler Internet Access Functions for IBM SOAR</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed/README.html">Data Feed Extension</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_elasticfeed/README.html">Data Feed Elasticsearch Plugin</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_kafkafeed/README.html">Data Feed KafkaFeed Plugin</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_odbcfeed/README.html">Data Feeder for ODBC Databases</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc_data_feed_plugin_splunkfeed/README.html">Data Feed plugin for Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-abuseipdb/README.html">AbuseIPDB Threat Service</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-haveibeenpwned/README.html">Have I Been Pwned Threat Searcher</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-mcafeetie/README.html">McAfee TIE Threat Searcher</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-passivetotal/README.html">RiskIQ PassiveTotal</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-shadowserver/README.html">ShadowServer Threat Service</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../rc-cts-urlscanio/README.html">URLScan IO Threat Searcher</a></li>
+</ul>
+
+</div>
+</div>
+
+      </div>
+      
+    </div>
+  </aside>
+  <div class="main">
+    <div class="content">
+      <div class="article-container">
+        <a href="#" class="back-to-top muted-link">
+          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
+            <path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"></path>
+          </svg>
+          <span>Back to top</span>
+        </a>
+        <div class="content-icon-container">
+          
+
+<div class="theme-toggle-container theme-toggle-content">
+            <button class="theme-toggle">
+              <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div>
+              <svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
+              <svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
+              <svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
+              <svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
+            </button>
+          </div>
+          <label class="toc-overlay-icon toc-content-icon" for="__toc">
+            <div class="visually-hidden">Toggle table of contents sidebar</div>
+            <i class="icon"><svg><use href="#svg-toc"></use></svg></i>
+          </label>
+        </div>
+        <article role="main" id="furo-main-content">
+          <!--
+  This README.md is generated by running:
+  "resilient-sdk docgen -p fn_sumo_logic"
+
+  This file was generated with resilient-sdk v51.0.2.2.1096
+
+  It is best edited using a Text Editor with a Markdown Previewer. VS Code
+  is a good example. Checkout https://guides.github.com/features/mastering-markdown/
+  for tips on writing with Markdown
+
+  All fields followed by "::CHANGE_ME::"" should be manually edited
+
+  If you make manual edits and run docgen again, a .bak file will be created
+
+  Store any screenshots in the "doc/screenshots" directory and reference them like:
+  ![screenshot: screenshot_1](./screenshots/screenshot_1.png)
+
+  NOTE: If your app is available in the container-format only, there is no need to mention the integration server in this readme.
+-->
+<section id="sumo-logic-cloud-siem">
+<h1>Sumo Logic Cloud SIEM<a class="headerlink" href="#sumo-logic-cloud-siem" title="Link to this heading">¶</a></h1>
+<section id="table-of-contents">
+<h2>Table of Contents<a class="headerlink" href="#table-of-contents" title="Link to this heading">¶</a></h2>
+<ul class="simple">
+<li><p><a class="reference internal" href="#sumo-logic-cloud-siem"><span class="xref myst">Sumo Logic Cloud SIEM</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#table-of-contents"><span class="xref myst">Table of Contents</span></a></p></li>
+<li><p><a class="reference internal" href="#release-notes"><span class="xref myst">Release Notes</span></a></p></li>
+<li><p><a class="reference internal" href="#overview"><span class="xref myst">Overview</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#key-features"><span class="xref myst">Key Features</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#requirements"><span class="xref myst">Requirements</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#soar-platform"><span class="xref myst">SOAR platform</span></a></p></li>
+<li><p><a class="reference internal" href="#cloud-pak-for-security"><span class="xref myst">Cloud Pak for Security</span></a></p></li>
+<li><p><a class="reference internal" href="#proxy-server"><span class="xref myst">Proxy Server</span></a></p></li>
+<li><p><a class="reference internal" href="#python-environment"><span class="xref myst">Python Environment</span></a></p></li>
+<li><p><a class="reference internal" href="#sumo-logic-development-version"><span class="xref myst">Sumo Logic Development Version</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#prerequisites"><span class="xref myst">Prerequisites</span></a></p></li>
+<li><p><a class="reference internal" href="#configuration"><span class="xref myst">Configuration</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#generate-an-access-key-and-secret-in-sumo-log-analytics-platform"><span class="xref myst">Generate an Access Key and Secret in Sumo Log Analytics Platform</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#"><code class="xref myst docutils literal notranslate"></code></a></p></li>
+<li><p><a class="reference internal" href="#installation"><span class="xref myst">Installation</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#install"><span class="xref myst">Install</span></a></p></li>
+<li><p><a class="reference internal" href="#app-configuration"><span class="xref myst">App Configuration</span></a></p></li>
+<li><p><a class="reference internal" href="#poller-considerations"><span class="xref myst">Poller Considerations</span></a></p></li>
+<li><p><a class="reference internal" href="#insights-filtering"><span class="xref myst">Insights Filtering</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#polling-filter-examples"><span class="xref myst">Polling Filter Examples</span></a></p></li>
+<li><p><a class="reference internal" href="#poller-templates-for-soar-cases"><span class="xref myst">Poller Templates for SOAR Cases</span></a></p></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#function---sumo-logic-add-comment-to-insight"><span class="xref myst">Function - Sumo Logic: Add Comment to Insight</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sumo-logic-add-tag-to-insight"><span class="xref myst">Function - Sumo Logic: Add Tag to Insight</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sumo-logic-get-entity"><span class="xref myst">Function - Sumo Logic: Get Entity</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sumo-logic-get-insight-by-id"><span class="xref myst">Function - Sumo Logic: Get Insight By ID</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sumo-logic-get-insights-comments"><span class="xref myst">Function - Sumo Logic: Get Insights Comments</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sumo-logic-get-signal-by-id"><span class="xref myst">Function - Sumo Logic: Get Signal by ID</span></a></p></li>
+<li><p><a class="reference internal" href="#function---sumo-logic-update-insight-status"><span class="xref myst">Function - Sumo Logic: Update Insight Status</span></a></p></li>
+<li><p><a class="reference internal" href="#script---convert-json-to-rich-text-v13"><span class="xref myst">Script - Convert JSON to rich text v1.3</span></a></p></li>
+<li><p><a class="reference internal" href="#script---sumo-logic-add-artifacts-from-insight"><span class="xref myst">Script - Sumo Logic: Add Artifacts from Insight</span></a></p></li>
+<li><p><a class="reference internal" href="#script---sumo-logic-populate-signals-data-table"><span class="xref myst">Script - Sumo Logic: Populate Signals Data Table</span></a></p></li>
+<li><p><a class="reference internal" href="#playbooks"><span class="xref myst">Playbooks</span></a></p></li>
+<li><p><a class="reference internal" href="#custom-layouts"><span class="xref myst">Custom Layouts</span></a></p></li>
+<li><p><a class="reference internal" href="#data-table---signals"><span class="xref myst">Data Table - Signals</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#api-name"><span class="xref myst">API Name:</span></a></p></li>
+<li><p><a class="reference internal" href="#columns"><span class="xref myst">Columns:</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#custom-fields"><span class="xref myst">Custom Fields</span></a></p></li>
+<li><p><a class="reference internal" href="#troubleshooting--support"><span class="xref myst">Troubleshooting &amp; Support</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#for-support"><span class="xref myst">For Support</span></a></p></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</section>
+<hr class="docutils" />
+<section id="release-notes">
+<h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this heading">¶</a></h2>
+<!--
+  Specify all changes in this release. Do not remove the release
+  notes of a previous release
+-->
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Version</p></th>
+<th class="head"><p>Date</p></th>
+<th class="head"><p>Notes</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>1.0.0</p></td>
+<td><p>08/2024</p></td>
+<td><p>Initial Release</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+<hr class="docutils" />
+<section id="overview">
+<h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
+<!--
+  Provide a high-level description of the function itself and its remote software or application.
+  The text below is parsed from the "description" and "long_description" attributes in the setup.py file
+-->
+<p><strong>IBM SOAR app - bidirectional synchronization and functions for Sumo Logic</strong></p>
+<p><img alt="screenshot: main" src="../_images/main67.png" /></p>
+<p>Bi-directional App for Sumo Logic Cloud SIEM. Query Sumo Logic for insights based on user-defined query parameters and create and update cases in SOAR.<br></p>
+<section id="key-features">
+<h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
+<!--
+  List the Key Features of the Integration
+-->
+<ul class="simple">
+<li><p>Poll Sumo Logic insights and create and update the corresponding cases in SOAR</p></li>
+<li><p>Allow user to specify insight polling filters to limit insights escalated to SOAR</p></li>
+<li><p>Create artifacts in SOAR case from Sumo Logic entities</p></li>
+<li><p>Create hits on SOAR artifacts based on the corresponding entity’s Signal Severity Total in Sumo Logic via automatic or manual playbooks</p></li>
+<li><p>Synchronize comments and notes between Sumo Logic insight and corresponding SOAR case</p></li>
+<li><p>View insight signal details in the Signals data table</p></li>
+<li><p>Write the insight, signal and entity full JSON data from Sumo Logic to a note in SOAR</p></li>
+<li><p>Post tags to an insight from SOAR</p></li>
+<li><p>Sumo Logic custom incident tab that contains insight custom fields, a link back to the insight in Sumo Logic and the Signals data table</p></li>
+</ul>
+</section>
+</section>
+<hr class="docutils" />
+<section id="requirements">
+<h2>Requirements<a class="headerlink" href="#requirements" title="Link to this heading">¶</a></h2>
+<!--
+  List any Requirements
+-->
+<p>This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRadar SOAR for IBM Cloud Pak for Security.</p>
+<section id="soar-platform">
+<h3>SOAR platform<a class="headerlink" href="#soar-platform" title="Link to this heading">¶</a></h3>
+<p>The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.</p>
+<p>If deploying to a SOAR platform with an App Host, the requirements are:</p>
+<ul class="simple">
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0.0</span></code>.</p></li>
+<li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
+</ul>
+<p>If deploying to a SOAR platform with an integration server, the requirements are:</p>
+<ul>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0.0</span></code>.</p></li>
+<li><p>The app is in the older integration format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file which contains a <code class="docutils literal notranslate"><span class="pre">tar.gz</span></code> file).</p></li>
+<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient-circuits&gt;=51.0.0</span></code>.</p></li>
+<li><p>If using an API key account, make sure the account provides the following minimum permissions:</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head"><p>Permissions</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Org Data</p></td>
+<td><p>Read</p></td>
+</tr>
+<tr class="row-odd"><td><p>Function</p></td>
+<td><p>Read</p></td>
+</tr>
+<tr class="row-even"><td><p>Incidents</p></td>
+<td><p>Read, Create</p></td>
+</tr>
+<tr class="row-odd"><td><p>Edit Incidents</p></td>
+<td><p>Fields, Status</p></td>
+</tr>
+<tr class="row-even"><td><p>Layouts</p></td>
+<td><p>Read, Edit</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</li>
+</ul>
+<p>The following SOAR platform guides provide additional information:</p>
+<ul class="simple">
+<li><p><em>Edge Gateway Deployment Guide</em> or <em>App Host Deployment Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings.</p></li>
+<li><p><em>Integration Server Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings.</p></li>
+<li><p><em>System Administrator Guide</em>: provides the procedure to install, configure and deploy apps.</p></li>
+</ul>
+<p>The above guides are available on the IBM Documentation website at <a class="reference external" href="https://ibm.biz/soar-docs">ibm.biz/soar-docs</a>. On this web page, select your SOAR platform version. On the follow-on page, you can find the <em>Edge Gateway Deployment Guide</em>, <em>App Host Deployment Guide</em>, or <em>Integration Server Guide</em> by expanding <strong>Apps</strong> in the Table of Contents pane. The System Administrator Guide is available by expanding <strong>System Administrator</strong>.</p>
+</section>
+<section id="cloud-pak-for-security">
+<h3>Cloud Pak for Security<a class="headerlink" href="#cloud-pak-for-security" title="Link to this heading">¶</a></h3>
+<p>If you are deploying to IBM Cloud Pak for Security, the requirements are:</p>
+<ul class="simple">
+<li><p>IBM Cloud Pak for Security &gt;= <code class="docutils literal notranslate"><span class="pre">1.10</span></code>.</p></li>
+<li><p>Cloud Pak is configured with an Edge Gateway.</p></li>
+<li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
+</ul>
+<p>The following Cloud Pak guides provide additional information:</p>
+<ul class="simple">
+<li><p><em>Edge Gateway Deployment Guide</em> or <em>App Host Deployment Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings. From the Table of Contents, select Case Management and Orchestration &amp; Automation &gt; <strong>Orchestration and Automation Apps</strong>.</p></li>
+<li><p><em>System Administrator Guide</em>: provides information to install, configure, and deploy apps. From the IBM Cloud Pak for Security IBM Documentation table of contents, select Case Management and Orchestration &amp; Automation &gt; <strong>System administrator</strong>.</p></li>
+</ul>
+<p>These guides are available on the IBM Documentation website at <a class="reference external" href="https://ibm.biz/cp4s-docs">ibm.biz/cp4s-docs</a>. From this web page, select your IBM Cloud Pak for Security version. From the version-specific IBM Documentation page, select Case Management and Orchestration &amp; Automation.</p>
+</section>
+<section id="proxy-server">
+<h3>Proxy Server<a class="headerlink" href="#proxy-server" title="Link to this heading">¶</a></h3>
+<p>The app <strong>does</strong> support a proxy server.</p>
+</section>
+<section id="python-environment">
+<h3>Python Environment<a class="headerlink" href="#python-environment" title="Link to this heading">¶</a></h3>
+<p>Python 3.9, 3.11, and 3.12 are officially supported. When deployed as an app, the app runs on Python 3.11.
+Additional package dependencies may exist for each of these packages:</p>
+<ul class="simple">
+<li><p>resilient-circuits&gt;=51.0.0</p></li>
+</ul>
+</section>
+<section id="sumo-logic-development-version">
+<h3>Sumo Logic Development Version<a class="headerlink" href="#sumo-logic-development-version" title="Link to this heading">¶</a></h3>
+<p>This app has been implemented using:</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Product Name</p></th>
+<th class="head"><p>Product Version</p></th>
+<th class="head"><p>API URL</p></th>
+<th class="head"><p>API Version</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Sumo Logic Cloud SIEM</p></td>
+<td><p>N/A</p></td>
+<td><p>https://api.sumologic.com/api</p></td>
+<td><p>v1</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+<section id="prerequisites">
+<h4>Prerequisites<a class="headerlink" href="#prerequisites" title="Link to this heading">¶</a></h4>
+<!--
+List any prerequisites that are needed to use with this endpoint solution. Remove any section that is unnecessary.
+-->
+<ul class="simple">
+<li><p>A Sumo Logic Log Analytics Platform user account in which Cloud SIEM Enterprise is enabled.</p></li>
+</ul>
+</section>
+<section id="configuration">
+<h4>Configuration<a class="headerlink" href="#configuration" title="Link to this heading">¶</a></h4>
+<!--
+List any steps that are needed to configure the endpoint to use this app.
+-->
+</section>
+</section>
+<section id="generate-an-access-key-and-secret-in-sumo-log-analytics-platform">
+<h3>Generate an Access Key and Secret in Sumo Log Analytics Platform<a class="headerlink" href="#generate-an-access-key-and-secret-in-sumo-log-analytics-platform" title="Link to this heading">¶</a></h3>
+<p>In the lower left corner of the Sumo Logic panel in the User Account Preferences menu item, Click on the <code class="docutils literal notranslate"><span class="pre">+</span> <span class="pre">Add</span> <span class="pre">Access</span> <span class="pre">Key</span></code> blue button:</p>
+<p><img alt="screenshot: fn-sumo-logic-access-id-key" src="../_images/fn-sumo-logic-access-id-key.png" /></p>
+<p>In the <code class="docutils literal notranslate"><span class="pre">Create</span> <span class="pre">an</span> <span class="pre">Access</span> <span class="pre">Key</span></code> dialog, enter an <code class="docutils literal notranslate"><span class="pre">Access</span> <span class="pre">Key</span> <span class="pre">Name</span></code> and Click the blue <code class="docutils literal notranslate"><span class="pre">Create</span> <span class="pre">Key</span></code> button.</p>
+<p><img alt="screenshot: fn-sumo-logic-create-access-key" src="../_images/fn-sumo-logic-create-access-key.png" /></p>
+<p>Copy the Access ID and Access Key for use in the app.config file.</p>
+</section>
+</section>
+<section id="id1">
+<h2><img alt="screenshot: fn-sumo-logic-access-id-key-dialog" src="../_images/fn-sumo-logic-access-id-key-dialog.png" /><a class="headerlink" href="#id1" title="Link to this heading">¶</a></h2>
+</section>
+<section id="installation">
+<h2>Installation<a class="headerlink" href="#installation" title="Link to this heading">¶</a></h2>
+<section id="install">
+<h3>Install<a class="headerlink" href="#install" title="Link to this heading">¶</a></h3>
+<ul class="simple">
+<li><p>To install or uninstall an App or Integration on the <em>SOAR platform</em>, see the documentation at <a class="reference external" href="https://ibm.biz/soar-docs">ibm.biz/soar-docs</a>.</p></li>
+<li><p>To install or uninstall an App on <em>IBM Cloud Pak for Security</em>, see the documentation at <a class="reference external" href="https://ibm.biz/cp4s-docs">ibm.biz/cp4s-docs</a> and follow the instructions above to navigate to Orchestration and Automation.</p></li>
+</ul>
+</section>
+<section id="app-configuration">
+<h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link to this heading">¶</a></h3>
+<p>The following table provides the settings you need to configure the app. These settings are made in the app.config file. See the documentation discussed in the Requirements section for the procedure.</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Config</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Description</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><strong>access_id</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">xxx</span></code></p></td>
+<td><p><em>Sumo Logic Access ID.</em></p></td>
+</tr>
+<tr class="row-odd"><td><p><strong>access_key</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">xxx</span></code></p></td>
+<td><p><em>Sumo Logic Access Key.</em></p></td>
+</tr>
+<tr class="row-even"><td><p><strong>api_endpoint_url</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">https://api.sumologic.com/api</span></code></p></td>
+<td><p><em>Sumo Logic REST API endpoint URL. See Sumo Logic documentation to determine URL for your region: https://help.sumologic.com/docs/api/getting-started/#which-endpoint-should-i-should-use .</em></p></td>
+</tr>
+<tr class="row-odd"><td><p><strong>console_url</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">https://service.sumologic.com</span></code></p></td>
+<td><p><em>Sumo Logic console URL - used to create links back to Sumo Logic Insight.</em></p></td>
+</tr>
+<tr class="row-even"><td><p><strong>polling_interval</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">600</span></code></p></td>
+<td><p><em>Poller interval time in seconds. Value of zero turns poller off.</em></p></td>
+</tr>
+<tr class="row-odd"><td><p><strong>polling_lookback</strong></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">20160</span></code></p></td>
+<td><p><em>Number of minutes to lookback for queries the first time the poller runs.</em></p></td>
+</tr>
+<tr class="row-even"><td><p><strong>polling_add_case_url_comment_in_sumo_logic</strong></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">True</span></code></p></td>
+<td><p><em>Boolean flag indicating whether or not to add a comment in the Sumo Logic Insight that contains the URL link back to corresponding SOAR case.</em></p></td>
+</tr>
+<tr class="row-odd"><td><p><strong>polling_filters</strong></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">status:in(&quot;inprogress&quot;,&quot;new&quot;,&quot;closed&quot;)</span> <span class="pre">confidence:&gt;=.70</span> <span class="pre">severity:&gt;=&quot;MEDIUM&quot;</span></code></p></td>
+<td><p><em>Polling filters to limit escalated insights - Sumo Logic DSL query statement - each query parameter separated by a space.</em></p></td>
+</tr>
+<tr class="row-even"><td><p><strong>soar_create_case_template</strong></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">/var/rescircuits/create_case.jinja</span></code></p></td>
+<td><p><em>Path to override template for automatic case creation. See <a class="reference internal" href="#poller-considerations"><span class="xref myst">Poller Considerations</span></a>.</em></p></td>
+</tr>
+<tr class="row-odd"><td><p><strong>soar_update_case_template</strong></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">/var/rescircuits/update_case.jinja</span></code></p></td>
+<td><p><em>Path to override template for automatic case updating. See <a class="reference internal" href="#poller-considerations"><span class="xref myst">Poller Considerations</span></a>.</em></p></td>
+</tr>
+<tr class="row-even"><td><p><strong>soar_close_case_template</strong></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">/var/rescircuits/close_case.jinja</span></code></p></td>
+<td><p><em>Path to override template for automatic case closing. See <a class="reference internal" href="#poller-considerations"><span class="xref myst">Poller Considerations</span></a>.</em></p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+<section id="poller-considerations">
+<h3>Poller Considerations<a class="headerlink" href="#poller-considerations" title="Link to this heading">¶</a></h3>
+<p>When the poller is enabled, cases are automatically escalated from this app. Any updates are checked at the cadence defined by the value set for <code class="docutils literal notranslate"><span class="pre">polling_interval</span></code>. It is possible, however, to escalate cases from other sources.
+In this scenario, the poller would be disabled by setting <code class="docutils literal notranslate"><span class="pre">polling_interval=0</span></code> and a separate source might capture a case from the endpoint and in turn create a case in SOAR. This app can still be useful for enrichment of that
+newly created case even though it was not directly escalated from this app. As long as the reference ID (i.e. alert ID, event ID, etc…) for each case is preserved, all remaining details will synchronize to the SOAR case through this app automatically.</p>
+<p>Sumo Logic REST API does not allow querying insights based on insight field <code class="docutils literal notranslate"><span class="pre">lastUpdated</span></code> timestamp. In order to implement bidirectional synchronization between Sumo Logic insights and SOAR cases, all Sumo Logic insights that have cases in SOAR are fetched and each case is updated on each polling interval.  Take this overhead into consideration when determining the <code class="docutils literal notranslate"><span class="pre">polling_interval</span></code>, especially if you have a large number of Sumo Logic cases in SOAR.</p>
+</section>
+<section id="insights-filtering">
+<h3>Insights Filtering<a class="headerlink" href="#insights-filtering" title="Link to this heading">¶</a></h3>
+<p>To limit the number of insights escalated to SOAR, consider using the optional <code class="docutils literal notranslate"><span class="pre">polling_filters</span></code> parameter in the app configuration file. The query string format is documented in Sumo Logic at: https://api.sumologic.com/docs/sec/#operation/GetInsights and below:</p>
+<p>The search query string uses sumo logic custom DSL that is used to filter the results.</p>
+<p>Each filter is in the format <code class="docutils literal notranslate"><span class="pre">field:operator:value</span></code>. Multiple filters are separated by a space.</p>
+<p>Operators:</p>
+<ul class="simple">
+<li><p><code class="docutils literal notranslate"><span class="pre">exampleField:&quot;bar&quot;</span></code>: The value of the field is equal to “bar”.</p></li>
+<li><p><code class="docutils literal notranslate"><span class="pre">exampleField:in(&quot;bar&quot;,</span> <span class="pre">&quot;baz&quot;,</span> <span class="pre">&quot;qux&quot;)</span></code>: The value of the field is equal to either “bar”, “baz”, or “qux”.</p></li>
+<li><p><code class="docutils literal notranslate"><span class="pre">exampleTextField:contains(&quot;foo</span> <span class="pre">bar&quot;)</span></code>: The value of the field contains the phrase “foo bar”.</p></li>
+<li><p><code class="docutils literal notranslate"><span class="pre">exampleNumField:&gt;5</span></code>: The value of the field is greater than 5. There are similar <code class="docutils literal notranslate"><span class="pre">&lt;</span></code>, <code class="docutils literal notranslate"><span class="pre">&lt;=</span></code>, and <code class="docutils literal notranslate"><span class="pre">&gt;=</span></code> operators.</p></li>
+<li><p><code class="docutils literal notranslate"><span class="pre">exampleNumField:5..10</span></code>: The value of the field is between 5 and 10 (inclusive).</p></li>
+<li><p><code class="docutils literal notranslate"><span class="pre">exampleDateField:&gt;2019-02-01T05:00:00+00:00</span></code>: The value of the date field is after 5 a.m. UTC time on February 2, 2019.</p></li>
+<li><p><code class="docutils literal notranslate"><span class="pre">exampleDateField:2019-02-01T05:00:00+00:00..2019-02-01T08:00:00+00:00</span></code>: The value of the date field is between 5 a.m. and 8 a.m. UTC time on February 2, 2019.</p></li>
+</ul>
+<p>Fields:</p>
+<ul class="simple">
+<li><p>readableId</p></li>
+<li><p>status</p></li>
+<li><p>statusId</p></li>
+<li><p>name</p></li>
+<li><p>insightId</p></li>
+<li><p>serialId</p></li>
+<li><p>description</p></li>
+<li><p>created</p></li>
+<li><p>timestamp</p></li>
+<li><p>closed</p></li>
+<li><p>assignee</p></li>
+<li><p>entity.id</p></li>
+<li><p>entity.ip</p></li>
+<li><p>entity.hostname</p></li>
+<li><p>entity.username</p></li>
+<li><p>entity.sensorZone</p></li>
+<li><p>entity.type</p></li>
+<li><p>entity.value</p></li>
+<li><p>involvedEntities.id</p></li>
+<li><p>involvedEntities.type,</p></li>
+<li><p>involvedEntities.value</p></li>
+<li><p>enrichment</p></li>
+<li><p>sensorZone</p></li>
+<li><p>tag</p></li>
+<li><p>severity</p></li>
+<li><p>resolution</p></li>
+<li><p>subResolution</p></li>
+<li><p>ruleId</p></li>
+<li><p>records</p></li>
+<li><p>confidence</p></li>
+</ul>
+<p>NOTE: The poller uses the <code class="docutils literal notranslate"><span class="pre">created</span></code> field to escalate new insights to SOAR, so this insight field should not be used to filter insights.</p>
+<section id="polling-filter-examples">
+<h4>Polling Filter Examples<a class="headerlink" href="#polling-filter-examples" title="Link to this heading">¶</a></h4>
+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">polling_filters</span> <span class="o">=</span> <span class="n">status</span><span class="p">:</span><span class="ow">in</span><span class="p">(</span><span class="s2">&quot;inprogress&quot;</span><span class="p">,</span><span class="s2">&quot;new&quot;</span><span class="p">,</span><span class="s2">&quot;closed&quot;</span><span class="p">)</span> <span class="n">confidence</span><span class="p">:</span><span class="o">&gt;=</span><span class="mf">.85</span> <span class="n">severity</span><span class="p">:</span><span class="o">&gt;=</span><span class="s2">&quot;HIGH&quot;</span>
+</pre></div>
+</div>
+<p>In this example, the query will return all insights with a status of either “inprogress”, “new”, and “closed” AND a confidence greater than or equal to .85 AND a severity greater than or equal to “HIGH” (which includes values “HIGH” or “CRITICAL”).</p>
+</section>
+<section id="poller-templates-for-soar-cases">
+<h4>Poller Templates for SOAR Cases<a class="headerlink" href="#poller-templates-for-soar-cases" title="Link to this heading">¶</a></h4>
+<p>It may be necessary to modify the templates used to create, update, or close SOAR cases based on your required custom fields in SOAR.</p>
+<p>This is especially relevant if you have required custom <em>close</em> fields that need to be filled when closing a case in SOAR. If that is the case, be sure to implement a custom <code class="docutils literal notranslate"><span class="pre">close_case_template</span></code> and reference those required close fields in the template.</p>
+<p>When overriding the template in App Host, specify the file path for each file as <code class="docutils literal notranslate"><span class="pre">/var/rescircuits</span></code>.</p>
+<p>Below are the default templates used which can be copied, modified, and used with app_config’s
+<code class="docutils literal notranslate"><span class="pre">soar_create_case_template</span></code>, <code class="docutils literal notranslate"><span class="pre">soar_update_case_template</span></code>, and <code class="docutils literal notranslate"><span class="pre">soar_close_case_template</span></code> settings to override the default templates.</p>
+<details><summary>soar_create_case.jinja</summary>
+<div class="highlight-jinja notranslate"><div class="highlight"><pre><span></span><span class="x">{</span>
+<span class="x">  </span><span class="c">{# JINJA template for creating a new SOAR incident from an endpoint #}</span>
+<span class="x">  </span><span class="c">{# See https://ibmresilient.github.io/resilient-python-api/pages/resilient-lib/resilient-lib.html#module-resilient_lib.components.templates_common</span>
+<span class="c">     for details on available jinja methods. Examples for `soar_substitute` and more are included below.</span>
+<span class="c">  #}</span>
+<span class="x">  </span><span class="cp">{%</span> <span class="k">set</span> <span class="nv">severity_mapping</span> <span class="o">=</span> <span class="s1">&#39;&#39;&#39;{</span>
+<span class="s1">    &quot;CRITICAL&quot;: &quot;High&quot;, </span>
+<span class="s1">    &quot;HIGH&quot;: &quot;High&quot;, </span>
+<span class="s1">    &quot;MEDIUM&quot;: &quot;Medium&quot;, </span>
+<span class="s1">    &quot;LOW&quot;: &quot;Low&quot;</span>
+<span class="s1">  }&#39;&#39;&#39;</span>
+  <span class="cp">%}</span>
+<span class="x">  </span><span class="c">{# modify to specify your specific **data** fields #}</span>
+<span class="x">  &quot;name&quot;: &quot;Sumo Logic </span><span class="cp">{{</span> <span class="nv">readableId</span> <span class="cp">}}</span><span class="x"> - </span><span class="cp">{{</span> <span class="nv">name</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">  &quot;description&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">description</span> <span class="o">|</span> <span class="nf">replace</span><span class="o">(</span><span class="s1">&#39;&quot;&#39;</span><span class="o">,</span> <span class="s1">&#39;\\&quot;&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">  </span><span class="c">{# start_date cannot be after discovered_date #}</span>
+<span class="x">  </span><span class="cp">{%</span> <span class="k">set</span> <span class="nv">start_date</span> <span class="o">=</span> <span class="nv">created</span> <span class="k">if</span> <span class="nv">created</span> <span class="o">&lt;=</span> <span class="nv">created</span> <span class="k">else</span> <span class="nv">created</span> <span class="cp">%}</span>
+<span class="x">  &quot;discovered_date&quot;: </span><span class="cp">{{</span> <span class="nv">created</span><span class="o">|</span> <span class="nf">soar_datetimeformat</span><span class="o">(</span><span class="nv">split_at</span><span class="o">=</span><span class="s1">&#39;.&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="x">,</span>
+<span class="x">  &quot;start_date&quot;: </span><span class="cp">{{</span> <span class="nv">start_date</span> <span class="o">|</span> <span class="nf">soar_datetimeformat</span><span class="o">(</span><span class="nv">split_at</span><span class="o">=</span><span class="s1">&#39;.&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="x">,</span>
+<span class="x">  </span><span class="c">{# if alert users are different than SOAR users, consider using a mapping table using soar_substitute: #}</span>
+<span class="x">  </span><span class="c">{# &quot;owner_id&quot;: &quot;{{ **assignedTo** |soar_substitute(&#39;{&quot;Automation&quot;: &quot;soar_user1@example.com&quot;, &quot;default_user@example.com&quot;: &quot;soar_user2@example.com&quot;, &quot;DEFAULT&quot;: &quot;default_user@example.com&quot; }&#39;) }}&quot;, #}</span>
+<span class="x">  &quot;plan_status&quot;: &quot;A&quot;,</span>
+<span class="x">  &quot;severity_code&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">severity</span> <span class="o">|</span> <span class="nf">soar_substitute</span><span class="o">(</span><span class="nv">severity_mapping</span><span class="o">)</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">  </span><span class="c">{# specify your custom fields for your endpoint solution #}</span>
+<span class="x">  &quot;properties&quot;: {</span>
+<span class="x">    &quot;sumo_logic_insight_id&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">id</span> <span class="cp">}}</span><span class="x">&quot;</span>
+<span class="x">  }</span>
+<span class="x">}</span>
+</pre></div>
+</div>
+</details>
+<details><summary>soar_update_case.jinja</summary>
+<div class="highlight-jinja notranslate"><div class="highlight"><pre><span></span><span class="x">{</span>
+<span class="x">  </span><span class="c">{# JINJA template for updating a new SOAR incident from an endpoint #}</span>
+<span class="x">  </span><span class="c">{# modify to specify your specific **data** fields #}</span>
+<span class="x">  </span><span class="cp">{%</span> <span class="k">set</span> <span class="nv">severity_mapping</span> <span class="o">=</span> <span class="s1">&#39;&#39;&#39;{</span>
+<span class="s1">    &quot;CRITICAL&quot;: &quot;High&quot;, </span>
+<span class="s1">    &quot;HIGH&quot;: &quot;High&quot;, </span>
+<span class="s1">    &quot;MEDIUM&quot;: &quot;Medium&quot;, </span>
+<span class="s1">    &quot;LOW&quot;: &quot;Low&quot;</span>
+<span class="s1">  }&#39;&#39;&#39;</span>
+  <span class="cp">%}</span>
+<span class="x">  &quot;severity_code&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">severity</span> <span class="o">|</span> <span class="nf">soar_substitute</span><span class="o">(</span><span class="nv">severity_mapping</span><span class="o">)</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">  </span><span class="c">{# specify your custom fields for your endpoint solution #}</span>
+<span class="x">  &quot;properties&quot;: {</span>
+<span class="x">    &quot;sumo_logic_insight_global_confidence&quot;: </span><span class="cp">{{</span> <span class="o">(</span><span class="nv">confidence</span><span class="o">*</span><span class="m">100</span><span class="o">)|</span><span class="nf">int</span> <span class="cp">}}</span><span class="x">,</span>
+<span class="x">    &quot;sumo_logic_insight_assignee&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">assignee.displayName</span> <span class="cp">}}</span><span class="x"> (</span><span class="cp">{{</span><span class="nv">assignee.username</span><span class="cp">}}</span><span class="x">)&quot;,</span>
+<span class="x">    &quot;sumo_logic_insight_status&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">status.displayName</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">    &quot;sumo_logic_insight_readable_id&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">readableId</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">    &quot;sumo_logic_insight_resolution&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">resolution</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">    &quot;sumo_logic_insight_source&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">source</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">    &quot;sumo_logic_insight_sub_resolution&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">subResolution</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">    &quot;sumo_logic_insight_link&quot;: &quot;&lt;a target=&#39;_blank&#39; href=&#39;</span><span class="cp">{{</span> <span class="nv">entity_url</span> <span class="cp">}}</span><span class="x">&#39;&gt;Insight&lt;/a&gt;&quot;</span>
+<span class="x">    </span><span class="cp">{%</span> <span class="k">if</span> <span class="nv">tags</span> <span class="cp">%}</span>
+<span class="x">    ,&quot;sumo_logic_insight_tags&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">tags</span> <span class="o">|</span> <span class="nf">join</span><span class="o">(</span><span class="s1">&#39;, &#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="x">&quot;</span>
+<span class="x">    </span><span class="cp">{%</span> <span class="k">endif</span> <span class="cp">%}</span>
+<span class="x">  }</span>
+<span class="x">}</span>
+</pre></div>
+</div>
+</details>
+<details><summary>soar_close_case.jinja</summary>
+<div class="highlight-jinja notranslate"><div class="highlight"><pre><span></span><span class="x">{</span>
+<span class="x">  </span><span class="c">{# JINJA template for closing a SOAR incident using endpoint data #}</span>
+<span class="x">  </span><span class="c">{# modify to specify your specific **data** fields #}</span>
+<span class="x">  &quot;plan_status&quot;: &quot;C&quot;,</span>
+<span class="x">  &quot;resolution_id&quot;: &quot;</span><span class="cp">{{</span> <span class="nv">resolution</span> <span class="o">|</span> <span class="nf">soar_substitute</span><span class="o">(</span><span class="s1">&#39;{&quot;False Positive&quot;: &quot;Not an Issue&quot;, &quot;Resolved&quot;: &quot;Resolved&quot;, &quot;Duplicate&quot;: &quot;Duplicate&quot;, &quot;No Action&quot;: &quot;Unresolved&quot; }&#39;</span><span class="o">)</span> <span class="cp">}}</span><span class="x">&quot;,</span>
+<span class="x">  &quot;resolution_summary&quot;: &quot;Closed by Sumo Logic, Insight Status: </span><span class="cp">{{</span> <span class="nv">status.displayName</span> <span class="cp">}}</span><span class="x">&quot;</span>
+<span class="x">  </span><span class="c">{# add additional fields based on your &#39;on close&#39; field requirements #}</span>
+<span class="x">  </span><span class="c">{#</span>
+<span class="c">  ,&quot;properties&quot;: {</span>
+<span class="c">      &quot;your_custom_field&quot;: &quot;value&quot;</span>
+<span class="c">  }</span>
+<span class="c">  #}</span>
+<span class="x">}</span>
+</pre></div>
+</div>
+</details>
+</section>
+</section>
+</section>
+<hr class="docutils" />
+<section id="function-sumo-logic-add-comment-to-insight">
+<h2>Function - Sumo Logic: Add Comment to Insight<a class="headerlink" href="#function-sumo-logic-add-comment-to-insight" title="Link to this heading">¶</a></h2>
+<p>Post a comment to a Sumo Logic insight in Sumo Logic.</p>
+<p><img alt="screenshot: fn-sumo-logic-add-comment-to-insight " src="../_images/fn-sumo-logic-add-comment-to-insight.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_comment_text</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;data&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;author&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;username&quot;</span><span class="p">:</span> <span class="s2">&quot;admin@example.com&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;body&quot;</span><span class="p">:</span> <span class="s2">&quot;Created by IBM SOAR:  Sumo Logic: Get Insight Comments  playbook created 1 notes in SOAR.&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;6&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-01T20:05:28.833246&quot;</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;errors&quot;</span><span class="p">:</span> <span class="p">[]</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sumo_logic_comment_text&quot;</span><span class="p">:</span> <span class="s2">&quot;</span><span class="se">\u003c</span><span class="s2">b</span><span class="se">\u003e</span><span class="s2">Sumo Logic: Get Insight Comments</span><span class="se">\u003c</span><span class="s2">/b</span><span class="se">\u003e</span><span class="s2"> playbook created 1 notes in SOAR.&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sumo_logic_insight_id&quot;</span><span class="p">:</span> <span class="s2">&quot;2a8419c4-b84b-3b6c-8447-af4ccbfba9c6&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">9515</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sumo-logic&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-01 16:05:30&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_comment_text</span> <span class="o">=</span> <span class="n">note</span><span class="o">.</span><span class="n">text</span><span class="o">.</span><span class="n">content</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">datetime</span> <span class="kn">import</span> <span class="n">datetime</span>
+
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">add_comment_to_insight_results</span>
+
+<span class="c1"># Edit note in SOAR to indicate it was sent to CBC alert</span>
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="c1"># Get the current time</span>
+  <span class="n">now</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">now</span><span class="p">()</span>
+  <span class="n">note</span><span class="o">.</span><span class="n">text</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;&lt;b&gt;Post comment to Sumo Logic insight at </span><span class="si">{0}</span><span class="s2">&lt;/b&gt;&lt;br&gt;</span><span class="si">{1}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">now</span><span class="p">,</span> <span class="n">note</span><span class="o">.</span><span class="n">text</span><span class="o">.</span><span class="n">content</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sumo-logic-add-tag-to-insight">
+<h2>Function - Sumo Logic: Add Tag to Insight<a class="headerlink" href="#function-sumo-logic-add-tag-to-insight" title="Link to this heading">¶</a></h2>
+<p>Add a tag to a Sumo Logic insight in Sumo Logic.</p>
+<p><img alt="screenshot: fn-sumo-logic-add-tag-to-insight " src="../_images/fn-sumo-logic-add-tag-to-insight.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_tag</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;data&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;artifacts&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;assignedTo&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;assignee&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;closed&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;closedBy&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;confidence&quot;</span><span class="p">:</span> <span class="mf">0.85</span><span class="p">,</span>
+      <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T20:17:57.153553&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;entity&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;f741314d-34b6-3417-9c0a-426d547e345a&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;involvedEntities&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_process&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_process-sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip-9.108.160.132&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_hostname&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_hostname-sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;lastUpdated&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-01T13:18:50.606099&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;lastUpdatedBy&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;orgId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;readableId&quot;</span><span class="p">:</span> <span class="s2">&quot;INSIGHT-2&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;resolution&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="s2">&quot;MEDIUM&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;signals&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;allRecords&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;baseImage&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;bro_dns_answers&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_file_bytes&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_file_connUids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_flow_service&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ftp_pendingCommands&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_cookieVars&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_origFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_origMimeTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_request_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_http_request_proxied&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_response_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_http_response_respFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_response_respMimeTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_tags&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_uriVars&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_kerberos_clientCert&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_kerberos_serverCert&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_sip_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_sip_requestPath&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_sip_responsePath&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ssl_certChainFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ssl_clientCertChainFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;cseSignal&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;day&quot;</span><span class="p">:</span> <span class="mi">30</span><span class="p">,</span>
+              <span class="s2">&quot;device_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;device_hostname_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;dstDevice_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;dstDevice_hostname_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;fieldTags&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;fields&quot;</span><span class="p">:</span> <span class="p">{</span>
+                <span class="s2">&quot;event_id&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd-failed-invalid-password&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;source_ip&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;source_port&quot;</span><span class="p">:</span> <span class="s2">&quot;53371&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ssh_version&quot;</span><span class="p">:</span> <span class="s2">&quot;ssh2&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_message&quot;</span><span class="p">:</span> <span class="s2">&quot;Failed password for root from 9.108.160.132 port 53371 ssh2&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_process&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_process_id&quot;</span><span class="p">:</span> <span class="s2">&quot;35224&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;Jul 30 13:17:19&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;user&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+              <span class="p">},</span>
+              <span class="s2">&quot;friendlyName&quot;</span><span class="p">:</span> <span class="s2">&quot;record&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;hour&quot;</span><span class="p">:</span> <span class="mi">13</span><span class="p">,</span>
+              <span class="s2">&quot;http_requestHeaders&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;listMatches&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;matchedItems&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;metadata_deviceEventId&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd-failed-invalid-password&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_mapperName&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux OS Syslog - Process sshd - SSH Auth Failure Invalid Password&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_mapperUid&quot;</span><span class="p">:</span> <span class="s2">&quot;05445189-0e1e-425a-8f2b-5d1f41e9546e&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_orgId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_parseTime&quot;</span><span class="p">:</span> <span class="mi">1722370665323</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_parser&quot;</span><span class="p">:</span> <span class="s2">&quot;/Parsers/System/Linux/Linux OS Syslog&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_product&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux OS Syslog&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_productGuid&quot;</span><span class="p">:</span> <span class="s2">&quot;0e20c932-d992-4bd4-b276-c15119ca5c0b&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_receiptTime&quot;</span><span class="p">:</span> <span class="mi">1722370640</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_schemaVersion&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sensorId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sensorInformation&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;metadata_sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceBlockId&quot;</span><span class="p">:</span> <span class="s2">&quot;2295449033841068855&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceCategory&quot;</span><span class="p">:</span> <span class="s2">&quot;linux/system&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceMessageId&quot;</span><span class="p">:</span> <span class="s2">&quot;-7272543713819412727&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_vendor&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;month&quot;</span><span class="p">:</span> <span class="mi">7</span><span class="p">,</span>
+              <span class="s2">&quot;normalizedAction&quot;</span><span class="p">:</span> <span class="s2">&quot;logon&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;objectClassification&quot;</span><span class="p">:</span> <span class="s2">&quot;Authentication&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;objectType&quot;</span><span class="p">:</span> <span class="s2">&quot;Authentication&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;pid&quot;</span><span class="p">:</span> <span class="mi">35224</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_ipv4IntValue&quot;</span><span class="p">:</span> <span class="mi">158113924</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_isInternal&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_version&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
+              <span class="s2">&quot;srcPort&quot;</span><span class="p">:</span> <span class="mi">53371</span><span class="p">,</span>
+              <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+              <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="mi">1722345439000</span><span class="p">,</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;aac19471-8442-5536-9742-bcc5aacc1e80&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;user_username&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;user_username_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;year&quot;</span><span class="p">:</span> <span class="mi">2024</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;artifacts&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;contentType&quot;</span><span class="p">:</span> <span class="s2">&quot;RULE&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Detects multiple failed login attempts for the same username over a 24 hour timeframe. This is designed to catch both slow and quick brute force type attacks. The threshold and time frame can be adjusted based on the customer</span><span class="se">\u0027</span><span class="s2">s environment.&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;entity&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+            <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+            <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;f16f0e84-66c4-50c7-a0b2-b02b5cbdd543&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Brute Force Attempt&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;recordCount&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+          <span class="s2">&quot;recordSearchDetails&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;query&quot;</span><span class="p">:</span> <span class="s2">&quot;_index=sec_record_* | json field=_raw </span><span class="se">\&quot;</span><span class="s2">resultType</span><span class="se">\&quot;</span><span class="s2"> as _unpacked__raw_resultType nodrop</span><span class="se">\n</span><span class="s2">| where (if (isNull(objectType), false, objectType == </span><span class="se">\&quot;</span><span class="s2">Authentication</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(normalizedAction), false, normalizedAction == </span><span class="se">\&quot;</span><span class="s2">logon</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(success), false, !(success)) and !(if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == </span><span class="se">\&quot;</span><span class="s2">Security-4776</span><span class="se">\&quot;</span><span class="s2">) and !isBlank(listMatches) AND jsonArrayContains(listMatches, </span><span class="se">\&quot;</span><span class="s2">domain_controllers</span><span class="se">\&quot;</span><span class="s2">)) and !(if (isNull(metadata_vendor), false, metadata_vendor == </span><span class="se">\&quot;</span><span class="s2">Microsoft</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_product), false, metadata_product == </span><span class="se">\&quot;</span><span class="s2">Azure</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(_unpacked__raw_resultType), false, _unpacked__raw_resultType == </span><span class="se">\&quot;</span><span class="s2">700082</span><span class="se">\&quot;</span><span class="s2">)) and !(metadata_vendor in (</span><span class="se">\&quot;</span><span class="s2">Microsoft</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">Intersect Alliance</span><span class="se">\&quot;</span><span class="s2">) and metadata_product in (</span><span class="se">\&quot;</span><span class="s2">Windows</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">Snare Enterprise Agent for Windows</span><span class="se">\&quot;</span><span class="s2">) and user_username matches /^[</span><span class="se">\\</span><span class="s2">s</span><span class="se">\\</span><span class="s2">S]*</span><span class="se">\\</span><span class="s2">$[</span><span class="se">\\</span><span class="s2">s</span><span class="se">\\</span><span class="s2">S]*$/) and !(!isBlank(listMatches) AND jsonArrayContains(listMatches, </span><span class="se">\&quot;</span><span class="s2">vuln_scanners</span><span class="se">\&quot;</span><span class="s2">)) and if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == </span><span class="se">\&quot;</span><span class="s2">sshd-failed-invalid-password</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_product), false, metadata_product == </span><span class="se">\&quot;</span><span class="s2">Linux OS Syslog</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_vendor), false, metadata_vendor == </span><span class="se">\&quot;</span><span class="s2">Linux</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(user_username), false, user_username == </span><span class="se">\&quot;</span><span class="s2">root</span><span class="se">\&quot;</span><span class="s2">))&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;queryEndTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T14:24:00&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;queryStartTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-29T14:24:00&quot;</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;recordTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;ruleId&quot;</span><span class="p">:</span> <span class="s2">&quot;THRESHOLD-S00096&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
+          <span class="s2">&quot;stage&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;tags&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0006&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1078&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0001&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110.001&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110.002&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0008&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1586&quot;</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;source&quot;</span><span class="p">:</span> <span class="s2">&quot;ALGORITHM&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;displayName&quot;</span><span class="p">:</span> <span class="s2">&quot;In Progress&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;inprogress&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;subResolution&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;tags&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="s2">&quot;New tag&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0006&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0008&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1078&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110.001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110.002&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1586&quot;</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;teamAssignedTo&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;timeToDetection&quot;</span><span class="p">:</span> <span class="mf">25238.153553</span><span class="p">,</span>
+      <span class="s2">&quot;timeToRemediation&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;timeToResponse&quot;</span><span class="p">:</span> <span class="mf">147653.411281</span><span class="p">,</span>
+      <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;errors&quot;</span><span class="p">:</span> <span class="p">[]</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sumo_logic_insight_id&quot;</span><span class="p">:</span> <span class="s2">&quot;f741314d-34b6-3417-9c0a-426d547e345a&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sumo_logic_insight_tag&quot;</span><span class="p">:</span> <span class="s2">&quot;New tag&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">151744</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sumo-logic&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-02 13:49:08&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_tag</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_tag</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">add_tag_results</span>
+
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+    <span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">)</span>
+    <span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+        <span class="n">data</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">tags</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;tags&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_tags</span> <span class="o">=</span> <span class="s2">&quot;, &quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">tags</span><span class="p">)</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">tags</span><span class="p">,</span> <span class="nb">list</span><span class="p">)</span> <span class="k">else</span> <span class="kc">None</span>
+        <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;&lt;b&gt;Sumo Logic Add Tag to Insight:&lt;/b&gt;  </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_tag</span><span class="si">}</span><span class="s2"> added.&quot;</span>
+    <span class="k">else</span><span class="p">:</span>
+        <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;&lt;b&gt;Sumo Logic: Add Tag to Insight&lt;/b&gt; failed to post tag(s) - no content.&quot;</span>
+<span class="k">else</span><span class="p">:</span>
+    <span class="n">reason</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;reason&quot;</span><span class="p">)</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;&lt;b&gt;VMware CBC: Add Tag to Insight&lt;/b&gt; failed to add tag(s) </span><span class="si">{reason}</span><span class="s2">.&quot;</span>
+  
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">note_text</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sumo-logic-get-entity">
+<h2>Function - Sumo Logic: Get Entity<a class="headerlink" href="#function-sumo-logic-get-entity" title="Link to this heading">¶</a></h2>
+<p>Query Sumo Logic to get details of an entity.</p>
+<p><img alt="screenshot: fn-sumo-logic-get-entity " src="../_images/fn-sumo-logic-get-entity.png" /></p>
+<p>The <strong>Sumo Logic: Scan Artifact for Hits</strong> playbooks create hits on artifacts based on the Signal Severity score associated with Sumo Logic entities.</p>
+<p>
+NOTE: Edit the following playbook post-script variable to set the minimum threshold at which a hit is added to an artifact:
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">MINIMUM_RECENT_SIGNAL_SEVERITY</span> <span class="o">=</span> <span class="mi">8</span>
+</pre></div>
+</div>
+<p><img alt="screenshot: fn-sumo-logic-get-entity " src="../_images/fn-sumo-logic-get-entity2.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_entity_type</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_entity_value</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">[</span>
+    <span class="p">{</span>
+      <span class="s2">&quot;activityScore&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+      <span class="s2">&quot;criticality&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;firstSeen&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip-9.61.102.36&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;isSuppressed&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+      <span class="s2">&quot;lastSeen&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-20T08:39:03&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;9.61.102.36&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;recentSignalSeverity&quot;</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span>
+      <span class="s2">&quot;reputation&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;tags&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;9.61.102.36&quot;</span>
+    <span class="p">}</span>
+  <span class="p">],</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sumo_logic_entity_type&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sumo_logic_entity_value&quot;</span><span class="p">:</span> <span class="s2">&quot;9.61.102.36&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sumo_logic_insight_id&quot;</span><span class="p">:</span> <span class="s2">&quot;0b5f00b6-b14d-3492-9564-28bd98610a29&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">7397</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sumo-logic&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-21 11:39:58&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">ARTIFACT_TYPE_MAPPING</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;DNS Name&quot;</span><span class="p">:</span> <span class="s2">&quot;_hostname&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;IP Address&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;File Path&quot;</span><span class="p">:</span> <span class="s2">&quot;_file&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;MAC Address&quot;</span><span class="p">:</span> <span class="s2">&quot;_mac&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;Process Name&quot;</span><span class="p">:</span> <span class="s2">&quot;_process&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;User Account&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;User Agent&quot;</span><span class="p">:</span> <span class="s2">&quot;_useragent&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;URL&quot;</span><span class="p">:</span> <span class="s2">&quot;_url&quot;</span>
+<span class="p">}</span>
+
+<span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_entity_type</span> <span class="o">=</span> <span class="n">ARTIFACT_TYPE_MAPPING</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">artifact</span><span class="o">.</span><span class="n">type</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+<span class="k">if</span> <span class="ow">not</span> <span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_entity_type</span><span class="p">:</span>
+  <span class="n">helper</span><span class="o">.</span><span class="n">fail</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Artifact </span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">type</span><span class="si">}</span><span class="s2"> not mapped.&quot;</span><span class="p">)</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_entity_value</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1"># Edit the following variable to change the minimum threshold at which a hit is added to an artifact.</span>
+<span class="n">MINIMUM_RECENT_SIGNAL_SEVERITY</span> <span class="o">=</span> <span class="mi">8</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_entity_results</span>
+
+<span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;&lt;b&gt;Sumo Logic Automatic Scan Artifact:&lt;/b&gt;&lt;br&gt;&quot;</span>
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+    <span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">)</span>
+    <span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+        <span class="n">data</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="p">{})</span>
+        <span class="k">if</span> <span class="n">data</span><span class="p">:</span>
+            <span class="n">total</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;total&quot;</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span>
+            <span class="k">if</span> <span class="n">total</span> <span class="o">&gt;=</span> <span class="mi">1</span><span class="p">:</span>
+                <span class="n">objects</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;objects&quot;</span><span class="p">,</span> <span class="p">[])</span>
+                <span class="k">if</span> <span class="n">total</span> <span class="o">&gt;=</span> <span class="mi">1</span><span class="p">:</span>
+                    <span class="n">entity</span> <span class="o">=</span> <span class="n">objects</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
+                    <span class="n">recent_signal_severity</span> <span class="o">=</span> <span class="n">entity</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;recentSignalSeverity&quot;</span><span class="p">)</span>
+                    <span class="k">if</span> <span class="n">recent_signal_severity</span> <span class="o">&gt;=</span> <span class="n">MINIMUM_RECENT_SIGNAL_SEVERITY</span><span class="p">:</span>
+                        <span class="c1"># Create a hit on the artifact.</span>
+                        <span class="n">hit</span> <span class="o">=</span> <span class="p">[</span>
+                          <span class="p">{</span>
+                            <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Artifact Value&quot;</span><span class="p">,</span>
+                            <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;string&quot;</span><span class="p">,</span>
+                            <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2">&quot;</span>
+                          <span class="p">}</span>
+                        <span class="p">]</span>
+                        <span class="n">artifact</span><span class="o">.</span><span class="n">addHit</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Sumo Logic: Signal Severity Total: </span><span class="si">{</span><span class="n">recent_signal_severity</span><span class="si">}</span><span class="s2">.&quot;</span><span class="p">,</span> <span class="n">hit</span><span class="p">)</span>
+                        <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2"> Hit added on &lt;b&gt;</span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">type</span><span class="si">}</span><span class="s2"> </span><span class="si">{</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="si">}</span><span class="s2">&lt;/b&gt; with Signal Severity Total: &lt;b&gt;</span><span class="si">{</span><span class="n">recent_signal_severity</span><span class="si">}</span><span class="s2">&lt;/b&gt;.&quot;</span>
+
+                        <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">note_text</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sumo-logic-get-insight-by-id">
+<h2>Function - Sumo Logic: Get Insight By ID<a class="headerlink" href="#function-sumo-logic-get-insight-by-id" title="Link to this heading">¶</a></h2>
+<p>Get the details of a Sumo Logic insight given the insight ID.</p>
+<p><img alt="screenshot: fn-sumo-logic-get-insight-by-id " src="../_images/fn-sumo-logic-get-insight-by-id.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;data&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;artifacts&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;assignedTo&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;assignee&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;closed&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;closedBy&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;confidence&quot;</span><span class="p">:</span> <span class="mf">0.85</span><span class="p">,</span>
+      <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T20:17:57.153553&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;entity&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;f741314d-34b6-3417-9c0a-426d547e345a&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;involvedEntities&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_process&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_process-sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip-9.108.160.132&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_hostname&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_hostname-sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;lastUpdated&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T20:18:10.061087&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;lastUpdatedBy&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;orgId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;readableId&quot;</span><span class="p">:</span> <span class="s2">&quot;INSIGHT-2&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;recordSummaryFields&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;resolution&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="s2">&quot;MEDIUM&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;signals&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;allRecords&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;baseImage&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;bro_dns_answers&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_file_bytes&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_file_connUids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_flow_service&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ftp_pendingCommands&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_cookieVars&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_origFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_origMimeTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_request_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_http_request_proxied&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_response_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_http_response_respFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_response_respMimeTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_tags&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_uriVars&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_kerberos_clientCert&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_kerberos_serverCert&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_sip_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_sip_requestPath&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_sip_responsePath&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ssl_certChainFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ssl_clientCertChainFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;cseSignal&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;day&quot;</span><span class="p">:</span> <span class="mi">30</span><span class="p">,</span>
+              <span class="s2">&quot;device_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;device_hostname_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;dstDevice_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;dstDevice_hostname_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;fieldTags&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;fields&quot;</span><span class="p">:</span> <span class="p">{</span>
+                <span class="s2">&quot;event_id&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd-failed-invalid-password&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;source_ip&quot;</span><span class="p">:</span> <span class="s2">&quot;90.8.160.132&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;source_port&quot;</span><span class="p">:</span> <span class="s2">&quot;53371&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ssh_version&quot;</span><span class="p">:</span> <span class="s2">&quot;ssh2&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_message&quot;</span><span class="p">:</span> <span class="s2">&quot;Failed password for root from 90.8.160.132 port 53371 ssh2&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_process&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_process_id&quot;</span><span class="p">:</span> <span class="s2">&quot;35224&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;Jul 30 13:17:19&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;user&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+              <span class="p">},</span>
+              <span class="s2">&quot;friendlyName&quot;</span><span class="p">:</span> <span class="s2">&quot;record&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;hour&quot;</span><span class="p">:</span> <span class="mi">13</span><span class="p">,</span>
+              <span class="s2">&quot;http_requestHeaders&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;listMatches&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;matchedItems&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;metadata_deviceEventId&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd-failed-invalid-password&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_mapperName&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux OS Syslog - Process sshd - SSH Auth Failure Invalid Password&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_mapperUid&quot;</span><span class="p">:</span> <span class="s2">&quot;05445189-0e1e-425a-8f2b-5d1f41e9546e&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_orgId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_parseTime&quot;</span><span class="p">:</span> <span class="mi">1722370665323</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_parser&quot;</span><span class="p">:</span> <span class="s2">&quot;/Parsers/System/Linux/Linux OS Syslog&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_product&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux OS Syslog&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_productGuid&quot;</span><span class="p">:</span> <span class="s2">&quot;0e20c932-d992-4bd4-b276-c15119ca5c0b&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_receiptTime&quot;</span><span class="p">:</span> <span class="mi">1722370640</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_schemaVersion&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sensorId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sensorInformation&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;metadata_sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceBlockId&quot;</span><span class="p">:</span> <span class="s2">&quot;2295449033841068855&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceCategory&quot;</span><span class="p">:</span> <span class="s2">&quot;linux/system&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceMessageId&quot;</span><span class="p">:</span> <span class="s2">&quot;-7272543713819412727&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_vendor&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;month&quot;</span><span class="p">:</span> <span class="mi">7</span><span class="p">,</span>
+              <span class="s2">&quot;normalizedAction&quot;</span><span class="p">:</span> <span class="s2">&quot;logon&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;objectClassification&quot;</span><span class="p">:</span> <span class="s2">&quot;Authentication&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;objectType&quot;</span><span class="p">:</span> <span class="s2">&quot;Authentication&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;pid&quot;</span><span class="p">:</span> <span class="mi">35224</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip&quot;</span><span class="p">:</span> <span class="s2">&quot;90.8.160.132&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_ipv4IntValue&quot;</span><span class="p">:</span> <span class="mi">158113924</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_isInternal&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_version&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
+              <span class="s2">&quot;srcPort&quot;</span><span class="p">:</span> <span class="mi">53371</span><span class="p">,</span>
+              <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+              <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="mi">1722345439000</span><span class="p">,</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;aac19471-8442-5536-9742-bcc5aacc1e80&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;user_username&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;user_username_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;year&quot;</span><span class="p">:</span> <span class="mi">2024</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;artifacts&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;contentType&quot;</span><span class="p">:</span> <span class="s2">&quot;RULE&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Detects multiple failed login attempts for the same username over a 24 hour timeframe. This is designed to catch both slow and quick brute force type attacks. The threshold and time frame can be adjusted based on the customer</span><span class="se">\u0027</span><span class="s2">s environment.&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;entity&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+            <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+            <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;f16f0e84-66c4-50c7-a0b2-b02b5cbdd543&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Brute Force Attempt&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;recordCount&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+          <span class="s2">&quot;recordSearchDetails&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;query&quot;</span><span class="p">:</span> <span class="s2">&quot;_index=sec_record_* | json field=_raw </span><span class="se">\&quot;</span><span class="s2">resultType</span><span class="se">\&quot;</span><span class="s2"> as _unpacked__raw_resultType nodrop</span><span class="se">\n</span><span class="s2">| where (if (isNull(objectType), false, objectType == </span><span class="se">\&quot;</span><span class="s2">Authentication</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(normalizedAction), false, normalizedAction == </span><span class="se">\&quot;</span><span class="s2">logon</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(success), false, !(success)) and !(if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == </span><span class="se">\&quot;</span><span class="s2">Security-4776</span><span class="se">\&quot;</span><span class="s2">) and !isBlank(listMatches) AND jsonArrayContains(listMatches, </span><span class="se">\&quot;</span><span class="s2">domain_controllers</span><span class="se">\&quot;</span><span class="s2">)) and !(if (isNull(metadata_vendor), false, metadata_vendor == </span><span class="se">\&quot;</span><span class="s2">Microsoft</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_product), false, metadata_product == </span><span class="se">\&quot;</span><span class="s2">Azure</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(_unpacked__raw_resultType), false, _unpacked__raw_resultType == </span><span class="se">\&quot;</span><span class="s2">700082</span><span class="se">\&quot;</span><span class="s2">)) and !(metadata_vendor in (</span><span class="se">\&quot;</span><span class="s2">Microsoft</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">Intersect Alliance</span><span class="se">\&quot;</span><span class="s2">) and metadata_product in (</span><span class="se">\&quot;</span><span class="s2">Windows</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">Snare Enterprise Agent for Windows</span><span class="se">\&quot;</span><span class="s2">) and user_username matches /^[</span><span class="se">\\</span><span class="s2">s</span><span class="se">\\</span><span class="s2">S]*</span><span class="se">\\</span><span class="s2">$[</span><span class="se">\\</span><span class="s2">s</span><span class="se">\\</span><span class="s2">S]*$/) and !(!isBlank(listMatches) AND jsonArrayContains(listMatches, </span><span class="se">\&quot;</span><span class="s2">vuln_scanners</span><span class="se">\&quot;</span><span class="s2">)) and if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == </span><span class="se">\&quot;</span><span class="s2">sshd-failed-invalid-password</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_product), false, metadata_product == </span><span class="se">\&quot;</span><span class="s2">Linux OS Syslog</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_vendor), false, metadata_vendor == </span><span class="se">\&quot;</span><span class="s2">Linux</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(user_username), false, user_username == </span><span class="se">\&quot;</span><span class="s2">root</span><span class="se">\&quot;</span><span class="s2">))&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;queryEndTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T14:24:00&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;queryStartTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-29T14:24:00&quot;</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;recordTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;ruleId&quot;</span><span class="p">:</span> <span class="s2">&quot;THRESHOLD-S00096&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
+          <span class="s2">&quot;stage&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;tags&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0006&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1078&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0001&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110.001&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110.002&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0008&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1586&quot;</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;source&quot;</span><span class="p">:</span> <span class="s2">&quot;ALGORITHM&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;displayName&quot;</span><span class="p">:</span> <span class="s2">&quot;New&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;new&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;subResolution&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;tags&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0006&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0008&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1078&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110.001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110.002&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1586&quot;</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;teamAssignedTo&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;timeToDetection&quot;</span><span class="p">:</span> <span class="mf">25238.153553</span><span class="p">,</span>
+      <span class="s2">&quot;timeToRemediation&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;timeToResponse&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;errors&quot;</span><span class="p">:</span> <span class="p">[]</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sumo_logic_insight_id&quot;</span><span class="p">:</span> <span class="s2">&quot;f741314d-34b6-3417-9c0a-426d547e345a&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">7981</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sumo-logic&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-31 12:25:37&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span>
+
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1"># Map Sumo Logic resolution values SOAR resolution id values.</span>
+<span class="c1">#    Duplicate — The insight has triggered before on the same entity and is a duplicate.</span>
+<span class="c1">#    False Positive—An insight triggered and it is legitimate activity.</span>
+<span class="c1">#    No Action—An insight triggered and it might not be an incident but is also not a false positive.</span>
+<span class="c1">#    Resolved — An incident occurred and was resolved.</span>
+
+<span class="n">MAPPING_RESOLUTION</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;Duplicate&quot;</span> <span class="p">:</span> <span class="s2">&quot;Duplicate&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;False Positive&quot;</span><span class="p">:</span> <span class="s2">&quot;Resolved&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;No Action&quot;</span><span class="p">:</span> <span class="s2">&quot;Resolved&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;Resolved&quot;</span> <span class="p">:</span> <span class="s2">&quot;Resolved&quot;</span>
+<span class="p">}</span>
+
+<span class="c1"># Map Sumo Logic subResolution values to SOAR resolution id values.</span>
+<span class="n">MAPPING_SUB_RESOLUTION_ON_CLOSE</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;None&quot;</span><span class="p">:</span> <span class="s2">&quot;Resolved&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;False positive&quot;</span><span class="p">:</span> <span class="s2">&quot;Not an Issue&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;True positive&quot;</span><span class="p">:</span> <span class="s2">&quot;Resolved&quot;</span>
+<span class="p">}</span>
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_insight_by_id_results</span>
+
+<span class="k">if</span> <span class="ow">not</span> <span class="n">results</span><span class="o">.</span><span class="n">success</span><span class="p">:</span>
+    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="s2">&quot;&lt;b&gt;Sumo Logic: Update Case on Creation:&lt;/b&gt; Unable to get case data to update custom fields.&quot;</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+    <span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+    <span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+        <span class="n">data</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">tags</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;tags&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_tags</span> <span class="o">=</span> <span class="s2">&quot;, &quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">tags</span><span class="p">)</span> <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">tags</span><span class="p">,</span> <span class="nb">list</span><span class="p">)</span> <span class="k">else</span> <span class="kc">None</span>
+        <span class="n">entity_url</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;entity_url&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="k">if</span> <span class="n">entity_url</span><span class="p">:</span>
+            <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_link</span> <span class="o">=</span> <span class="s2">&quot;&lt;a target=&#39;_blank&#39; href=&#39;</span><span class="si">{0}</span><span class="s2">&#39;&gt;Insight&lt;/a&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">entity_url</span><span class="p">)</span>
+        <span class="n">confidence</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;confidence&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_global_confidence</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">confidence</span> <span class="o">*</span> <span class="mi">100</span><span class="p">)</span> <span class="k">if</span> <span class="n">confidence</span> <span class="ow">and</span> <span class="p">(</span><span class="n">confidence</span> <span class="o">&lt;=</span> <span class="mi">1</span><span class="p">)</span> <span class="k">else</span> <span class="kc">None</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_readable_id</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;readableId&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_source</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;source&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;resolution&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_sub_resolution</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;subResolution&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="n">assignee</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;assignee&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="k">if</span> <span class="n">assignee</span><span class="p">:</span>
+            <span class="n">display_name</span> <span class="o">=</span> <span class="n">assignee</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;displayName&quot;</span><span class="p">,</span> <span class="s2">&quot;&quot;</span><span class="p">)</span>
+            <span class="n">username</span>     <span class="o">=</span> <span class="n">assignee</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;username&quot;</span><span class="p">,</span> <span class="s2">&quot;&quot;</span><span class="p">)</span>
+            <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_assignee</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">display_name</span><span class="si">}</span><span class="s2"> (</span><span class="si">{</span><span class="n">username</span><span class="si">}</span><span class="s2">)&quot;</span>
+        <span class="n">status</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;status&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+        <span class="k">if</span> <span class="n">status</span><span class="p">:</span>
+          <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span> <span class="o">=</span> <span class="n">status</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;displayName&quot;</span><span class="p">)</span>
+
+        <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;&lt;b&gt;Sumo Logic: Update Case on Creation:&lt;/b&gt; Write Alert Custom Fields complete.&quot;</span><span class="p">)</span>
+        <span class="k">if</span> <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span><span class="o">.</span><span class="n">lower</span><span class="p">()</span> <span class="o">==</span> <span class="s2">&quot;closed&quot;</span><span class="p">:</span>
+            <span class="n">incident</span><span class="o">.</span><span class="n">plan_status</span> <span class="o">=</span> <span class="s2">&quot;C&quot;</span>
+            <span class="n">incident</span><span class="o">.</span><span class="n">resolution_id</span> <span class="o">=</span> <span class="n">MAPPING_RESOLUTION</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span><span class="p">,</span> <span class="s2">&quot;Resolved&quot;</span><span class="p">)</span>
+            <span class="n">incident</span><span class="o">.</span><span class="n">resolution_summary</span> <span class="o">=</span> <span class="s2">&quot;Case </span><span class="si">{0}</span><span class="s2"> Closed in SOAR&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">incident</span><span class="o">.</span><span class="n">id</span><span class="p">)</span>
+    <span class="k">else</span><span class="p">:</span> 
+        <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="s2">&quot;&lt;b&gt;Sumo Logic: Update Case on Creation:&lt;/b&gt; Write Insight Custom Fields did NOT complete.&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sumo-logic-get-insights-comments">
+<h2>Function - Sumo Logic: Get Insights Comments<a class="headerlink" href="#function-sumo-logic-get-insights-comments" title="Link to this heading">¶</a></h2>
+<p>Get comments from a Sumo Logic insight and add any new ones as notes to the corresponding SOAR case.</p>
+<p><img alt="screenshot: fn-sumo-logic-get-insights-comments " src="../_images/fn-sumo-logic-get-insights-comments.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_incident_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;count&quot;</span><span class="p">:</span> <span class="mi">1</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sumo_logic_incident_id&quot;</span><span class="p">:</span> <span class="mi">2167</span><span class="p">,</span>
+    <span class="s2">&quot;sumo_logic_insight_id&quot;</span><span class="p">:</span> <span class="s2">&quot;2a8419c4-b84b-3b6c-8447-af4ccbfba9c6&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">6625</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sumo-logic&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-01 14:26:04&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_incident_id</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">id</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_insights_comments_results</span>
+
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+  <span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">)</span>
+  <span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;&lt;b&gt;Sumo Logic: Update Case on Creation - Get Insight Comments&lt;/b&gt; function added </span><span class="si">{0}</span><span class="s2"> note(s) in SOAR.&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;count&quot;</span><span class="p">))</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;&lt;b&gt;Sumo Logic: Update Case on Creation - Get Insight Comments&lt;/b&gt; function failed to get notes from Sumo Logic.&quot;</span>
+<span class="k">else</span><span class="p">:</span>
+  <span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;&lt;b&gt;Sumo Logic: Update Case on Creation - Get Insight Comments&lt;/b&gt; function failed to get notes from Sumo Logic.&quot;</span>
+  
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">note_text</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sumo-logic-get-signal-by-id">
+<h2>Function - Sumo Logic: Get Signal by ID<a class="headerlink" href="#function-sumo-logic-get-signal-by-id" title="Link to this heading">¶</a></h2>
+<p>Get the details of a Sumo Logic signal given the signal ID.</p>
+<p><img alt="screenshot: fn-sumo-logic-get-signal-by-id " src="../_images/fn-sumo-logic-get-signal-by-id.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_signal_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;data&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;allRecords&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;login&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;baseImage&quot;</span><span class="p">:</span> <span class="s2">&quot;/usr/sbin/sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;bro_dns_answers&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_file_bytes&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;bro_file_connUids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_flow_service&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_ftp_pendingCommands&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_http_cookieVars&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_http_origFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_http_origMimeTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_http_request_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;bro_http_request_proxied&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_http_response_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;bro_http_response_respFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_http_response_respMimeTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_http_tags&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_http_uriVars&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_kerberos_clientCert&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;bro_kerberos_serverCert&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;bro_sip_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;bro_sip_requestPath&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_sip_responsePath&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_ssl_certChainFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;bro_ssl_clientCertChainFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;cseSignal&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;day&quot;</span><span class="p">:</span> <span class="mi">8</span><span class="p">,</span>
+          <span class="s2">&quot;fieldTags&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;fields&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;AUID&quot;</span><span class="p">:</span> <span class="s2">&quot;unset&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;UID&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;acct&quot;</span><span class="p">:</span> <span class="s2">&quot;(unknown)&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;addr&quot;</span><span class="p">:</span> <span class="s2">&quot;9.30.223.75&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;auid&quot;</span><span class="p">:</span> <span class="s2">&quot;4294967295&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;event_id&quot;</span><span class="p">:</span> <span class="s2">&quot;USER_LOGIN&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;exe&quot;</span><span class="p">:</span> <span class="s2">&quot;/usr/sbin/sshd&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;msg&quot;</span><span class="p">:</span> <span class="s2">&quot;audit(1723134275.877:33373):&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;op&quot;</span><span class="p">:</span> <span class="s2">&quot;login&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;pid&quot;</span><span class="p">:</span> <span class="s2">&quot;61267&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;res&quot;</span><span class="p">:</span> <span class="s2">&quot;failed&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;ses&quot;</span><span class="p">:</span> <span class="s2">&quot;4294967295&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;subj&quot;</span><span class="p">:</span> <span class="s2">&quot;kernel&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;syslog_message&quot;</span><span class="p">:</span> <span class="s2">&quot;type=USER_LOGIN msg=audit(1723134275.877:33373): pid=61267 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg=</span><span class="se">\u0027</span><span class="s2">op=login acct=</span><span class="se">\&quot;</span><span class="s2">(unknown)</span><span class="se">\&quot;</span><span class="s2"> exe=</span><span class="se">\&quot;</span><span class="s2">/usr/sbin/sshd</span><span class="se">\&quot;</span><span class="s2"> hostname=? addr=9.30.223.75 terminal=ssh res=failed</span><span class="se">\u0027\u001d</span><span class="s2">UID=</span><span class="se">\&quot;</span><span class="s2">root</span><span class="se">\&quot;</span><span class="s2"> AUID=</span><span class="se">\&quot;</span><span class="s2">unset</span><span class="se">\&quot;</span><span class="s2">&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;syslog_process&quot;</span><span class="p">:</span> <span class="s2">&quot;systemdjournal&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;syslog_timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;1723134275.877&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;terminal&quot;</span><span class="p">:</span> <span class="s2">&quot;ssh&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;USER_LOGIN&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;0&quot;</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;friendlyName&quot;</span><span class="p">:</span> <span class="s2">&quot;record&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hour&quot;</span><span class="p">:</span> <span class="mi">16</span><span class="p">,</span>
+          <span class="s2">&quot;http_requestHeaders&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;listMatches&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;matchedItems&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;metadata_deviceEventId&quot;</span><span class="p">:</span> <span class="s2">&quot;USER_LOGIN&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_mapperName&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux OS Systemd Journal - Login Events&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_mapperUid&quot;</span><span class="p">:</span> <span class="s2">&quot;0e5cbfbb-91ac-4658-918c-709c76d53f1e&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_orgId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_parseTime&quot;</span><span class="p">:</span> <span class="mi">1723134354974</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_parser&quot;</span><span class="p">:</span> <span class="s2">&quot;/Parsers/System/Linux/Linux OS Syslog&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_product&quot;</span><span class="p">:</span> <span class="s2">&quot;Systemd Journal&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_productGuid&quot;</span><span class="p">:</span> <span class="s2">&quot;5be5af82-c248-4c4c-a485-0571025f242c&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_receiptTime&quot;</span><span class="p">:</span> <span class="mi">1723134278</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_schemaVersion&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_sensorId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_sensorInformation&quot;</span><span class="p">:</span> <span class="p">{},</span>
+          <span class="s2">&quot;metadata_sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_sourceBlockId&quot;</span><span class="p">:</span> <span class="s2">&quot;1864672286443784304&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_sourceCategory&quot;</span><span class="p">:</span> <span class="s2">&quot;linux/system&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_sourceMessageId&quot;</span><span class="p">:</span> <span class="s2">&quot;-6870926605261705032&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;metadata_vendor&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;month&quot;</span><span class="p">:</span> <span class="mi">8</span><span class="p">,</span>
+          <span class="s2">&quot;normalizedAction&quot;</span><span class="p">:</span> <span class="s2">&quot;logon&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;objectClassification&quot;</span><span class="p">:</span> <span class="s2">&quot;Authentication&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;objectType&quot;</span><span class="p">:</span> <span class="s2">&quot;Authentication&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;pid&quot;</span><span class="p">:</span> <span class="mi">61267</span><span class="p">,</span>
+          <span class="s2">&quot;srcDevice_ip&quot;</span><span class="p">:</span> <span class="s2">&quot;9.30.223.75&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;srcDevice_ip_ipv4IntValue&quot;</span><span class="p">:</span> <span class="mi">153018187</span><span class="p">,</span>
+          <span class="s2">&quot;srcDevice_ip_isInternal&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+          <span class="s2">&quot;srcDevice_ip_version&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
+          <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+          <span class="s2">&quot;targetUser_username&quot;</span><span class="p">:</span> <span class="s2">&quot;0&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;targetUser_username_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;0&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="mi">1723134275877</span><span class="p">,</span>
+          <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;6c825674-ab7b-5cf1-9250-ba35c9746835&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;user_username&quot;</span><span class="p">:</span> <span class="s2">&quot;(unknown)&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;user_username_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;(unknown)&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;year&quot;</span><span class="p">:</span> <span class="mi">2024</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;artifacts&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;contentType&quot;</span><span class="p">:</span> <span class="s2">&quot;RULE&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-08T16:25:58.534000&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Detects multiple failed login attempts for the same username over a 24 hour timeframe. This is designed to catch both slow and quick brute force type attacks. The threshold and time frame can be adjusted based on the customer</span><span class="se">\u0027</span><span class="s2">s environment.&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;entity&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-(unknown)&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;(unknown)&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;(unknown)&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;328c96b1-02a1-5c01-af94-364a90b9c0d6&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;involvedEntities&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip-9.30.223.75&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;9.30.223.75&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;9.30.223.75&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip-9.30.48.247&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;9.30.48.247&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;9.30.48.247&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_process&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_process-/usr/sbin/sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;/usr/sbin/sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;/usr/sbin/sshd&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-0&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;0&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;0&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-(unknown)&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;(unknown)&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;(unknown)&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Brute Force Attempt&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;recordCount&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+      <span class="s2">&quot;recordSearchDetails&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;query&quot;</span><span class="p">:</span> <span class="s2">&quot;_index=sec_record_* | json field=_raw </span><span class="se">\&quot;</span><span class="s2">resultType</span><span class="se">\&quot;</span><span class="s2"> as _unpacked__raw_resultType nodrop</span><span class="se">\n</span><span class="s2">| where (if (isNull(objectType), false, objectType == </span><span class="se">\&quot;</span><span class="s2">Authentication</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(normalizedAction), false, normalizedAction == </span><span class="se">\&quot;</span><span class="s2">logon</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(success), false, !(success)) and !(if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == </span><span class="se">\&quot;</span><span class="s2">Security-4776</span><span class="se">\&quot;</span><span class="s2">) and !isBlank(listMatches) AND jsonArrayContains(listMatches, </span><span class="se">\&quot;</span><span class="s2">domain_controllers</span><span class="se">\&quot;</span><span class="s2">)) and !(if (isNull(metadata_vendor), false, metadata_vendor == </span><span class="se">\&quot;</span><span class="s2">Microsoft</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_product), false, metadata_product == </span><span class="se">\&quot;</span><span class="s2">Azure</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(_unpacked__raw_resultType), false, _unpacked__raw_resultType == </span><span class="se">\&quot;</span><span class="s2">700082</span><span class="se">\&quot;</span><span class="s2">)) and !(metadata_vendor in (</span><span class="se">\&quot;</span><span class="s2">Microsoft</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">Intersect Alliance</span><span class="se">\&quot;</span><span class="s2">) and metadata_product in (</span><span class="se">\&quot;</span><span class="s2">Windows</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">Snare Enterprise Agent for Windows</span><span class="se">\&quot;</span><span class="s2">) and user_username matches /^[</span><span class="se">\\</span><span class="s2">s</span><span class="se">\\</span><span class="s2">S]*</span><span class="se">\\</span><span class="s2">$[</span><span class="se">\\</span><span class="s2">s</span><span class="se">\\</span><span class="s2">S]*$/) and !(!isBlank(listMatches) AND jsonArrayContains(listMatches, </span><span class="se">\&quot;</span><span class="s2">vuln_scanners</span><span class="se">\&quot;</span><span class="s2">)) and if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == </span><span class="se">\&quot;</span><span class="s2">USER_LOGIN</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_product), false, metadata_product == </span><span class="se">\&quot;</span><span class="s2">Systemd Journal</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_vendor), false, metadata_vendor == </span><span class="se">\&quot;</span><span class="s2">Linux</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(user_username), false, user_username == </span><span class="se">\&quot;</span><span class="s2">(unknown)</span><span class="se">\&quot;</span><span class="s2">))&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;queryEndTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-08T19:12:00&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;queryStartTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-07T19:12:00&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;recordTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;ruleId&quot;</span><span class="p">:</span> <span class="s2">&quot;THRESHOLD-S00096&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
+      <span class="s2">&quot;stage&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;summary&quot;</span><span class="p">:</span> <span class="s2">&quot;Multiple failed login attempts for user: (unknown)&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;suppressed&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+      <span class="s2">&quot;tags&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0006&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1078&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110.001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110.002&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0008&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1586&quot;</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;threatIntelIndicatorIds&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-08T16:24:35.877000&quot;</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;errors&quot;</span><span class="p">:</span> <span class="p">[]</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sumo_logic_signal_id&quot;</span><span class="p">:</span> <span class="s2">&quot;328c96b1-02a1-5c01-af94-364a90b9c0d6&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">19139</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sumo-logic&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-09 14:56:09&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_signal_id</span> <span class="o">=</span> <span class="n">row</span><span class="o">.</span><span class="n">sumo_logic_signal_id</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_signal_by_id_results</span>
+<span class="n">inputs</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;inputs&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+<span class="n">signal_id</span> <span class="o">=</span> <span class="n">inputs</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sumo_logic_signal_id&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+  
+<span class="n">header</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;&lt;b&gt;Sumo Logic: Get Signal by ID:&lt;/b&gt; </span><span class="si">{0}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">signal_id</span><span class="p">)</span>
+
+<span class="n">json_note</span> <span class="o">=</span> <span class="p">{</span>
+              <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.3&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;header&quot;</span><span class="p">:</span> <span class="n">header</span><span class="p">,</span> 
+              <span class="s2">&quot;json&quot;</span><span class="p">:</span> <span class="n">results</span><span class="o">.</span><span class="n">content</span><span class="p">,</span>
+              <span class="s2">&quot;sort&quot;</span><span class="p">:</span> <span class="kc">False</span>
+            <span class="p">}</span>
+<span class="n">playbook</span><span class="o">.</span><span class="n">addProperty</span><span class="p">(</span><span class="s1">&#39;convert_json_to_rich_text&#39;</span><span class="p">,</span> <span class="n">json_note</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="function-sumo-logic-update-insight-status">
+<h2>Function - Sumo Logic: Update Insight Status<a class="headerlink" href="#function-sumo-logic-update-insight-status" title="Link to this heading">¶</a></h2>
+<p>Update the status of an insight in Sumo Logic.  If the status is set to closed, set the resolution reason.</p>
+<p><img alt="screenshot: fn-sumo-logic-update-insight-status " src="../_images/fn-sumo-logic-update-insight-status.png" /></p>
+<p>Dialog box to set an Insight’s status through a manual playbook:</p>
+<p><img alt="screenshot: fn-sumo-logic-update-insight-status " src="../_images/fn-sumo-logic-update-insight-status-2.png" /></p>
+<details><summary>Inputs:</summary>
+<p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head text-center"><p>Type</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_id</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_resolution</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td class="text-center"><p>No</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_status</span></code></p></td>
+<td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">select</span></code></p></td>
+<td class="text-center"><p>Yes</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</p>
+</details>
+<details><summary>Outputs:</summary>
+<p>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;data&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;artifacts&quot;</span><span class="p">:</span> <span class="p">[],</span>
+      <span class="s2">&quot;assignedTo&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;assignee&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;closed&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;closedBy&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;confidence&quot;</span><span class="p">:</span> <span class="mf">0.85</span><span class="p">,</span>
+      <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T20:17:57.153553&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;entity&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;f741314d-34b6-3417-9c0a-426d547e345a&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;involvedEntities&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_process&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_process-sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_ip-9.108.160.132&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_hostname&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_hostname-sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;lastUpdated&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-02T20:50:41.638872&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;lastUpdatedBy&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;orgId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;readableId&quot;</span><span class="p">:</span> <span class="s2">&quot;INSIGHT-2&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;resolution&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="s2">&quot;MEDIUM&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;signals&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;allRecords&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;baseImage&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;bro_dns_answers&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_file_bytes&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_file_connUids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_flow_service&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ftp_pendingCommands&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_cookieVars&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_origFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_origMimeTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_request_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_http_request_proxied&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_response_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_http_response_respFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_response_respMimeTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_tags&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_http_uriVars&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_kerberos_clientCert&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_kerberos_serverCert&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_sip_headers&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;bro_sip_requestPath&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_sip_responsePath&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ssl_certChainFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;bro_ssl_clientCertChainFuids&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;cseSignal&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;day&quot;</span><span class="p">:</span> <span class="mi">30</span><span class="p">,</span>
+              <span class="s2">&quot;device_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;device_hostname_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;dstDevice_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;dstDevice_hostname_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;fieldTags&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;fields&quot;</span><span class="p">:</span> <span class="p">{</span>
+                <span class="s2">&quot;event_id&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd-failed-invalid-password&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;source_ip&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;source_port&quot;</span><span class="p">:</span> <span class="s2">&quot;53371&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;ssh_version&quot;</span><span class="p">:</span> <span class="s2">&quot;ssh2&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;sumologic1&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_message&quot;</span><span class="p">:</span> <span class="s2">&quot;Failed password for root from 9.108.160.132 port 53371 ssh2&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_process&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_process_id&quot;</span><span class="p">:</span> <span class="s2">&quot;35224&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;syslog_timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;Jul 30 13:17:19&quot;</span><span class="p">,</span>
+                <span class="s2">&quot;user&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+              <span class="p">},</span>
+              <span class="s2">&quot;friendlyName&quot;</span><span class="p">:</span> <span class="s2">&quot;record&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;hour&quot;</span><span class="p">:</span> <span class="mi">13</span><span class="p">,</span>
+              <span class="s2">&quot;http_requestHeaders&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;listMatches&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;matchedItems&quot;</span><span class="p">:</span> <span class="p">[],</span>
+              <span class="s2">&quot;metadata_deviceEventId&quot;</span><span class="p">:</span> <span class="s2">&quot;sshd-failed-invalid-password&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_mapperName&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux OS Syslog - Process sshd - SSH Auth Failure Invalid Password&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_mapperUid&quot;</span><span class="p">:</span> <span class="s2">&quot;05445189-0e1e-425a-8f2b-5d1f41e9546e&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_orgId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_parseTime&quot;</span><span class="p">:</span> <span class="mi">1722370665323</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_parser&quot;</span><span class="p">:</span> <span class="s2">&quot;/Parsers/System/Linux/Linux OS Syslog&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_product&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux OS Syslog&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_productGuid&quot;</span><span class="p">:</span> <span class="s2">&quot;0e20c932-d992-4bd4-b276-c15119ca5c0b&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_receiptTime&quot;</span><span class="p">:</span> <span class="mi">1722370640</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_schemaVersion&quot;</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sensorId&quot;</span><span class="p">:</span> <span class="s2">&quot;0000000000BD6D7C&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sensorInformation&quot;</span><span class="p">:</span> <span class="p">{},</span>
+              <span class="s2">&quot;metadata_sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;default&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceBlockId&quot;</span><span class="p">:</span> <span class="s2">&quot;2295449033841068855&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceCategory&quot;</span><span class="p">:</span> <span class="s2">&quot;linux/system&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_sourceMessageId&quot;</span><span class="p">:</span> <span class="s2">&quot;-7272543713819412727&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;metadata_vendor&quot;</span><span class="p">:</span> <span class="s2">&quot;Linux&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;month&quot;</span><span class="p">:</span> <span class="mi">7</span><span class="p">,</span>
+              <span class="s2">&quot;normalizedAction&quot;</span><span class="p">:</span> <span class="s2">&quot;logon&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;objectClassification&quot;</span><span class="p">:</span> <span class="s2">&quot;Authentication&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;objectType&quot;</span><span class="p">:</span> <span class="s2">&quot;Authentication&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;pid&quot;</span><span class="p">:</span> <span class="mi">35224</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip&quot;</span><span class="p">:</span> <span class="s2">&quot;9.108.160.132&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_ipv4IntValue&quot;</span><span class="p">:</span> <span class="mi">158113924</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_isInternal&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+              <span class="s2">&quot;srcDevice_ip_version&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
+              <span class="s2">&quot;srcPort&quot;</span><span class="p">:</span> <span class="mi">53371</span><span class="p">,</span>
+              <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">false</span><span class="p">,</span>
+              <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="mi">1722345439000</span><span class="p">,</span>
+              <span class="s2">&quot;uid&quot;</span><span class="p">:</span> <span class="s2">&quot;aac19471-8442-5536-9742-bcc5aacc1e80&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;user_username&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;user_username_raw&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;year&quot;</span><span class="p">:</span> <span class="mi">2024</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;artifacts&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;contentType&quot;</span><span class="p">:</span> <span class="s2">&quot;RULE&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Detects multiple failed login attempts for the same username over a 24 hour timeframe. This is designed to catch both slow and quick brute force type attacks. The threshold and time frame can be adjusted based on the customer</span><span class="se">\u0027</span><span class="s2">s environment.&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;entity&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;entityType&quot;</span><span class="p">:</span> <span class="s2">&quot;_username&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;hostname&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+            <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;_username-root&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;macAddress&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+            <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;sensorZone&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;root&quot;</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;f16f0e84-66c4-50c7-a0b2-b02b5cbdd543&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Brute Force Attempt&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;recordCount&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
+          <span class="s2">&quot;recordSearchDetails&quot;</span><span class="p">:</span> <span class="p">{</span>
+            <span class="s2">&quot;query&quot;</span><span class="p">:</span> <span class="s2">&quot;_index=sec_record_* | json field=_raw </span><span class="se">\&quot;</span><span class="s2">resultType</span><span class="se">\&quot;</span><span class="s2"> as _unpacked__raw_resultType nodrop</span><span class="se">\n</span><span class="s2">| where (if (isNull(objectType), false, objectType == </span><span class="se">\&quot;</span><span class="s2">Authentication</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(normalizedAction), false, normalizedAction == </span><span class="se">\&quot;</span><span class="s2">logon</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(success), false, !(success)) and !(if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == </span><span class="se">\&quot;</span><span class="s2">Security-4776</span><span class="se">\&quot;</span><span class="s2">) and !isBlank(listMatches) AND jsonArrayContains(listMatches, </span><span class="se">\&quot;</span><span class="s2">domain_controllers</span><span class="se">\&quot;</span><span class="s2">)) and !(if (isNull(metadata_vendor), false, metadata_vendor == </span><span class="se">\&quot;</span><span class="s2">Microsoft</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_product), false, metadata_product == </span><span class="se">\&quot;</span><span class="s2">Azure</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(_unpacked__raw_resultType), false, _unpacked__raw_resultType == </span><span class="se">\&quot;</span><span class="s2">700082</span><span class="se">\&quot;</span><span class="s2">)) and !(metadata_vendor in (</span><span class="se">\&quot;</span><span class="s2">Microsoft</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">Intersect Alliance</span><span class="se">\&quot;</span><span class="s2">) and metadata_product in (</span><span class="se">\&quot;</span><span class="s2">Windows</span><span class="se">\&quot;</span><span class="s2">, </span><span class="se">\&quot;</span><span class="s2">Snare Enterprise Agent for Windows</span><span class="se">\&quot;</span><span class="s2">) and user_username matches /^[</span><span class="se">\\</span><span class="s2">s</span><span class="se">\\</span><span class="s2">S]*</span><span class="se">\\</span><span class="s2">$[</span><span class="se">\\</span><span class="s2">s</span><span class="se">\\</span><span class="s2">S]*$/) and !(!isBlank(listMatches) AND jsonArrayContains(listMatches, </span><span class="se">\&quot;</span><span class="s2">vuln_scanners</span><span class="se">\&quot;</span><span class="s2">)) and if (isNull(metadata_deviceEventId), false, metadata_deviceEventId == </span><span class="se">\&quot;</span><span class="s2">sshd-failed-invalid-password</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_product), false, metadata_product == </span><span class="se">\&quot;</span><span class="s2">Linux OS Syslog</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(metadata_vendor), false, metadata_vendor == </span><span class="se">\&quot;</span><span class="s2">Linux</span><span class="se">\&quot;</span><span class="s2">) and if (isNull(user_username), false, user_username == </span><span class="se">\&quot;</span><span class="s2">root</span><span class="se">\&quot;</span><span class="s2">))&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;queryEndTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T14:24:00&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;queryStartTime&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-29T14:24:00&quot;</span>
+          <span class="p">},</span>
+          <span class="s2">&quot;recordTypes&quot;</span><span class="p">:</span> <span class="p">[],</span>
+          <span class="s2">&quot;ruleId&quot;</span><span class="p">:</span> <span class="s2">&quot;THRESHOLD-S00096&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;severity&quot;</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span>
+          <span class="s2">&quot;stage&quot;</span><span class="p">:</span> <span class="s2">&quot;Initial Access&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;tags&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0006&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1078&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0001&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110.001&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110.002&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTactic:TA0008&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1110&quot;</span><span class="p">,</span>
+            <span class="s2">&quot;_mitreAttackTechnique:T1586&quot;</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;source&quot;</span><span class="p">:</span> <span class="s2">&quot;ALGORITHM&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;displayName&quot;</span><span class="p">:</span> <span class="s2">&quot;New&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;new&quot;</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;subResolution&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;tags&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="s2">&quot;AnnMarie-2&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;AnnMarie tag&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0006&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTactic:TA0008&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1078&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110.001&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1110.002&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;_mitreAttackTechnique:T1586&quot;</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;teamAssignedTo&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;timeToDetection&quot;</span><span class="p">:</span> <span class="mf">25238.153553</span><span class="p">,</span>
+      <span class="s2">&quot;timeToRemediation&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;timeToResponse&quot;</span><span class="p">:</span> <span class="mf">147653.411281</span><span class="p">,</span>
+      <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-07-30T13:17:19&quot;</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;errors&quot;</span><span class="p">:</span> <span class="p">[]</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;sumo_logic_insight_id&quot;</span><span class="p">:</span> <span class="s2">&quot;f741314d-34b6-3417-9c0a-426d547e345a&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;sumo_logic_insight_resolution&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;sumo_logic_insight_status&quot;</span><span class="p">:</span> <span class="s2">&quot;New&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">64088</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-sumo-logic&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.0&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-08-02 16:51:21&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mf">2.0</span>
+<span class="p">}</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Input Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_id</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span>
+<span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span>
+
+<span class="k">if</span> <span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span> <span class="o">==</span> <span class="s2">&quot;Closed&quot;</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span><span class="p">:</span>
+  <span class="n">helper</span><span class="o">.</span><span class="n">fail</span><span class="p">(</span><span class="s2">&quot;Resolution musted be specified if status is Closed.&quot;</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+<details><summary>Example Function Post Process Script:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">update_insight_status_results</span>
+
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">):</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;&lt;b&gt;Sumo Logic: Update Insight Status: &lt;/b&gt; set:&lt;br&gt;&quot;</span>
+    <span class="k">if</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span><span class="p">:</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span>
+        <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2">&lt;br&gt;   Status:  </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span><span class="si">}</span><span class="s2">&quot;</span>
+    <span class="k">if</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span> <span class="ow">and</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span> <span class="o">==</span> <span class="s1">&#39;Closed&#39;</span><span class="p">:</span>
+        <span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span>
+        <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2">&lt;br&gt;   Resolution: </span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_resolution</span><span class="si">}</span><span class="s2">&quot;</span>
+    <span class="c1"># Uncomment if sub_resolution is implemented.</span>
+    <span class="c1">#if playbook.inputs.sumo_logic_insight_sub_resolution and playbook.inputs.sumo_logic_insight_status == &#39;Closed&#39;:</span>
+    <span class="c1">#    incident.properties.sumo_logic_insight_sub_resolution = playbook.inputs.sumo_logic_insight_sub_resolution</span>
+    <span class="c1">#    note_text = f&quot;{note_text}&lt;br&gt;   Sub Resolution: {playbook.inputs.sumo_logic_insight_sub_resolution&quot;</span>
+<span class="k">else</span><span class="p">:</span>
+    <span class="n">reason</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;reason&quot;</span><span class="p">)</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;&lt;b&gt;Sumo Logic: Update Insight Status: &lt;/b&gt; failed to update status to &lt;b&gt;</span><span class="si">{</span><span class="n">playbook</span><span class="o">.</span><span class="n">inputs</span><span class="o">.</span><span class="n">sumo_logic_insight_status</span><span class="si">}</span><span class="s2">&lt;/b&gt;:&lt;br&gt;  </span><span class="si">{</span><span class="n">reason</span><span class="si">}</span><span class="s2">&quot;</span>
+  
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">note_text</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="script-convert-json-to-rich-text-v1-3">
+<h2>Script - Convert JSON to rich text v1.3<a class="headerlink" href="#script-convert-json-to-rich-text-v1-3" title="Link to this heading">¶</a></h2>
+<p>This script converts a json object into a hierarchical display of rich text and adds the rich text to an incident’s rich text (custom) field or an incident note. A workflow property is used to share the json to convert and identify parameters used on how to perform the conversion.
+Typically, a function will create workflow property and this script will run after that function to perform the conversion.</p>
+<p>Features:</p>
+<ul class="simple">
+<li><p>Display the hierarchical nature of json, presenting the json keys (sorted if specified) as bold labels</p></li>
+<li><p>Provide links to found URLs</p></li>
+<li><p>Create either an incident note or add results to an incident (custom) rich text field.</p></li>
+</ul>
+<p><strong>Object:</strong> incident</p>
+<details><summary>Script Text:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="c1"># (c) Copyright IBM Corp. 2010, 2023. All Rights Reserved.</span>
+<span class="n">VERSION</span> <span class="o">=</span> <span class="mf">1.3</span>
+<span class="sd">&quot;&quot;&quot;</span>
+<span class="sd">  This script converts a json object into a hierarchical display of rich text and adds the rich text to an incident&#39;s rich text (custom) field or an incident note.</span>
+<span class="sd">  A workflow property is used to define the json to convert and identify parameters used on how to perform the conversion.</span>
+<span class="sd">  Typically, a function will create workflow property and this script will run after that function to perform the conversion.</span>
+<span class="sd">  Features:</span>
+<span class="sd">    * Display the hierarchical nature of json, presenting the json keys as bold labels</span>
+<span class="sd">    * Provide links to found URLs</span>
+<span class="sd">    * Create either an incident note or add results to an incident (custom) rich text field.</span>
+<span class="sd">  </span>
+<span class="sd">  In order to use this script, define a workflow property called: convert_json_to_rich_text, to define the json and parameters to use for the conversion.</span>
+<span class="sd">  Workflow properties can be added using a command similar to this:</span>
+<span class="sd">  workflow.addProperty(&#39;convert_json_to_rich_text&#39;, {</span>
+<span class="sd">    &quot;version&quot;: 1.3,</span>
+<span class="sd">    &quot;header&quot;: &quot;Artifact scan results for: {}&quot;.format(artifact.value),</span>
+<span class="sd">    &quot;padding&quot;: 10,</span>
+<span class="sd">    &quot;separator&quot;: u&quot;&lt;br /&gt;&quot;,</span>
+<span class="sd">    &quot;sort&quot;: True,</span>
+<span class="sd">    &quot;json&quot;: results.content,</span>
+<span class="sd">    &quot;json_omit_list&quot;: [&quot;omit&quot;],</span>
+<span class="sd">    &quot;incident_field&quot;: None</span>
+<span class="sd">  })</span>
+<span class="sd">  </span>
+<span class="sd">  Format of workflow.property.convert_json_to_rich_text:</span>
+<span class="sd">  { </span>
+<span class="sd">    &quot;version&quot;: 1.3, [this is for future compatibility]</span>
+<span class="sd">    &quot;header&quot;: str, [header line to add to converted json produced or None. Ex: Results from scanning artifact: xxx. The header may contain rich text tags]</span>
+<span class="sd">    &quot;padding&quot;: 10, [padding for nested json elements, or defaults to 10]</span>
+<span class="sd">    &quot;separator&quot;: u&quot;&lt;br /&gt;&quot;|list such as [&#39;&lt;span&gt;&#39;,&#39;&lt;/span&gt;&#39;], [html separator between json keys and lists or defaults to html break: &#39;&lt;br /&gt;&#39;. </span>
+<span class="sd">                                                If a list, then the data is brackets by the pair specified]</span>
+<span class="sd">    &quot;sort&quot;: True|False, [sort the json keys at each level when displayed]</span>
+<span class="sd">    &quot;json&quot;: json, [required json to convert]</span>
+<span class="sd">    &quot;json_omit_list&quot;: [list of json keys to exclude or None]</span>
+<span class="sd">    &quot;incident_field&quot;: &quot;&lt;incident_field&gt;&quot; [indicates a builtin rich text incident field, such as &#39;description&#39; </span>
+<span class="sd">                                          or a custom rich text field in the format: &#39;properties.&lt;field&gt;&#39;. default: create an incident note]</span>
+<span class="sd">  }</span>
+
+<span class="sd">  For playbooks, use playbook.addProperty() with the same format as workflow.addProperty()</span>
+
+<span class="sd">  Playbooks can also use playbook.functions.results.convert_json_to_rich_text using the standard function output which contains the &#39;content&#39; json element.</span>
+<span class="sd">  When using playbook.functions.results.convert_json_to_rich_text with standard function results, all the defaults for padding, separator, etc. are used.</span>
+<span class="sd">&quot;&quot;&quot;</span>
+
+<span class="kn">import</span> <span class="nn">re</span>
+
+<span class="c1"># needed for python 3</span>
+<span class="k">try</span><span class="p">:</span>
+    <span class="n">unicode</span><span class="p">(</span><span class="s2">&quot;abc&quot;</span><span class="p">)</span> <span class="c1"># fails in py3</span>
+    <span class="n">py2</span> <span class="o">=</span> <span class="kc">True</span>
+<span class="k">except</span><span class="p">:</span>
+    <span class="n">unicode</span> <span class="o">=</span> <span class="nb">str</span>
+    <span class="n">py2</span> <span class="o">=</span> <span class="kc">False</span>
+
+
+<span class="n">rc</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="sa">r</span><span class="s1">&#39;http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&amp;+#\?]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+&#39;</span><span class="p">)</span>
+
+<span class="k">class</span> <span class="nc">ConvertJson</span><span class="p">:</span>
+<span class="w">    </span><span class="sd">&quot;&quot;&quot;Class to hold the conversion parameters and perform the conversion&quot;&quot;&quot;</span>
+
+    <span class="k">def</span> <span class="fm">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">omit_keys</span><span class="o">=</span><span class="p">[],</span> <span class="n">padding</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="n">separator</span><span class="o">=</span><span class="sa">u</span><span class="s2">&quot;&lt;br /&gt;&quot;</span><span class="p">,</span> <span class="n">sort_keys</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
+        <span class="bp">self</span><span class="o">.</span><span class="n">omit_keys</span> <span class="o">=</span> <span class="n">omit_keys</span>
+        <span class="bp">self</span><span class="o">.</span><span class="n">padding</span> <span class="o">=</span> <span class="n">padding</span>
+        <span class="bp">self</span><span class="o">.</span><span class="n">separator</span> <span class="o">=</span> <span class="n">separator</span>
+        <span class="bp">self</span><span class="o">.</span><span class="n">sort_keys</span> <span class="o">=</span> <span class="n">sort_keys</span>
+
+
+    <span class="k">def</span> <span class="nf">format_link</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">item</span><span class="p">):</span>
+<span class="w">        </span><span class="sd">&quot;&quot;&quot;[summary]</span>
+<span class="sd">          Find embedded urls (http(s)) and add html anchor tags to display as links</span>
+<span class="sd">          Args:</span>
+<span class="sd">              item ([string])</span>
+
+<span class="sd">          Returns:</span>
+<span class="sd">              [str]: None|original text if no links|text with html links</span>
+<span class="sd">        &quot;&quot;&quot;</span>
+        <span class="n">formatted_item</span> <span class="o">=</span> <span class="n">item</span>
+        <span class="k">if</span> <span class="n">py2</span><span class="p">:</span>
+            <span class="n">num_type</span> <span class="o">=</span> <span class="nb">bool</span><span class="p">(</span><span class="n">item</span> <span class="ow">and</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="p">(</span><span class="nb">int</span><span class="p">,</span> <span class="n">long</span><span class="p">,</span> <span class="nb">bool</span><span class="p">,</span> <span class="nb">float</span><span class="p">)))</span>
+        <span class="k">else</span><span class="p">:</span>
+            <span class="n">num_type</span> <span class="o">=</span> <span class="nb">bool</span><span class="p">(</span><span class="n">item</span> <span class="ow">and</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="p">(</span><span class="nb">int</span><span class="p">,</span> <span class="nb">bool</span><span class="p">,</span> <span class="nb">float</span><span class="p">)))</span>
+
+        <span class="k">if</span> <span class="n">item</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">num_type</span><span class="p">:</span>
+            <span class="nb">list</span> <span class="o">=</span> <span class="n">rc</span><span class="o">.</span><span class="n">findall</span><span class="p">(</span><span class="n">item</span><span class="p">)</span>
+            <span class="k">if</span> <span class="nb">list</span><span class="p">:</span>
+                <span class="k">for</span> <span class="n">link</span> <span class="ow">in</span> <span class="nb">list</span><span class="p">:</span>
+                    <span class="n">formatted_item</span> <span class="o">=</span> <span class="n">formatted_item</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="n">link</span><span class="p">,</span> <span class="sa">u</span><span class="s2">&quot;&lt;a target=&#39;blank&#39; href=&#39;</span><span class="si">{0}</span><span class="s2">&#39;&gt;</span><span class="si">{0}</span><span class="s2">&lt;/a&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">link</span><span class="p">))</span>
+
+        <span class="k">return</span> <span class="n">formatted_item</span>
+
+    <span class="k">def</span> <span class="nf">expand_list</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">list_value</span><span class="p">,</span> <span class="n">is_list</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
+<span class="w">        </span><span class="sd">&quot;&quot;&quot;[summary]</span>
+<span class="sd">          convert items to html, adding indents to nested dictionaries.</span>
+<span class="sd">          Args:</span>
+<span class="sd">              list_value ([dict|list]): json element</span>
+
+<span class="sd">          Returns:</span>
+<span class="sd">              [str]: html converted code</span>
+<span class="sd">        &quot;&quot;&quot;</span>
+        <span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">list_value</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+            <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">format_link</span><span class="p">(</span><span class="n">list_value</span><span class="p">)</span>
+        <span class="k">elif</span> <span class="ow">not</span> <span class="n">list_value</span><span class="p">:</span>
+            <span class="k">return</span> <span class="sa">u</span><span class="s2">&quot;None&lt;br&gt;&quot;</span>
+
+        <span class="k">try</span><span class="p">:</span>
+            <span class="n">items_list</span> <span class="o">=</span> <span class="p">[]</span>  <span class="c1"># this will ensure list starts on second line of key label</span>
+            <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">list_value</span><span class="p">:</span>
+                <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
+                    <span class="n">result</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">convert_json_to_rich_text</span><span class="p">(</span><span class="n">item</span><span class="p">)</span>
+                    <span class="k">if</span> <span class="n">is_list</span><span class="p">:</span>
+                        <span class="n">items_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">u</span><span class="s2">&quot;&lt;li&gt;</span><span class="si">{}</span><span class="s2">&lt;/li&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">result</span><span class="p">))</span>
+                    <span class="k">else</span><span class="p">:</span>
+                        <span class="n">items_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">result</span><span class="p">)</span>
+                <span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+                    <span class="n">items_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">expand_list</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="n">is_list</span><span class="o">=</span><span class="kc">True</span><span class="p">))</span>
+                <span class="k">elif</span> <span class="n">is_list</span><span class="p">:</span>
+                    <span class="n">items_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">u</span><span class="s2">&quot;&lt;li&gt;</span><span class="si">{}</span><span class="s2">&lt;/li&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">format_link</span><span class="p">(</span><span class="n">unicode</span><span class="p">(</span><span class="n">item</span><span class="p">))))</span>
+                <span class="k">else</span><span class="p">:</span>
+                    <span class="n">items_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">format_link</span><span class="p">(</span><span class="n">unicode</span><span class="p">(</span><span class="n">item</span><span class="p">)))</span>
+
+            <span class="n">expand_list_result</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">add_separator</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">separator</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">is_list</span> <span class="k">else</span> <span class="sa">u</span><span class="s2">&quot;&quot;</span><span class="p">,</span>
+                                                    <span class="n">items_list</span><span class="p">,</span>
+                                                    <span class="n">is_list</span><span class="o">=</span><span class="n">is_list</span><span class="p">)</span>
+
+            <span class="k">if</span> <span class="n">is_list</span><span class="p">:</span>
+                <span class="k">return</span> <span class="sa">u</span><span class="s2">&quot;&lt;ul&gt;</span><span class="si">{}</span><span class="s2">&lt;/ul&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">expand_list_result</span><span class="p">)</span>
+            <span class="k">else</span><span class="p">:</span>
+                <span class="k">return</span> <span class="sa">u</span><span class="s2">&quot;&lt;div style=&#39;padding:5px&#39;&gt;</span><span class="si">{}</span><span class="s2">&lt;/div&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">expand_list_result</span><span class="p">)</span>
+        <span class="k">except</span> <span class="ne">Exception</span> <span class="k">as</span> <span class="n">err</span><span class="p">:</span>
+            <span class="k">return</span> <span class="nb">str</span><span class="p">(</span><span class="n">err</span><span class="p">)</span>
+
+    <span class="k">def</span> <span class="nf">convert_json_to_rich_text</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">sub_dict</span><span class="p">):</span>
+<span class="w">        </span><span class="sd">&quot;&quot;&quot;[summary]</span>
+<span class="sd">          Walk dictionary tree and convert to html for better display</span>
+<span class="sd">          Args:</span>
+<span class="sd">              sub_dict ([type]): [description]</span>
+
+<span class="sd">          Returns:</span>
+<span class="sd">              [type]: [description]</span>
+<span class="sd">        &quot;&quot;&quot;</span>
+        <span class="n">notes</span> <span class="o">=</span> <span class="p">[]</span>
+        <span class="k">if</span> <span class="n">sub_dict</span> <span class="ow">and</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">sub_dict</span><span class="p">,</span> <span class="p">(</span><span class="nb">list</span><span class="p">,</span> <span class="nb">dict</span><span class="p">)):</span>
+            <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">sub_dict</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+                <span class="n">expanded_list</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">expand_list</span><span class="p">(</span><span class="n">sub_dict</span><span class="p">,</span> <span class="n">is_list</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
+                <span class="n">notes</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">add_separator</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">separator</span><span class="p">,</span> <span class="n">expanded_list</span><span class="p">))</span>
+            <span class="k">else</span><span class="p">:</span>
+                <span class="n">keys</span> <span class="o">=</span> <span class="nb">sorted</span> <span class="p">(</span><span class="n">sub_dict</span><span class="o">.</span><span class="n">keys</span><span class="p">())</span> <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">sort_keys</span> <span class="k">else</span> <span class="n">sub_dict</span><span class="o">.</span><span class="n">keys</span><span class="p">()</span>
+
+                <span class="k">for</span> <span class="n">key</span> <span class="ow">in</span> <span class="n">keys</span><span class="p">:</span>
+                    <span class="k">if</span> <span class="n">key</span> <span class="ow">not</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">omit_keys</span><span class="p">:</span>
+                        <span class="n">value</span> <span class="o">=</span> <span class="n">sub_dict</span><span class="p">[</span><span class="n">key</span><span class="p">]</span>
+                        <span class="n">is_list</span> <span class="o">=</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="nb">list</span><span class="p">)</span>
+                        <span class="n">item_list</span> <span class="o">=</span> <span class="p">[</span><span class="sa">u</span><span class="s2">&quot;&lt;strong&gt;</span><span class="si">{0}</span><span class="s2">&lt;/strong&gt;: &quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">key</span><span class="p">)]</span>
+                        <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
+                            <span class="n">convert_result</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">convert_json_to_rich_text</span><span class="p">(</span><span class="n">value</span><span class="p">)</span>
+                            <span class="k">if</span> <span class="n">convert_result</span><span class="p">:</span>
+                                <span class="n">item_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">u</span><span class="s2">&quot;&lt;div style=&#39;padding:</span><span class="si">{}</span><span class="s2">px&#39;&gt;</span><span class="si">{}</span><span class="s2">&lt;/div&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">padding</span><span class="p">,</span> <span class="n">convert_result</span><span class="p">))</span>
+                            <span class="k">else</span><span class="p">:</span>
+                                <span class="n">item_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">u</span><span class="s2">&quot;None&lt;br&gt;&quot;</span><span class="p">)</span>
+                        <span class="k">else</span><span class="p">:</span>
+                            <span class="n">item_list</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">expand_list</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="n">is_list</span><span class="o">=</span><span class="n">is_list</span><span class="p">))</span>
+
+                        <span class="n">notes</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">add_separator</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">separator</span><span class="p">,</span> <span class="sa">u</span><span class="s2">&quot;&quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">make_unicode</span><span class="p">(</span><span class="n">v</span><span class="p">)</span> <span class="k">for</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">item_list</span><span class="p">),</span> <span class="n">is_list</span><span class="o">=</span><span class="n">is_list</span><span class="p">))</span>
+
+        <span class="n">result_notes</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;&quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">notes</span><span class="p">)</span>
+        <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">separator</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+            <span class="k">return</span> <span class="n">result_notes</span>
+        <span class="k">else</span><span class="p">:</span>
+            <span class="k">return</span> <span class="n">result_notes</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span>
+                <span class="sa">u</span><span class="s2">&quot;&lt;/div&gt;</span><span class="si">{0}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">separator</span><span class="p">),</span> <span class="sa">u</span><span class="s2">&quot;&lt;/div&gt;&quot;</span><span class="p">)</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span>
+                <span class="sa">u</span><span class="s2">&quot;</span><span class="si">{0}</span><span class="s2">&lt;/div&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">separator</span><span class="p">),</span> <span class="sa">u</span><span class="s2">&quot;&lt;/div&gt;&quot;</span>
+            <span class="p">)</span>  <span class="c1"># tighten up result</span>
+
+    <span class="k">def</span> <span class="nf">add_separator</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">separator</span><span class="p">,</span> <span class="n">items</span><span class="p">,</span> <span class="n">is_list</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
+<span class="w">        </span><span class="sd">&quot;&quot;&quot;</span>
+<span class="sd">        apply the separator to the data</span>
+<span class="sd">        :param separator: None, str or list such as [&#39;&lt;span&gt;&#39;, &#39;&lt;/span&gt;&#39;]</span>
+<span class="sd">        :param items: str or list to add separator</span>
+<span class="sd">        :return: text with separator applied</span>
+<span class="sd">        &quot;&quot;&quot;</span>
+        <span class="n">_items</span> <span class="o">=</span> <span class="n">items</span>
+
+        <span class="k">if</span> <span class="ow">not</span> <span class="n">_items</span><span class="p">:</span>
+            <span class="k">return</span> <span class="s2">&quot;&lt;br&gt;&quot;</span>
+
+        <span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">_items</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+            <span class="n">_items</span> <span class="o">=</span> <span class="p">[</span><span class="n">_items</span><span class="p">]</span>
+
+        <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">separator</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+            <span class="k">return</span> <span class="sa">u</span><span class="s2">&quot;&quot;</span><span class="o">.</span><span class="n">join</span><span class="p">([</span><span class="sa">u</span><span class="s2">&quot;</span><span class="si">{}{}{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">separator</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="n">item</span><span class="p">,</span> <span class="n">separator</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">_items</span><span class="p">])</span>
+
+        <span class="k">return</span> <span class="sa">u</span><span class="s2">&quot;</span><span class="si">{}{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">separator</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">_items</span><span class="p">),</span> <span class="n">separator</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">is_list</span> <span class="k">else</span> <span class="sa">u</span><span class="s2">&quot;&quot;</span><span class="p">)</span>
+
+<span class="k">def</span> <span class="nf">make_unicode</span><span class="p">(</span><span class="n">value</span><span class="p">):</span>
+    <span class="k">if</span> <span class="n">value</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
+        <span class="k">return</span> <span class="s1">&#39;None&#39;</span>
+
+    <span class="k">return</span> <span class="n">unicode</span><span class="p">(</span><span class="n">value</span><span class="p">)</span>
+
+<span class="k">def</span> <span class="nf">get_results</span><span class="p">(</span><span class="n">property_name</span><span class="p">):</span>
+    <span class="k">if</span> <span class="n">playbook</span> <span class="ow">and</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="p">[</span><span class="n">property_name</span><span class="p">]</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
+        <span class="k">return</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="p">[</span><span class="n">property_name</span><span class="p">]</span>
+    <span class="k">elif</span> <span class="n">playbook</span> <span class="ow">and</span> <span class="n">playbook</span><span class="o">.</span><span class="n">properties</span><span class="p">[</span><span class="n">property_name</span><span class="p">]</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
+        <span class="k">return</span> <span class="n">playbook</span><span class="o">.</span><span class="n">properties</span><span class="p">[</span><span class="n">property_name</span><span class="p">]</span>
+    <span class="k">elif</span> <span class="n">workflow</span> <span class="ow">and</span> <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="p">[</span><span class="n">property_name</span><span class="p">]</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
+        <span class="k">return</span> <span class="n">workflow</span><span class="o">.</span><span class="n">properties</span><span class="p">[</span><span class="n">property_name</span><span class="p">]</span>
+
+    <span class="k">return</span> <span class="kc">None</span>
+
+<span class="k">def</span> <span class="nf">get_properties</span><span class="p">(</span><span class="n">property_name</span><span class="p">):</span>
+<span class="w">    </span><span class="sd">&quot;&quot;&quot;</span>
+<span class="sd">    Logic to collect the json and parameters from a workflow property.</span>
+<span class="sd">    Args:</span>
+<span class="sd">      property_name: workflow property to reference</span>
+<span class="sd">    Returns:</span>
+<span class="sd">      padding, separator, header, json_omit_list, incident_field, json, sort_keys</span>
+<span class="sd">    &quot;&quot;&quot;</span>
+    <span class="n">result_properties</span> <span class="o">=</span> <span class="n">get_results</span><span class="p">(</span><span class="n">property_name</span><span class="p">)</span>
+    <span class="k">if</span> <span class="ow">not</span> <span class="n">result_properties</span><span class="p">:</span>
+        <span class="n">helper</span><span class="o">.</span><span class="n">fail</span><span class="p">(</span><span class="s2">&quot;Playbook/workflow property not found: </span><span class="si">{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">property_name</span><span class="p">))</span>
+
+    <span class="n">padding</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;padding&quot;</span><span class="p">,</span> <span class="mi">10</span><span class="p">))</span>
+    <span class="n">separator</span> <span class="o">=</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;separator&quot;</span><span class="p">,</span> <span class="sa">u</span><span class="s2">&quot;&lt;br /&gt;&quot;</span><span class="p">)</span>
+    <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">separator</span><span class="p">,</span> <span class="nb">list</span><span class="p">)</span> <span class="ow">and</span> <span class="nb">len</span><span class="p">(</span><span class="n">separator</span><span class="p">)</span> <span class="o">!=</span> <span class="mi">2</span><span class="p">:</span>
+        <span class="n">helper</span><span class="o">.</span><span class="n">fail</span><span class="p">(</span><span class="s2">&quot;list of separators should be specified as a pair such as [&#39;&lt;div&gt;&#39;, &#39;&lt;/div&gt;&#39;]: </span><span class="si">{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">separator</span><span class="p">))</span>
+
+    <span class="n">header</span> <span class="o">=</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;header&quot;</span><span class="p">)</span>
+    <span class="n">sort_keys</span> <span class="o">=</span> <span class="nb">bool</span><span class="p">(</span><span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;sort&quot;</span><span class="p">,</span> <span class="kc">False</span><span class="p">))</span>
+    <span class="n">json_omit_list</span> <span class="o">=</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;json_omit_list&quot;</span><span class="p">)</span>
+    <span class="k">if</span> <span class="ow">not</span> <span class="n">json_omit_list</span><span class="p">:</span>
+        <span class="n">json_omit_list</span> <span class="o">=</span> <span class="p">[]</span>
+    <span class="n">incident_field</span> <span class="o">=</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;incident_field&quot;</span><span class="p">)</span>
+    
+    <span class="c1"># workflow formatted content is &#39;json&#39;. Standard functions is &#39;content&#39;</span>
+    <span class="n">json</span> <span class="o">=</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;json&quot;</span><span class="p">)</span> <span class="k">if</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;json&quot;</span><span class="p">)</span> <span class="k">else</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">)</span>
+    <span class="n">json_err</span> <span class="o">=</span> <span class="kc">None</span>
+    <span class="c1"># is there an issue we need handle now?</span>
+    <span class="k">if</span> <span class="ow">not</span> <span class="n">json</span> <span class="ow">and</span> \
+        <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">)</span> <span class="o">==</span> <span class="kc">False</span> <span class="ow">and</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;reason&quot;</span><span class="p">):</span>
+        <span class="n">json_err</span> <span class="o">=</span> <span class="n">result_properties</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;reason&quot;</span><span class="p">)</span>
+    
+    <span class="k">return</span> <span class="n">padding</span><span class="p">,</span> <span class="n">separator</span><span class="p">,</span> <span class="n">header</span><span class="p">,</span> <span class="n">json_omit_list</span><span class="p">,</span> <span class="n">incident_field</span><span class="p">,</span> <span class="n">json</span><span class="p">,</span> <span class="n">json_err</span><span class="p">,</span> <span class="n">sort_keys</span>
+
+
+<span class="c1">## S T A R T</span>
+<span class="n">padding</span><span class="p">,</span> <span class="n">separator</span><span class="p">,</span> <span class="n">header</span><span class="p">,</span> <span class="n">json_omit_list</span><span class="p">,</span> <span class="n">incident_field</span><span class="p">,</span> <span class="n">json</span><span class="p">,</span> <span class="n">json_err</span><span class="p">,</span> <span class="n">sort_keys</span> <span class="o">=</span> <span class="n">get_properties</span><span class="p">(</span><span class="s1">&#39;convert_json_to_rich_text&#39;</span><span class="p">)</span>
+<span class="k">if</span> <span class="n">json_err</span><span class="p">:</span>
+    <span class="n">result</span> <span class="o">=</span> <span class="s2">&quot;Result error: </span><span class="si">{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">json_err</span><span class="p">)</span>
+<span class="k">else</span><span class="p">:</span>
+    <span class="k">if</span> <span class="n">header</span><span class="p">:</span>
+        <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">separator</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+            <span class="n">hdr</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;</span><span class="si">{0}{1}{2}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">separator</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="n">header</span><span class="p">,</span> <span class="n">separator</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span>
+        <span class="k">else</span><span class="p">:</span>
+            <span class="n">hdr</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;</span><span class="si">{0}{1}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">header</span><span class="p">,</span> <span class="n">separator</span><span class="p">)</span>
+    <span class="k">else</span><span class="p">:</span>
+        <span class="n">hdr</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;&quot;</span>
+
+    <span class="n">convert</span> <span class="o">=</span> <span class="n">ConvertJson</span><span class="p">(</span><span class="n">omit_keys</span><span class="o">=</span><span class="n">json_omit_list</span><span class="p">,</span> <span class="n">padding</span><span class="o">=</span><span class="n">padding</span><span class="p">,</span> <span class="n">separator</span><span class="o">=</span><span class="n">separator</span><span class="p">,</span> <span class="n">sort_keys</span><span class="o">=</span><span class="n">sort_keys</span><span class="p">)</span>
+    <span class="n">converted_json</span> <span class="o">=</span> <span class="n">convert</span><span class="o">.</span><span class="n">convert_json_to_rich_text</span><span class="p">(</span><span class="n">json</span><span class="p">)</span>
+    <span class="n">result</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;</span><span class="si">{}{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">hdr</span><span class="p">,</span> <span class="n">converted_json</span> <span class="k">if</span> <span class="n">converted_json</span> <span class="k">else</span> <span class="s2">&quot;</span><span class="se">\n</span><span class="s2">None&quot;</span><span class="p">)</span>
+
+<span class="n">rich_text_note</span> <span class="o">=</span> <span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">result</span><span class="p">)</span>
+<span class="k">if</span> <span class="n">incident_field</span><span class="p">:</span>
+    <span class="n">incident</span><span class="p">[</span><span class="n">incident_field</span><span class="p">]</span> <span class="o">=</span> <span class="n">rich_text_note</span>
+<span class="k">else</span><span class="p">:</span>
+    <span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">rich_text_note</span><span class="p">)</span>
+
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="script-sumo-logic-add-artifacts-from-insight">
+<h2>Script - Sumo Logic: Add Artifacts from Insight<a class="headerlink" href="#script-sumo-logic-add-artifacts-from-insight" title="Link to this heading">¶</a></h2>
+<p>Create artifacts in SOAR from the Sumo Logic Get Insight by ID function and write the results to a note.</p>
+<p><strong>Object:</strong> incident</p>
+<details><summary>Script Text:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">ARTIFACT_TYPE_MAPPING</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;_ip&quot;</span><span class="p">:</span> <span class="s2">&quot;IP Address&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;_hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;DNS Name&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;_file&quot;</span><span class="p">:</span> <span class="s2">&quot;File Path&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;_mac&quot;</span><span class="p">:</span> <span class="s2">&quot;MAC Address&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;_process&quot;</span><span class="p">:</span> <span class="s2">&quot;Process Name&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;_username&quot;</span><span class="p">:</span> <span class="s2">&quot;User Account&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;_useragent&quot;</span><span class="p">:</span> <span class="s2">&quot;User Agent&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;_url&quot;</span><span class="p">:</span> <span class="s2">&quot;URL&quot;</span>
+<span class="p">}</span>
+
+<span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_insight_by_id_results</span>
+
+<span class="n">note_text</span> <span class="o">=</span> <span class="s2">&quot;&lt;b&gt;Sumo Logic: Add Artifacts from Insight:&lt;/b&gt;&quot;</span>
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">,</span> <span class="kc">False</span><span class="p">):</span>
+  <span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+  <span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+      <span class="n">data</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+      <span class="k">if</span> <span class="n">data</span><span class="p">:</span>
+          <span class="n">involved_entities</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;involvedEntities&quot;</span><span class="p">,</span> <span class="p">[])</span>
+          <span class="n">artifact_count</span> <span class="o">=</span> <span class="mi">0</span>
+          <span class="k">for</span> <span class="n">entity</span> <span class="ow">in</span> <span class="n">involved_entities</span><span class="p">:</span>
+              <span class="n">entity_type</span> <span class="o">=</span> <span class="n">ARTIFACT_TYPE_MAPPING</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">entity</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;entityType&quot;</span><span class="p">),</span> <span class="kc">None</span><span class="p">)</span>
+              <span class="n">entity_value</span> <span class="o">=</span> <span class="n">entity</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;value&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+              <span class="k">if</span> <span class="n">entity_type</span> <span class="ow">and</span> <span class="n">entity_value</span><span class="p">:</span>
+                  <span class="n">incident</span><span class="o">.</span><span class="n">addArtifact</span><span class="p">(</span><span class="n">entity_type</span><span class="p">,</span> <span class="n">entity_value</span><span class="p">,</span> <span class="sa">f</span><span class="s2">&quot;Artifact created from Sumo Logic insight </span><span class="si">{</span><span class="n">incident</span><span class="o">.</span><span class="n">properties</span><span class="o">.</span><span class="n">sumo_logic_insight_readable_id</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
+                  <span class="n">artifact_count</span> <span class="o">+=</span> <span class="mi">1</span>
+              <span class="k">else</span><span class="p">:</span>
+                  <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2">&lt;br&gt;Unable to create artifact from entity: </span><span class="si">{</span><span class="n">entity</span><span class="si">}</span><span class="s2">&quot;</span>
+          <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2">&lt;br&gt;</span><span class="si">{</span><span class="n">artifact_count</span><span class="si">}</span><span class="s2"> artifact(s) created.&quot;</span>
+      <span class="k">else</span><span class="p">:</span>
+          <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2">&lt;br&gt;no data found in insight results.&quot;</span>
+  <span class="k">else</span><span class="p">:</span>
+      <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2">&lt;br&gt;no content found in insight results.&quot;</span>
+<span class="k">else</span><span class="p">:</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2">&lt;br&gt;results found in insight results.&quot;</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">note_text</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="script-sumo-logic-populate-signals-data-table">
+<h2>Script - Sumo Logic: Populate Signals Data Table<a class="headerlink" href="#script-sumo-logic-populate-signals-data-table" title="Link to this heading">¶</a></h2>
+<p>Populate the Signals data table with results from get insight function.</p>
+<p><strong>Object:</strong> incident</p>
+<details><summary>Script Text:</summary>
+<p>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="n">playbook</span><span class="o">.</span><span class="n">functions</span><span class="o">.</span><span class="n">results</span><span class="o">.</span><span class="n">get_insight_by_id_results</span>
+<span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;&lt;b&gt;Sumo Logic: Populate Signals Data Table:&lt;/b&gt;&quot;</span>
+<span class="k">if</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;success&quot;</span><span class="p">,</span> <span class="kc">False</span><span class="p">):</span>
+  <span class="n">content</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;content&quot;</span><span class="p">,</span> <span class="p">{})</span>
+  <span class="k">if</span> <span class="n">content</span><span class="p">:</span>
+      <span class="n">data</span> <span class="o">=</span> <span class="n">content</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;data&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+      <span class="k">if</span> <span class="n">data</span><span class="p">:</span>
+          <span class="n">signals</span> <span class="o">=</span> <span class="n">data</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;signals&quot;</span><span class="p">,</span> <span class="p">[])</span>
+          <span class="k">for</span> <span class="n">signal</span> <span class="ow">in</span> <span class="n">signals</span><span class="p">:</span>
+              <span class="n">signal_row</span> <span class="o">=</span> <span class="n">incident</span><span class="o">.</span><span class="n">addRow</span><span class="p">(</span><span class="s2">&quot;sumo_logic_insight_signals_dt&quot;</span><span class="p">)</span>
+              <span class="n">signal_row</span><span class="o">.</span><span class="n">sumo_logic_signal_timestamp</span>   <span class="o">=</span> <span class="n">signal</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+              <span class="n">signal_row</span><span class="o">.</span><span class="n">sumo_logic_signal_id</span>          <span class="o">=</span> <span class="n">signal</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;id&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+              <span class="n">signal_row</span><span class="o">.</span><span class="n">sumo_logic_signal_name</span>        <span class="o">=</span> <span class="n">signal</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;name&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+              <span class="n">signal_row</span><span class="o">.</span><span class="n">sumo_logic_signal_stage</span>       <span class="o">=</span> <span class="n">signal</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;stage&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+              <span class="n">signal_row</span><span class="o">.</span><span class="n">sumo_logic_signal_description</span> <span class="o">=</span> <span class="n">signal</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;description&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+              <span class="n">signal_row</span><span class="o">.</span><span class="n">sumo_logic_signal_rule_id</span>     <span class="o">=</span> <span class="n">signal</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;ruleId&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
+              <span class="n">signal_row</span><span class="o">.</span><span class="n">sumo_logic_signal_severity</span> <span class="o">=</span> <span class="nb">str</span><span class="p">(</span><span class="n">signal</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;severity&quot;</span><span class="p">))</span> <span class="k">if</span> <span class="n">signal</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;severity&quot;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span> <span class="k">else</span> <span class="kc">None</span>
+          <span class="n">num_signals</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span><span class="n">signals</span><span class="p">)</span>
+          <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2"> </span><span class="si">{</span><span class="n">num_signals</span><span class="si">}</span><span class="s2"> signal(s) written to Signals data table.&quot;</span>
+      <span class="k">else</span><span class="p">:</span>
+          <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2"> Failed - no data found.&quot;</span>
+  <span class="k">else</span><span class="p">:</span>
+      <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2"> Failed - no data content found.&quot;</span>
+<span class="k">else</span><span class="p">:</span>
+    <span class="n">reason</span> <span class="o">=</span> <span class="n">results</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;reason&quot;</span><span class="p">,</span> <span class="s2">&quot;No reason&quot;</span><span class="p">)</span>
+    <span class="n">note_text</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">&quot;</span><span class="si">{</span><span class="n">note_text</span><span class="si">}</span><span class="s2"> Failed - </span><span class="si">{</span><span class="n">reason</span><span class="si">}</span><span class="s2">&quot;</span>
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">note_text</span><span class="p">)</span>
+</pre></div>
+</div>
+</p>
+</details>
+</section>
+<hr class="docutils" />
+<section id="playbooks">
+<h2>Playbooks<a class="headerlink" href="#playbooks" title="Link to this heading">¶</a></h2>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Playbook Name</p></th>
+<th class="head"><p>Description</p></th>
+<th class="head"><p>Activation Type</p></th>
+<th class="head"><p>Object</p></th>
+<th class="head"><p>Status</p></th>
+<th class="head"><p>Condition</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Sumo Logic: Add Comment to Insight</p></td>
+<td><p>Manual playbook to add a comment to a Sumo Logic insight in Sumo Logic.</p></td>
+<td><p>Manual</p></td>
+<td><p>note</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">incident.properties.sumo_logic_insight_id</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>Sumo Logic: Add Tag to Insight</p></td>
+<td><p>Manual playbook to add a tag to a Sumo Logic insight.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">incident.properties.sumo_logic_insight_id</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>Sumo Logic: Close Insight on Case Close</p></td>
+<td><p>Automatic playbook that updates the Status and Resolution of the associated insight in Sumo Logic  when the cases is closed in SOAR.  The SOAR case resolution summary is written as a comment to the Sumo Logic insight.</p></td>
+<td><p>Automatic</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">incident.plan_status</span> <span class="pre">changed_to</span> <span class="pre">Closed</span> <span class="pre">AND</span> <span class="pre">incident.properties.sumo_logic_insight_id</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>Sumo Logic: Scan Artifact for Hits</p></td>
+<td><p>Scan artifacts added to Sumo Logic case and add hit if</p></td>
+<td><p>Manual</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">in</span> <span class="pre">['IP</span> <span class="pre">Address',</span> <span class="pre">'DNS</span> <span class="pre">Name',</span> <span class="pre">'URL',</span> <span class="pre">'User</span> <span class="pre">Account',</span> <span class="pre">'Process</span> <span class="pre">Name',</span> <span class="pre">'File</span> <span class="pre">Name',</span> <span class="pre">'File</span> <span class="pre">Path',</span> <span class="pre">'MAC</span> <span class="pre">Address',</span> <span class="pre">'User</span> <span class="pre">Agent']</span> <span class="pre">AND</span> <span class="pre">incident.properties.sumo_logic_insight_id</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>Sumo Logic: Scan Artifact for Hits Automatic</p></td>
+<td><p>Automatic playbook to scan artifacts added to Sumo Logic case and add hit on artifact if recent Signal Severity Total is greater than specified threshold value.</p></td>
+<td><p>Automatic</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">in</span> <span class="pre">['IP</span> <span class="pre">Address',</span> <span class="pre">'DNS</span> <span class="pre">Name',</span> <span class="pre">'URL',</span> <span class="pre">'User</span> <span class="pre">Account',</span> <span class="pre">'Process</span> <span class="pre">Name',</span> <span class="pre">'File</span> <span class="pre">Name',</span> <span class="pre">'File</span> <span class="pre">Path',</span> <span class="pre">'MAC</span> <span class="pre">Address',</span> <span class="pre">'User</span> <span class="pre">Agent']</span> <span class="pre">AND</span> <span class="pre">incident.properties.sumo_logic_insight_id</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">object_added</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>Sumo Logic: Update Case</p></td>
+<td><p>Manual playbook to update Sumo Logic case. Custom fields, data tables and comments are updated in the SOAR case.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">incident.properties.sumo_logic_insight_id</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>Sumo Logic: Update Case on Creation</p></td>
+<td><p>Automatic playbook to update Sumo Logic case when the case is created. Custom fields, data tables and comments are updated in the SOAR case.</p></td>
+<td><p>Automatic</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">incident.properties.sumo_logic_insight_id</span> <span class="pre">has_a_value</span> <span class="pre">AND</span> <span class="pre">object_added</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>Sumo Logic: Update Insight Status</p></td>
+<td><p>Manual playbook to update the status of an insight in Sumo Logic.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>Sumo Logic: Write Entity JSON to Note</p></td>
+<td><p>Write the Sumo Logic entity JSON to an incident note in SOAR.</p></td>
+<td><p>Manual</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>Sumo Logic: Write Insight JSON to Note</p></td>
+<td><p>Write the Sumo Logic insight JSON to an incident note in SOAR.</p></td>
+<td><p>Manual</p></td>
+<td><p>incident</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">incident.properties.sumo_logic_insight_id</span> <span class="pre">has_a_value</span></code></p></td>
+</tr>
+<tr class="row-even"><td><p>Sumo Logic: Write Signal JSON to Note</p></td>
+<td><p>Write the Sumo Logic signal JSON to an incident note in SOAR.</p></td>
+<td><p>Manual</p></td>
+<td><p>sumo_logic_insight_signals_dt</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">enabled</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">-</span></code></p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+<hr class="docutils" />
+<section id="custom-layouts">
+<h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h2>
+<!--
+  Use this section to provide guidance on where the user should add any custom fields and data tables.
+  You may wish to recommend a new incident tab.
+  You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
+-->
+<p>A custom layout Sumo Logic tab is included that contains Custom Fields and Signals Data Tables and Custom Fields like the screenshot below:</p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts31.png" /></p>
+<p>Sumo Logic Incident tab example:</p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts210.png" /></p>
+</section>
+<section id="data-table-signals">
+<h2>Data Table - Signals<a class="headerlink" href="#data-table-signals" title="Link to this heading">¶</a></h2>
+<p><img alt="screenshot: dt-signals" src="../_images/dt-signals.png" /></p>
+<section id="api-name">
+<h3>API Name:<a class="headerlink" href="#api-name" title="Link to this heading">¶</a></h3>
+<p>sumo_logic_insight_signals_dt</p>
+</section>
+<section id="columns">
+<h3>Columns:<a class="headerlink" href="#columns" title="Link to this heading">¶</a></h3>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Column Name</p></th>
+<th class="head"><p>API Access Name</p></th>
+<th class="head"><p>Type</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Description</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_signal_description</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Name</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_signal_name</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Rule ID</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_signal_rule_id</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Severity</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_signal_severity</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Signal ID</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_signal_id</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Stage</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_signal_stage</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Timestamp</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_signal_timestamp</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+</section>
+<hr class="docutils" />
+<section id="custom-fields">
+<h2>Custom Fields<a class="headerlink" href="#custom-fields" title="Link to this heading">¶</a></h2>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Label</p></th>
+<th class="head"><p>API Access Name</p></th>
+<th class="head"><p>Type</p></th>
+<th class="head"><p>Prefix</p></th>
+<th class="head"><p>Placeholder</p></th>
+<th class="head"><p>Tooltip</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Insight Assignee</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_assignee</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Insight Global Confidence</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_global_confidence</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Insight ID</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_id</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Insight Link</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_link</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">textarea</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Insight Readable ID</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_readable_id</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Insight Resolution</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_resolution</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Insight Source</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_source</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Insight Status</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_status</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-even"><td><p>Insight Sub Resolution</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_sub_resolution</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+<tr class="row-odd"><td><p>Insight Tags</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">sumo_logic_insight_tags</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">properties</span></code></p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
+<hr class="docutils" />
+<section id="troubleshooting-support">
+<h2>Troubleshooting &amp; Support<a class="headerlink" href="#troubleshooting-support" title="Link to this heading">¶</a></h2>
+<p>Refer to the documentation listed in the Requirements section for troubleshooting information.</p>
+<section id="for-support">
+<h3>For Support<a class="headerlink" href="#for-support" title="Link to this heading">¶</a></h3>
+<p>This is an IBM supported app. Please search <a class="reference external" href="https://ibm.com/mysupport">ibm.com/mysupport</a> for assistance.</p>
+</section>
+</section>
+</section>
+
+        </article>
+      </div>
+      <footer>
+        
+        <div class="related-pages">
+          <a class="next-page" href="../fn_task_utils/README.html">
+              <div class="page-info">
+                <div class="context">
+                  <span>Next</span>
+                </div>
+                <div class="title">Task Utilities</div>
+              </div>
+              <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
+            </a>
+          <a class="prev-page" href="../fn_splunk_integration/README.html">
+              <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
+              <div class="page-info">
+                <div class="context">
+                  <span>Previous</span>
+                </div>
+                
+                <div class="title">Splunk</div>
+                
+              </div>
+            </a>
+        </div>
+        <div class="bottom-of-page">
+          <div class="left-details">
+            <div class="copyright">
+                Copyright &#169; 
+            </div>
+            Made with <a href="https://www.sphinx-doc.org/">Sphinx</a> and <a class="muted-link" href="https://pradyunsg.me">@pradyunsg</a>'s
+            
+            <a href="https://github.com/pradyunsg/furo">Furo</a>
+            
+          </div>
+          <div class="right-details">
+            
+          </div>
+        </div>
+        
+      </footer>
+    </div>
+    <aside class="toc-drawer">
+      
+      
+      <div class="toc-sticky toc-scroll">
+        <div class="toc-title-container">
+          <span class="toc-title">
+            On this page
+          </span>
+        </div>
+        <div class="toc-tree-container">
+          <div class="toc-tree">
+            <ul>
+<li><a class="reference internal" href="#">Sumo Logic Cloud SIEM</a><ul>
+<li><a class="reference internal" href="#table-of-contents">Table of Contents</a></li>
+<li><a class="reference internal" href="#release-notes">Release Notes</a></li>
+<li><a class="reference internal" href="#overview">Overview</a><ul>
+<li><a class="reference internal" href="#key-features">Key Features</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#requirements">Requirements</a><ul>
+<li><a class="reference internal" href="#soar-platform">SOAR platform</a></li>
+<li><a class="reference internal" href="#cloud-pak-for-security">Cloud Pak for Security</a></li>
+<li><a class="reference internal" href="#proxy-server">Proxy Server</a></li>
+<li><a class="reference internal" href="#python-environment">Python Environment</a></li>
+<li><a class="reference internal" href="#sumo-logic-development-version">Sumo Logic Development Version</a><ul>
+<li><a class="reference internal" href="#prerequisites">Prerequisites</a></li>
+<li><a class="reference internal" href="#configuration">Configuration</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#generate-an-access-key-and-secret-in-sumo-log-analytics-platform">Generate an Access Key and Secret in Sumo Log Analytics Platform</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#id1"></a></li>
+<li><a class="reference internal" href="#installation">Installation</a><ul>
+<li><a class="reference internal" href="#install">Install</a></li>
+<li><a class="reference internal" href="#app-configuration">App Configuration</a></li>
+<li><a class="reference internal" href="#poller-considerations">Poller Considerations</a></li>
+<li><a class="reference internal" href="#insights-filtering">Insights Filtering</a><ul>
+<li><a class="reference internal" href="#polling-filter-examples">Polling Filter Examples</a></li>
+<li><a class="reference internal" href="#poller-templates-for-soar-cases">Poller Templates for SOAR Cases</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a class="reference internal" href="#function-sumo-logic-add-comment-to-insight">Function - Sumo Logic: Add Comment to Insight</a></li>
+<li><a class="reference internal" href="#function-sumo-logic-add-tag-to-insight">Function - Sumo Logic: Add Tag to Insight</a></li>
+<li><a class="reference internal" href="#function-sumo-logic-get-entity">Function - Sumo Logic: Get Entity</a></li>
+<li><a class="reference internal" href="#function-sumo-logic-get-insight-by-id">Function - Sumo Logic: Get Insight By ID</a></li>
+<li><a class="reference internal" href="#function-sumo-logic-get-insights-comments">Function - Sumo Logic: Get Insights Comments</a></li>
+<li><a class="reference internal" href="#function-sumo-logic-get-signal-by-id">Function - Sumo Logic: Get Signal by ID</a></li>
+<li><a class="reference internal" href="#function-sumo-logic-update-insight-status">Function - Sumo Logic: Update Insight Status</a></li>
+<li><a class="reference internal" href="#script-convert-json-to-rich-text-v1-3">Script - Convert JSON to rich text v1.3</a></li>
+<li><a class="reference internal" href="#script-sumo-logic-add-artifacts-from-insight">Script - Sumo Logic: Add Artifacts from Insight</a></li>
+<li><a class="reference internal" href="#script-sumo-logic-populate-signals-data-table">Script - Sumo Logic: Populate Signals Data Table</a></li>
+<li><a class="reference internal" href="#playbooks">Playbooks</a></li>
+<li><a class="reference internal" href="#custom-layouts">Custom Layouts</a></li>
+<li><a class="reference internal" href="#data-table-signals">Data Table - Signals</a><ul>
+<li><a class="reference internal" href="#api-name">API Name:</a></li>
+<li><a class="reference internal" href="#columns">Columns:</a></li>
+</ul>
+</li>
+<li><a class="reference internal" href="#custom-fields">Custom Fields</a></li>
+<li><a class="reference internal" href="#troubleshooting-support">Troubleshooting &amp; Support</a><ul>
+<li><a class="reference internal" href="#for-support">For Support</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+
+          </div>
+        </div>
+      </div>
+      
+      
+    </aside>
+  </div>
+</div><script src="../_static/documentation_options.js?v=5929fcd5"></script>
+    <script src="../_static/doctools.js?v=9a2dae69"></script>
+    <script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
+    <script src="../_static/scripts/furo.js?v=5fa4622c"></script>
+    <script src="../_static/clipboard.min.js?v=a7894cd8"></script>
+    <script src="../_static/copybutton.js?v=f281be69"></script>
+    <script src="../_static/design-tabs.js?v=f930bc37"></script>
+    <script src="../_static/js/custom.js?v=a365c389"></script>
+    </body>
+</html>
\ No newline at end of file
diff --git a/fn_symantec_dlp/README.html b/fn_symantec_dlp/README.html
index 6cd155906..639687a5c 100644
--- a/fn_symantec_dlp/README.html
+++ b/fn_symantec_dlp/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -489,7 +491,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM QRadar SOAR app for Symantec DLP</strong></p>
-<p><img alt="screenshot: main" src="../_images/main66.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main68.png" /></p>
 <p>This app allows bi-directional synchronization between IBM SOAR and Symantec DLP.</p>
 <div class="highlight-none notranslate"><div class="highlight"><pre><span></span>Symantec DLP incidents are escalated to IBM SOAR as cases with the creation of artifacts and notes in SOAR from the incident.
 </pre></div>
diff --git a/fn_task_utils/README.html b/fn_task_utils/README.html
index b9173a165..3f5d77f38 100644
--- a/fn_task_utils/README.html
+++ b/fn_task_utils/README.html
@@ -3,7 +3,7 @@
   <head><meta charset="utf-8"/>
     <meta name="viewport" content="width=device-width,initial-scale=1"/>
     <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
-<link rel="search" title="Search" href="../search.html" /><link rel="next" title="Microsoft Teams" href="../fn_teams/README.html" /><link rel="prev" title="Splunk" href="../fn_splunk_integration/README.html" />
+<link rel="search" title="Search" href="../search.html" /><link rel="next" title="Microsoft Teams" href="../fn_teams/README.html" /><link rel="prev" title="Sumo Logic Cloud SIEM" href="../fn_sumo_logic/README.html" />
 
     <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
         <title>Task Utilities - QRadar SOAR Apps</title>
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -438,7 +440,7 @@ <h1>Task Utilities<a class="headerlink" href="#task-utilities" title="Link to th
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <!-- This description is taken from the in the "description" attribute setup.py file -->
 <p><strong>Resilient Circuits Components for ‘fn_task_utils</strong></p>
-<p><img alt="screenshot: main" src="../_images/main67.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main69.png" /></p>
 <!-- This description is taken from the in the "long_description" attribute setup.py file -->
 <p>Resilient Circuits Components which can be used to manipulate existing tasks or create new ones. Provides functions which can be invoked through standalone example rules or can be integrated as part of a custom workflow</p>
 </section>
@@ -610,14 +612,14 @@ <h2>Support<a class="headerlink" href="#support" title="Link to this heading">¶
               </div>
               <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
             </a>
-          <a class="prev-page" href="../fn_splunk_integration/README.html">
+          <a class="prev-page" href="../fn_sumo_logic/README.html">
               <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
               <div class="page-info">
                 <div class="context">
                   <span>Previous</span>
                 </div>
                 
-                <div class="title">Splunk</div>
+                <div class="title">Sumo Logic Cloud SIEM</div>
                 
               </div>
             </a>
diff --git a/fn_teams/README.html b/fn_teams/README.html
index 18e2d7fb2..bac890169 100644
--- a/fn_teams/README.html
+++ b/fn_teams/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -508,7 +510,7 @@ <h3>2.1.0 Changes<a class="headerlink" href="#changes" title="Link to this headi
 <p>You can continue to use the rules/workflows.
 But migrating to playbooks provides greater functionality along with future app enhancements and bug fixes.</p>
 <hr class="docutils" />
-<p><img alt="screenshot: main.png" src="../_images/main68.png" /></p>
+<p><img alt="screenshot: main.png" src="../_images/main70.png" /></p>
 </section>
 </section>
 <section id="overview">
diff --git a/fn_threatminer/README.html b/fn_threatminer/README.html
index 6f82f5c77..eb39ecd73 100644
--- a/fn_threatminer/README.html
+++ b/fn_threatminer/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_thug/README.html b/fn_thug/README.html
index 64505e384..b8157a70e 100644
--- a/fn_thug/README.html
+++ b/fn_thug/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_timer/README.html b/fn_timer/README.html
index 071cad605..a92a68827 100644
--- a/fn_timer/README.html
+++ b/fn_timer/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_trusteer_ppd/README.html b/fn_trusteer_ppd/README.html
index cabdbe80e..0dae7520a 100644
--- a/fn_trusteer_ppd/README.html
+++ b/fn_trusteer_ppd/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -502,7 +504,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
 <p><strong>IBM SOAR app for Trusteer Pinpoint Detect</strong></p>
 <p>IBM Security® Trusteer® Pinpoint Detect helps organizations quickly and transparently establish digital identity trust throughout a seamless customer experience without compromising on security.</p>
 <p>IBM Security® Trusteer® Pinpoint Detect is real-time, cloud-based risk assessment software that analyzes online identities to differentiate between malicious users and true customers. Trusteer® Pinpoint Detect uses artificial intelligence and machine learning to protect digital channels against account takeover and fraudulent transactions and detect end user devices infected with high-risk malware.</p>
-<p><img alt="screenshot: main" src="../_images/main69.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main71.png" /></p>
 <p>Bi-directional App for Trusteer Pinpoint Detect. Parse emails from Trusteer Pinpoint Detect and create cases in SOAR and sends classification information back to Trusteer.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -765,7 +767,7 @@ <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
   You should save a screenshot "custom_layouts.png" in the doc/screenshots directory and reference it here
 -->
 <p>The following Trusteer Tab custom layout is included in the app:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts30.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts32.png" /></p>
 </section>
 </section>
 <hr class="docutils" />
diff --git a/fn_twilio/README.html b/fn_twilio/README.html
index ce6ceb2ae..458b90259 100644
--- a/fn_twilio/README.html
+++ b/fn_twilio/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_twitter_most_popular/README.html b/fn_twitter_most_popular/README.html
index c88a0394d..9d6e3a747 100644
--- a/fn_twitter_most_popular/README.html
+++ b/fn_twitter_most_popular/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_url_to_dns/README.html b/fn_url_to_dns/README.html
index 16e8a356b..f15bf2c18 100644
--- a/fn_url_to_dns/README.html
+++ b/fn_url_to_dns/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_urlhaus/README.html b/fn_urlhaus/README.html
index 50f1447a7..aced84607 100644
--- a/fn_urlhaus/README.html
+++ b/fn_urlhaus/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -438,28 +440,34 @@ <h1>URLhaus<a class="headerlink" href="#urlhaus" title="Link to this heading">¶
 <hr class="docutils" />
 <section id="release-notes">
 <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this heading">¶</a></h2>
-<!--
-  Specify all changes in this release. Do not remove the release
-  notes of a previous release
--->
-<section id="v1-0-2">
-<h3>v1.0.2<a class="headerlink" href="#v1-0-2" title="Link to this heading">¶</a></h3>
-<ul class="simple">
-<li><p>Added App Host support</p></li>
-</ul>
-</section>
-<section id="v1-0-1">
-<h3>v1.0.1<a class="headerlink" href="#v1-0-1" title="Link to this heading">¶</a></h3>
-<ul class="simple">
-<li><p>Minor bug fix</p></li>
-</ul>
-</section>
-<section id="v1-0-0">
-<h3>v1.0.0<a class="headerlink" href="#v1-0-0" title="Link to this heading">¶</a></h3>
-<ul class="simple">
-<li><p>Initial Release</p></li>
-</ul>
-</section>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Version</p></th>
+<th class="head"><p>Date</p></th>
+<th class="head"><p>Notes</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>v1.0.3</p></td>
+<td><p>09/2024</p></td>
+<td><p>Refresh for SOAR v51.0.0</p></td>
+</tr>
+<tr class="row-odd"><td><p>v1.0.2</p></td>
+<td><p>09/2020</p></td>
+<td><p>Added App Host support</p></td>
+</tr>
+<tr class="row-even"><td><p>v1.0.1</p></td>
+<td><p>03/2020</p></td>
+<td><p>Minor bug fix</p></td>
+</tr>
+<tr class="row-odd"><td><p>v1.0.0</p></td>
+<td><p>03/2019</p></td>
+<td><p>Initial Release</p></td>
+</tr>
+</tbody>
+</table>
+</div>
 </section>
 <hr class="docutils" />
 <section id="overview">
@@ -469,7 +477,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Look up artifacts in URLhaus and submit malicious URLs</strong></p>
-<p><img alt="screenshot: main" src="../_images/main70.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main72.png" /></p>
 <p>Look up supported artifacts in URLhaus to get more enrichment information and submit a malicious URL to the security community</p>
 </section>
 <hr class="docutils" />
@@ -479,8 +487,8 @@ <h2>Requirements<a class="headerlink" href="#requirements" title="Link to this h
   List any Requirements
 -->
 <ul class="simple">
-<li><p>Resilient platform &gt;= <code class="docutils literal notranslate"><span class="pre">v35.0.0</span></code></p></li>
-<li><p>An Integration Server running <code class="docutils literal notranslate"><span class="pre">resilient_circuits&gt;=33.0.0</span></code></p>
+<li><p>Resilient platform &gt;= <code class="docutils literal notranslate"><span class="pre">v51.0.0</span></code></p></li>
+<li><p>An Integration Server running <code class="docutils literal notranslate"><span class="pre">resilient_circuits&gt;=40.0.0</span></code></p>
 <ul>
 <li><p>To set up an Integration Server see: <a class="reference external" href="https://ibm.biz/res-int-server-guide">ibm.biz/res-int-server-guide</a></p></li>
 <li><p>If using API Keys, minimum required permissions are:</p>
@@ -631,21 +639,9 @@ <h3>Resilient-Circuits<a class="headerlink" href="#resilient-circuits" title="Li
 <li><p>Each function will create progress information.</p></li>
 <li><p>Failures will show up as errors and may contain python trace statements.</p></li>
 </ul>
-<hr class="docutils" />
-<!--
-  If necessary, use this section to describe how to configure your security application to work with the integration.
-  Delete this section if the user does not need to perform any configuration procedures on your product.
-
-## Configure <Product_Name>
-
-* Step One
-* Step Two
-* Step Three
-
----
--->
 </section>
 </section>
+<hr class="docutils" />
 <section id="support">
 <h2>Support<a class="headerlink" href="#support" title="Link to this heading">¶</a></h2>
 <div class="table-wrapper colwidths-auto docutils container">
@@ -659,8 +655,8 @@ <h2>Support<a class="headerlink" href="#support" title="Link to this heading">¶
 </thead>
 <tbody>
 <tr class="row-even"><td><p>fn_urlhaus</p></td>
-<td><p>1.0.2</p></td>
-<td><p>Resilient Labs</p></td>
+<td><p>1.0.3</p></td>
+<td><p>IBM SOAR</p></td>
 <td><p>https://ibm.biz/resilientcommunity</p></td>
 </tr>
 </tbody>
@@ -725,12 +721,7 @@ <h2>Support<a class="headerlink" href="#support" title="Link to this heading">¶
           <div class="toc-tree">
             <ul>
 <li><a class="reference internal" href="#">URLhaus</a><ul>
-<li><a class="reference internal" href="#release-notes">Release Notes</a><ul>
-<li><a class="reference internal" href="#v1-0-2">v1.0.2</a></li>
-<li><a class="reference internal" href="#v1-0-1">v1.0.1</a></li>
-<li><a class="reference internal" href="#v1-0-0">v1.0.0</a></li>
-</ul>
-</li>
+<li><a class="reference internal" href="#release-notes">Release Notes</a></li>
 <li><a class="reference internal" href="#overview">Overview</a></li>
 <li><a class="reference internal" href="#requirements">Requirements</a></li>
 <li><a class="reference internal" href="#installation-app-host">Installation (App Host)</a></li>
diff --git a/fn_urlscanio/README.html b/fn_urlscanio/README.html
index 2ed16a77d..d986c7154 100644
--- a/fn_urlscanio/README.html
+++ b/fn_urlscanio/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_utilities/README.html b/fn_utilities/README.html
index e54f07804..ab93fd057 100644
--- a/fn_utilities/README.html
+++ b/fn_utilities/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -507,7 +509,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Useful workflow functions for common automation and integration activities in the SOAR platform</strong></p>
-<p><img alt="screenshot: main" src="../_images/main71.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main73.png" /></p>
 <p>SOAR functions simplify development of integrations by wrapping each external activity into an individual workflow component. These components can be easily installed, then used and combined in SOAR workflows. The SOAR platform sends data to the function component that performs an activity then returns the results to the workflow. The results can be acted upon by scripts, rules, and workflow decision points to dynamically orchestrate the security incident response activities</p>
 </section>
 <hr class="docutils" />
diff --git a/fn_virustotal/README.html b/fn_virustotal/README.html
index d6a268499..24b5a24a6 100644
--- a/fn_virustotal/README.html
+++ b/fn_virustotal/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -508,7 +510,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR app for VirusTotal</strong></p>
-<p><img alt="screenshot: main" src="../_images/main72.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main74.png" /></p>
 <p>The VirusTotal app for SOAR performs VirusTotal analysis on IP Addresses, URLs, hashes, domain and file artifacts and on file attachments.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_vmray_analyzer/README.html b/fn_vmray_analyzer/README.html
index dc4e17888..9a8dfb2fe 100644
--- a/fn_vmray_analyzer/README.html
+++ b/fn_vmray_analyzer/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_vmware_cbc/README.html b/fn_vmware_cbc/README.html
index c5ad4521b..217284a2f 100644
--- a/fn_vmware_cbc/README.html
+++ b/fn_vmware_cbc/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -555,7 +557,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR app bidirectional synchronization and functions for VMware Carbon Black Cloud</strong></p>
-<p><img alt="screenshot: main" src="../_images/main73.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main75.png" /></p>
 <p>Provide bidirectional synchronization and functions for VMware Carbon Black Cloud<br></p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -884,7 +886,7 @@ <h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link
 <section id="custom-layouts">
 <h3>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to this heading">¶</a></h3>
 <p>The app automatically creates a custom <code class="docutils literal notranslate"><span class="pre">Carbon</span> <span class="pre">Black</span> <span class="pre">Cloud</span></code> tab on first run after installation:</p>
-<p><img alt="screenshot: custom_layouts " src="../_images/custom_layouts31.png" /></p>
+<p><img alt="screenshot: custom_layouts " src="../_images/custom_layouts33.png" /></p>
 </section>
 <section id="poller-considerations">
 <h3>Poller Considerations<a class="headerlink" href="#poller-considerations" title="Link to this heading">¶</a></h3>
@@ -2967,7 +2969,7 @@ <h2>Custom Layouts<a class="headerlink" href="#id2" title="Link to this heading"
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts31.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts33.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_watson_translate/README.html b/fn_watson_translate/README.html
index d59148c39..49f96c60d 100644
--- a/fn_watson_translate/README.html
+++ b/fn_watson_translate/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_webex/README.html b/fn_webex/README.html
index f741f387b..fc0938013 100644
--- a/fn_webex/README.html
+++ b/fn_webex/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/fn_whois/README.html b/fn_whois/README.html
index f347bd9e9..535de7408 100644
--- a/fn_whois/README.html
+++ b/fn_whois/README.html
@@ -3,7 +3,7 @@
   <head><meta charset="utf-8"/>
     <meta name="viewport" content="width=device-width,initial-scale=1"/>
     <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
-<link rel="search" title="Search" href="../search.html" /><link rel="next" title="Whois RDAP" href="../fn_whois_rdap/README.html" /><link rel="prev" title="Cisco Webex" href="../fn_webex/README.html" />
+<link rel="search" title="Search" href="../search.html" /><link rel="next" title="fn_whois_rdap" href="../fn_whois_rdap/README.html" /><link rel="prev" title="Cisco Webex" href="../fn_webex/README.html" />
 
     <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
         <title>Whois - QRadar SOAR Apps</title>
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -581,7 +583,7 @@ <h2>Rules<a class="headerlink" href="#rules" title="Link to this heading">¶</a>
                 <div class="context">
                   <span>Next</span>
                 </div>
-                <div class="title">Whois RDAP</div>
+                <div class="title">fn_whois_rdap</div>
               </div>
               <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
             </a>
diff --git a/fn_whois_rdap/README.html b/fn_whois_rdap/README.html
index aa9ead25a..5215fbc82 100644
--- a/fn_whois_rdap/README.html
+++ b/fn_whois_rdap/README.html
@@ -6,7 +6,7 @@
 <link rel="search" title="Search" href="../search.html" /><link rel="next" title="SOAR Wiki" href="../fn_wiki/README.html" /><link rel="prev" title="Whois" href="../fn_whois/README.html" />
 
     <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
-        <title>Whois RDAP - QRadar SOAR Apps</title>
+        <title>fn_whois_rdap - QRadar SOAR Apps</title>
       <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=a746c00c" />
     <link rel="stylesheet" type="text/css" href="../_static/styles/furo.css?v=354aac6f" />
     <link rel="stylesheet" type="text/css" href="../_static/copybutton.css?v=76b2166b" />
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Whois RDAP</a></li>
+<li class="toctree-l1 current current-page"><a class="current reference internal" href="#">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -410,34 +412,59 @@
           </label>
         </div>
         <article role="main" id="furo-main-content">
-          <section id="whois-rdap">
-<h1>Whois RDAP<a class="headerlink" href="#whois-rdap" title="Link to this heading">¶</a></h1>
+          <!--
+  This README.md is generated by running:
+  "resilient-sdk docgen -p fn_whois_rdap"
+
+  This file was generated with resilient-sdk v51.0.2.2.1096
+
+  It is best edited using a Text Editor with a Markdown Previewer. VS Code
+  is a good example. Checkout https://guides.github.com/features/mastering-markdown/
+  for tips on writing with Markdown
+
+  All fields followed by "::CHANGE_ME::"" should be manually edited
+
+  If you make manual edits and run docgen again, a .bak file will be created
+
+  Store any screenshots in the "doc/screenshots" directory and reference them like:
+  ![screenshot: screenshot_1](./screenshots/screenshot_1.png)
+
+  NOTE: If your app is available in the container-format only, there is no need to mention the integration server in this readme.
+-->
+<section id="fn-whois-rdap">
+<h1>fn_whois_rdap<a class="headerlink" href="#fn-whois-rdap" title="Link to this heading">¶</a></h1>
+<section id="table-of-contents">
+<h2>Table of Contents<a class="headerlink" href="#table-of-contents" title="Link to this heading">¶</a></h2>
 <ul class="simple">
-<li><p><a class="reference internal" href="#fn-whois-rdap-functions-for-ibm-resilient"><span class="xref myst">fn-whois-rdap Functions for IBM Resilient</span></a></p>
-<ul>
 <li><p><a class="reference internal" href="#release-notes"><span class="xref myst">Release Notes</span></a></p></li>
-<li><p><a class="reference internal" href="#overview"><span class="xref myst">Overview</span></a></p></li>
-<li><p><a class="reference internal" href="#requirements"><span class="xref myst">Requirements</span></a></p></li>
-<li><p><a class="reference internal" href="#installation"><span class="xref myst">Installation</span></a></p></li>
-<li><p><a class="reference internal" href="#function---RDAP:-query"><span class="xref myst">Function - RDAP: Query</span></a></p></li>
-<li><p><a class="reference internal" href="#function---whois:-query"><span class="xref myst">Function - WHOIS: Query</span></a></p></li>
-<li><p><a class="reference internal" href="#troubleshooting"><span class="xref myst">Troubleshooting</span></a></p>
+<li><p><a class="reference internal" href="#overview"><span class="xref myst">Overview</span></a></p>
 <ul>
-<li><p><a class="reference internal" href="#resilient-action-status"><span class="xref myst">Resilient Action Status</span></a></p></li>
-<li><p><a class="reference internal" href="#resilient-scripting-log"><span class="xref myst">Resilient Scripting Log</span></a></p></li>
-<li><p><a class="reference internal" href="#resilient-logs"><span class="xref myst">Resilient Logs</span></a></p></li>
-<li><p><a class="reference internal" href="#resilient-circuits"><span class="xref myst">Resilient-Circuits</span></a></p></li>
+<li><p><a class="reference internal" href="#key-features"><span class="xref myst">Key Features</span></a></p></li>
 </ul>
 </li>
-<li><p><a class="reference internal" href="#support"><span class="xref myst">Support</span></a></p></li>
+<li><p><a class="reference internal" href="#requirements"><span class="xref myst">Requirements</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#soar-platform"><span class="xref myst">SOAR platform</span></a></p></li>
+<li><p><a class="reference internal" href="#cloud-pak-for-security"><span class="xref myst">Cloud Pak for Security</span></a></p></li>
+<li><p><a class="reference internal" href="#proxy-server"><span class="xref myst">Proxy Server</span></a></p></li>
+<li><p><a class="reference internal" href="#python-environment"><span class="xref myst">Python Environment</span></a></p></li>
+</ul>
+</li>
+<li><p><a class="reference internal" href="#installation"><span class="xref myst">Installation</span></a></p>
+<ul>
+<li><p><a class="reference internal" href="#install"><span class="xref myst">Install</span></a></p></li>
+<li><p><a class="reference internal" href="#app-configuration"><span class="xref myst">App Configuration</span></a></p></li>
 </ul>
 </li>
+<li><p><a class="reference internal" href="#function---rdap-query"><span class="xref myst">Function - RDAP: Query</span></a></p></li>
+<li><p><a class="reference internal" href="#function---whois-query"><span class="xref myst">Function - WHOIS: query</span></a></p></li>
+<li><p><a class="reference internal" href="#rules"><span class="xref myst">Rules</span></a></p></li>
+<li><p><a class="reference internal" href="#troubleshooting--support"><span class="xref myst">Troubleshooting &amp; Support</span></a></p></li>
 </ul>
+</section>
 <hr class="docutils" />
 <section id="release-notes">
 <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this heading">¶</a></h2>
-<section id="history">
-<h3>History<a class="headerlink" href="#history" title="Link to this heading">¶</a></h3>
 <div class="table-wrapper colwidths-auto docutils container">
 <table class="docutils align-default">
 <thead>
@@ -447,6 +474,14 @@ <h3>History<a class="headerlink" href="#history" title="Link to this heading">¶
 </tr>
 </thead>
 <tbody>
+<tr class="row-even"><td class="text-right"><p>1.0.6</p></td>
+<td class="text-right"><p>9/2024</p></td>
+<td><p>Refresh app for v51.0.0</p></td>
+</tr>
+<tr class="row-odd"><td class="text-right"><p>1.0.5</p></td>
+<td class="text-right"><p>4/2022</p></td>
+<td><p>Bug fixes</p></td>
+</tr>
 <tr class="row-even"><td class="text-right"><p>1.0.4</p></td>
 <td class="text-right"><p>6/2021</p></td>
 <td><p>Bug fix ipwhois version pin</p></td>
@@ -457,7 +492,7 @@ <h3>History<a class="headerlink" href="#history" title="Link to this heading">¶
 </tr>
 <tr class="row-even"><td class="text-right"><p>1.0.2</p></td>
 <td class="text-right"><p>4/2020</p></td>
-<td><p>bug fixes</p></td>
+<td><p>Bug fixes</p></td>
 </tr>
 <tr class="row-odd"><td class="text-right"><p>1.0.1</p></td>
 <td class="text-right"><p>4/2020</p></td>
@@ -471,13 +506,12 @@ <h3>History<a class="headerlink" href="#history" title="Link to this heading">¶
 </table>
 </div>
 </section>
-</section>
 <hr class="docutils" />
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Retrieve registry information for IP, URL or DNS Artifacts</strong></p>
-<p><img alt="screenshot: main" src="../_images/main74.png" /></p>
-<p>This integration retrieves registry information (via legacy WHOIS or new RDAP protocol) for IP, URL or DNS Artifacts that provides enrichment and threat intelligence on suspicious address. The information is added directly to artifact description and can include dns-zone, asn and asn description &amp; other useful metadata.</p>
+<p><img alt="screenshot: main" src="../_images/main76.png" /></p>
+<p>This integration retrieves registry information (via legacy WHOIS or new RDAP protocol) for IP, URL or DNS Artifacts that provides enrichment and threat intelligence on suspicious address. The information is added directly to artifact description and can include dns-zone, asn, and asn description &amp; other useful metadata.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
 <!--
@@ -493,63 +527,120 @@ <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this h
 <hr class="docutils" />
 <section id="requirements">
 <h2>Requirements<a class="headerlink" href="#requirements" title="Link to this heading">¶</a></h2>
+<p>This app supports the IBM Security QRadar SOAR Platform and the IBM Security QRadar SOAR for IBM Cloud Pak for Security.</p>
+<section id="soar-platform">
+<h3>SOAR platform<a class="headerlink" href="#soar-platform" title="Link to this heading">¶</a></h3>
+<p>The SOAR platform supports two app deployment mechanisms, Edge Gateway (also known as App Host) and integration server.</p>
+<p>If deploying to a SOAR platform with an App Host, the requirements are:</p>
 <ul class="simple">
-<li><p>IBM Resilient &gt;= <code class="docutils literal notranslate"><span class="pre">v35.0.5468</span></code></p></li>
-<li><p>An App Host environment or an Integration Server running <code class="docutils literal notranslate"><span class="pre">resilient_circuits&gt;=32.0.0</span></code></p>
-<ul>
-<li><p>To setup an Integration Server see <a class="reference external" href="https://www.ibm.com/support/knowledgecenter/SSBRUQ_37.0.0/doc/container_apps.html">the Integration Server setup documentation</a></p></li>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0.0.9340</span></code>.</p></li>
+<li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
 </ul>
+<p>If deploying to a SOAR platform with an integration server, the requirements are:</p>
+<ul>
+<li><p>SOAR platform &gt;= <code class="docutils literal notranslate"><span class="pre">51.0.0.0.9340</span></code>.</p></li>
+<li><p>The app is in the older integration format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file which contains a <code class="docutils literal notranslate"><span class="pre">tar.gz</span></code> file).</p></li>
+<li><p>Integration server is running <code class="docutils literal notranslate"><span class="pre">resilient_circuits&gt;=44.1.0</span></code>.</p></li>
+<li><p>If using an API key account, make sure the account provides the following minimum permissions:</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Name</p></th>
+<th class="head"><p>Permissions</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Org Data</p></td>
+<td><p>Read</p></td>
+</tr>
+<tr class="row-odd"><td><p>Function</p></td>
+<td><p>Read</p></td>
+</tr>
+</tbody>
+</table>
+</div>
 </li>
 </ul>
+<p>The following SOAR platform guides provide additional information:</p>
+<ul class="simple">
+<li><p><em>Edge Gateway Deployment Guide</em> or <em>App Host Deployment Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings.</p></li>
+<li><p><em>Integration Server Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings.</p></li>
+<li><p><em>System Administrator Guide</em>: provides the procedure to install, configure and deploy apps.</p></li>
+</ul>
+<p>The above guides are available on the IBM Documentation website at <a class="reference external" href="https://ibm.biz/soar-docs">ibm.biz/soar-docs</a>. On this web page, select your SOAR platform version. On the follow-on page, you can find the <em>Edge Gateway Deployment Guide</em>, <em>App Host Deployment Guide</em>, or <em>Integration Server Guide</em> by expanding <strong>Apps</strong> in the Table of Contents pane. The System Administrator Guide is available by expanding <strong>System Administrator</strong>.</p>
+</section>
+<section id="cloud-pak-for-security">
+<h3>Cloud Pak for Security<a class="headerlink" href="#cloud-pak-for-security" title="Link to this heading">¶</a></h3>
+<p>If you are deploying to IBM Cloud Pak for Security, the requirements are:</p>
+<ul class="simple">
+<li><p>IBM Cloud Pak for Security &gt;= <code class="docutils literal notranslate"><span class="pre">1.10.15</span></code>.</p></li>
+<li><p>Cloud Pak is configured with an Edge Gateway.</p></li>
+<li><p>The app is in a container-based format (available from the AppExchange as a <code class="docutils literal notranslate"><span class="pre">zip</span></code> file).</p></li>
+</ul>
+<p>The following Cloud Pak guides provide additional information:</p>
+<ul class="simple">
+<li><p><em>Edge Gateway Deployment Guide</em> or <em>App Host Deployment Guide</em>: provides installation, configuration, and troubleshooting information, including proxy server settings. From the Table of Contents, select Case Management and Orchestration &amp; Automation &gt; <strong>Orchestration and Automation Apps</strong>.</p></li>
+<li><p><em>System Administrator Guide</em>: provides information to install, configure, and deploy apps. From the IBM Cloud Pak for Security IBM Documentation table of contents, select Case Management and Orchestration &amp; Automation &gt; <strong>System administrator</strong>.</p></li>
+</ul>
+<p>These guides are available on the IBM Documentation website at <a class="reference external" href="https://ibm.biz/cp4s-docs">ibm.biz/cp4s-docs</a>. From this web page, select your IBM Cloud Pak for Security version. From the version-specific IBM Documentation page, select Case Management and Orchestration &amp; Automation.</p>
+</section>
+<section id="proxy-server">
+<h3>Proxy Server<a class="headerlink" href="#proxy-server" title="Link to this heading">¶</a></h3>
+<p>The app <strong>does</strong> support a proxy server.</p>
+</section>
+<section id="python-environment">
+<h3>Python Environment<a class="headerlink" href="#python-environment" title="Link to this heading">¶</a></h3>
+<p>Python 3.9, 3.11, and 3.12 are officially supported. When deployed as an app, the app runs on Python 3.11.
+Additional package dependencies may exist for each of these packages:</p>
+<ul class="simple">
+<li><p>future~=0.18</p></li>
+<li><p>ipwhois==1.1.0</p></li>
+<li><p>requests-file==1.5.1; python_version&lt;=’3.6’</p></li>
+<li><p>resilient_circuits&gt;=44.1.0</p></li>
+<li><p>tldextract~=2.2; python_version&lt;”3.0”</p></li>
+<li><p>tldextract~=3.0; python_version&gt;=”3.0”</p></li>
+</ul>
+</section>
 </section>
 <hr class="docutils" />
 <section id="installation">
 <h2>Installation<a class="headerlink" href="#installation" title="Link to this heading">¶</a></h2>
-<section id="app-host-installation">
-<h3>App Host Installation<a class="headerlink" href="#app-host-installation" title="Link to this heading">¶</a></h3>
-<p>All the components for running Whois in a container already exist when using the App Host app. Once installed, review the app.config file in the Customizations tab.</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">fn_whois_rdap</span><span class="p">]</span>
-<span class="c1"># uncomment to include proxy support</span>
-<span class="c1">#http_proxy=https://some_proxy.com</span>
-<span class="c1">#https_proxy=http://some_proxy.com</span>
-</pre></div>
-</div>
+<section id="install">
+<h3>Install<a class="headerlink" href="#install" title="Link to this heading">¶</a></h3>
+<ul class="simple">
+<li><p>To install or uninstall an App or Integration on the <em>SOAR platform</em>, see the documentation at <a class="reference external" href="https://ibm.biz/soar-docs">ibm.biz/soar-docs</a>.</p></li>
+<li><p>To install or uninstall an App on <em>IBM Cloud Pak for Security</em>, see the documentation at <a class="reference external" href="https://ibm.biz/cp4s-docs">ibm.biz/cp4s-docs</a> and follow the instructions above to navigate to Orchestration and Automation.</p></li>
+</ul>
 </section>
-<section id="integration-server-installation">
-<h3>Integration Server Installation<a class="headerlink" href="#integration-server-installation" title="Link to this heading">¶</a></h3>
-<ul>
-<li><p>Download the <code class="docutils literal notranslate"><span class="pre">app-fn_whois_rdap-x.x.x-nnnn.zip</span></code>.</p></li>
-<li><p>Copy the <code class="docutils literal notranslate"><span class="pre">.zip</span></code> to your Integration Server and SSH into it.</p></li>
-<li><p><strong>Unzip</strong> the package:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ unzip app-fn_whois_rdap-x.x.x-nnnn.zip
-</pre></div>
-</div>
-</li>
-<li><p><strong>Install</strong> the package:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ pip install fn_whois_rdap-x.x.x.tar.gz
-</pre></div>
-</div>
-</li>
-<li><p>Import the fn_whois_rdap <strong>customizations</strong> into the Resilient platform:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ resilient-circuits customize -y -l fn-whois-rdap
-</pre></div>
-</div>
-</li>
-<li><p><strong>Run</strong> resilient-circuits or restart the Service on Windows/Linux:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ resilient-circuits run
-</pre></div>
-</div>
-</li>
-<li><p><strong>Uninstall</strong> the package:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ pip uninstall fn-whois-rdap
-</pre></div>
+<section id="app-configuration">
+<h3>App Configuration<a class="headerlink" href="#app-configuration" title="Link to this heading">¶</a></h3>
+<p>The following table provides the settings you need to configure the app. These settings are made in the app.config file. See the documentation discussed in the Requirements section for the procedure.</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Config</p></th>
+<th class="head text-center"><p>Required</p></th>
+<th class="head"><p>Example</p></th>
+<th class="head"><p>Description</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>http_proxy</p></td>
+<td class="text-center"><p>No</p></td>
+<td><p>http://<proxy ip></p></td>
+<td><p>HTTP proxy, if used</p></td>
+</tr>
+<tr class="row-odd"><td><p>https_proxy</p></td>
+<td class="text-center"><p>No</p></td>
+<td><p>https://<proxy ip></p></td>
+<td><p>HTTPS proxy, if used</p></td>
+</tr>
+</tbody>
+</table>
 </div>
-</li>
-</ul>
-<hr class="docutils" />
-<p><img alt="screenshot: fn-rdap-query " src="../_images/workflows.png" /></p>
 </section>
 </section>
+<hr class="docutils" />
 <section id="function-rdap-query">
 <h2>Function - RDAP: Query<a class="headerlink" href="#function-rdap-query" title="Link to this heading">¶</a></h2>
 <p>Using ipwhois library to make general queries in RDAP format</p>
@@ -571,13 +662,13 @@ <h2>Function - RDAP: Query<a class="headerlink" href="#function-rdap-query" titl
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">number</span></code></p></td>
 <td class="text-center"><p>Yes</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">0</span></code></p></td>
-<td><p>0, 1 or 2</p></td>
+<td><p>Can be 0, 1 or 2</p></td>
 </tr>
 <tr class="row-odd"><td><p><code class="docutils literal notranslate"><span class="pre">rdap_query</span></code></p></td>
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
 <td class="text-center"><p>Yes</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">ibm.com</span></code></p></td>
-<td><p>IP, URL or DNS</p></td>
+<td><p>IP, URL or DNS Artifact</p></td>
 </tr>
 </tbody>
 </table>
@@ -586,159 +677,307 @@ <h2>Function - RDAP: Query<a class="headerlink" href="#function-rdap-query" titl
 </details>
 <details><summary>Outputs:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span><span class="s1">&#39;content&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;asn&#39;</span><span class="p">:</span> <span class="s1">&#39;16807&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_cidr&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.38.0/24&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_country_code&#39;</span><span class="p">:</span> <span class="s1">&#39;US&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_date&#39;</span><span class="p">:</span> <span class="s1">&#39;1987-07-29&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_description&#39;</span><span class="p">:</span> <span class="s1">&#39;IBM-EI - IBM - Events Infrastructure, US&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_registry&#39;</span><span class="p">:</span> <span class="s1">&#39;arin&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;display_content&#39;</span><span class="p">:</span> <span class="s1">&#39;{ &#39;</span>
-                                <span class="s1">&#39;&quot;nir&quot;:false,&quot;asn_registry&quot;:&quot;arin&quot;,&quot;asn&quot;:&quot;16807&quot;,&quot;asn_cidr&quot;:&quot;129.42.38.0/24&quot;,&quot;asn_country_code&quot;:&quot;US&quot;,&quot;asn_date&quot;:&quot;1987-07-29&quot;,&quot;asn_description&quot;:&quot;IBM-EI &#39;</span>
-                                <span class="s1">&#39;- IBM - Events Infrastructure, &#39;</span>
-                                <span class="s1">&#39;US&quot;,&quot;query&quot;:&quot;129.42.38.10&quot;,&quot;network&quot;:{ &#39;</span>
-                                <span class="s1">&#39;&quot;handle&quot;:&quot;NET-129-42-0-0-1&quot;,&quot;remarks&quot;:false,&quot;raw&quot;:false,&quot;start_address&quot;:&quot;129.42.0.0&quot;,&quot;end_address&quot;:&quot;129.42.255.255&quot;,&quot;cidr&quot;:&quot;129.42.0.0/16&quot;,&quot;ip_version&quot;:&quot;v4&quot;,&quot;type&quot;:&quot;DIRECT &#39;</span>
-                                <span class="s1">&#39;ASSIGNMENT&quot;,&quot;name&quot;:&quot;IBM-RSCH-NET2&quot;,&quot;country&quot;:false,&quot;parent_handle&quot;:&quot;NET-129-0-0-0-0&quot; &#39;</span>
-                                <span class="s1">&#39;},&quot;objects&quot;:{ &quot;IBM-1&quot;:{ &#39;</span>
-                                <span class="s1">&#39;&quot;handle&quot;:&quot;IBM-1&quot;,&quot;status&quot;:false,&quot;remarks&quot;:false,&quot;notices&quot;:false,&quot;raw&quot;:false,&quot;contact&quot;:{ &#39;</span>
-                                <span class="s1">&#39;&quot;name&quot;:&quot;IBM&quot;,&quot;kind&quot;:&quot;org&quot;,&quot;phone&quot;:false,&quot;email&quot;:false,&quot;role&quot;:false,&quot;title&quot;:false &#39;</span>
-                                <span class="s1">&#39;},&quot;events_actor&quot;:false } &#39;</span>
-                                <span class="s1">&#39;},&quot;raw&quot;:false,&quot;dns_zone&quot;:&quot;10.38.42.129.origin.asn.cymru.com&quot; &#39;</span>
-                                <span class="s1">&#39;}&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;dns_zone&#39;</span><span class="p">:</span> <span class="s1">&#39;10.38.42.129.origin.asn.cymru.com&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;entities&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;IBM-1&#39;</span><span class="p">],</span>
-             <span class="s1">&#39;network&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;cidr&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.0.0/16&#39;</span><span class="p">,</span>
-                         <span class="s1">&#39;country&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                         <span class="s1">&#39;end_address&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.255.255&#39;</span><span class="p">,</span>
-                         <span class="s1">&#39;events&#39;</span><span class="p">:</span> <span class="p">[{</span><span class="s1">&#39;action&#39;</span><span class="p">:</span> <span class="s1">&#39;last changed&#39;</span><span class="p">,</span>
-                                     <span class="s1">&#39;actor&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                     <span class="s1">&#39;timestamp&#39;</span><span class="p">:</span> <span class="s1">&#39;2015-10-20T16:09:08-04:00&#39;</span><span class="p">},</span>
-                                    <span class="p">{</span><span class="s1">&#39;action&#39;</span><span class="p">:</span> <span class="s1">&#39;registration&#39;</span><span class="p">,</span>
-                                     <span class="s1">&#39;actor&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                     <span class="s1">&#39;timestamp&#39;</span><span class="p">:</span> <span class="s1">&#39;1987-07-28T23:00:00-04:00&#39;</span><span class="p">}],</span>
-                         <span class="s1">&#39;handle&#39;</span><span class="p">:</span> <span class="s1">&#39;NET-129-42-0-0-1&#39;</span><span class="p">,</span>
-                         <span class="s1">&#39;ip_version&#39;</span><span class="p">:</span> <span class="s1">&#39;v4&#39;</span><span class="p">,</span>
-                         <span class="s1">&#39;links&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;https://rdap.arin.net/registry/ip/129.42.0.0&#39;</span><span class="p">,</span>
-                                   <span class="s1">&#39;https://whois.arin.net/rest/net/NET-129-42-0-0-1&#39;</span><span class="p">],</span>
-                         <span class="s1">&#39;name&#39;</span><span class="p">:</span> <span class="s1">&#39;IBM-RSCH-NET2&#39;</span><span class="p">,</span>
-                         <span class="s1">&#39;notices&#39;</span><span class="p">:</span> <span class="p">[{</span><span class="s1">&#39;description&#39;</span><span class="p">:</span> <span class="s1">&#39;By using the ARIN &#39;</span>
-                                                     <span class="s1">&#39;RDAP/Whois service, you &#39;</span>
-                                                     <span class="s1">&#39;are agreeing to the &#39;</span>
-                                                     <span class="s1">&#39;RDAP/Whois Terms of Use&#39;</span><span class="p">,</span>
-                                      <span class="s1">&#39;links&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;https://www.arin.net/resources/registry/whois/tou/&#39;</span><span class="p">],</span>
-                                      <span class="s1">&#39;title&#39;</span><span class="p">:</span> <span class="s1">&#39;Terms of Service&#39;</span><span class="p">},</span>
-                                     <span class="p">{</span><span class="s1">&#39;description&#39;</span><span class="p">:</span> <span class="s1">&#39;If you see inaccuracies &#39;</span>
-                                                     <span class="s1">&#39;in the results, please &#39;</span>
-                                                     <span class="s1">&#39;visit: &#39;</span><span class="p">,</span>
-                                      <span class="s1">&#39;links&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;https://www.arin.net/resources/registry/whois/inaccuracy_reporting/&#39;</span><span class="p">],</span>
-                                      <span class="s1">&#39;title&#39;</span><span class="p">:</span> <span class="s1">&#39;Whois Inaccuracy Reporting&#39;</span><span class="p">},</span>
-                                     <span class="p">{</span><span class="s1">&#39;description&#39;</span><span class="p">:</span> <span class="s1">&#39;Copyright 1997-2019, &#39;</span>
-                                                     <span class="s1">&#39;American Registry for &#39;</span>
-                                                     <span class="s1">&#39;Internet Numbers, Ltd.&#39;</span><span class="p">,</span>
-                                      <span class="s1">&#39;links&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                      <span class="s1">&#39;title&#39;</span><span class="p">:</span> <span class="s1">&#39;Copyright Notice&#39;</span><span class="p">}],</span>
-                         <span class="s1">&#39;parent_handle&#39;</span><span class="p">:</span> <span class="s1">&#39;NET-129-0-0-0-0&#39;</span><span class="p">,</span>
-                         <span class="s1">&#39;raw&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                         <span class="s1">&#39;remarks&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                         <span class="s1">&#39;start_address&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.0.0&#39;</span><span class="p">,</span>
-                         <span class="s1">&#39;status&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;active&#39;</span><span class="p">],</span>
-                         <span class="s1">&#39;type&#39;</span><span class="p">:</span> <span class="s1">&#39;DIRECT ASSIGNMENT&#39;</span><span class="p">},</span>
-             <span class="s1">&#39;nir&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-             <span class="s1">&#39;objects&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;IBM-1&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;contact&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;address&#39;</span><span class="p">:</span> <span class="p">[{</span><span class="s1">&#39;type&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                                            <span class="s1">&#39;value&#39;</span><span class="p">:</span> <span class="s1">&#39;3039 &#39;</span>
-                                                                     <span class="s1">&#39;Cornwallis &#39;</span>
-                                                                     <span class="s1">&#39;Road</span><span class="se">\n</span><span class="s1">&#39;</span>
-                                                                     <span class="s1">&#39;Research &#39;</span>
-                                                                     <span class="s1">&#39;Triangle &#39;</span>
-                                                                     <span class="s1">&#39;Park</span><span class="se">\n</span><span class="s1">&#39;</span>
-                                                                     <span class="s1">&#39;NC</span><span class="se">\n</span><span class="s1">&#39;</span>
-                                                                     <span class="s1">&#39;27709-2195</span><span class="se">\n</span><span class="s1">&#39;</span>
-                                                                     <span class="s1">&#39;United &#39;</span>
-                                                                     <span class="s1">&#39;States&#39;</span><span class="p">}],</span>
-                                               <span class="s1">&#39;email&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                               <span class="s1">&#39;kind&#39;</span><span class="p">:</span> <span class="s1">&#39;org&#39;</span><span class="p">,</span>
-                                               <span class="s1">&#39;name&#39;</span><span class="p">:</span> <span class="s1">&#39;IBM&#39;</span><span class="p">,</span>
-                                               <span class="s1">&#39;phone&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                               <span class="s1">&#39;role&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                               <span class="s1">&#39;title&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">},</span>
-                                   <span class="s1">&#39;entities&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;RAIN-ARIN&#39;</span><span class="p">],</span>
-                                   <span class="s1">&#39;events&#39;</span><span class="p">:</span> <span class="p">[{</span><span class="s1">&#39;action&#39;</span><span class="p">:</span> <span class="s1">&#39;last changed&#39;</span><span class="p">,</span>
-                                               <span class="s1">&#39;actor&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                               <span class="s1">&#39;timestamp&#39;</span><span class="p">:</span> <span class="s1">&#39;2017-11-30T14:46:26-05:00&#39;</span><span class="p">},</span>
-                                              <span class="p">{</span><span class="s1">&#39;action&#39;</span><span class="p">:</span> <span class="s1">&#39;registration&#39;</span><span class="p">,</span>
-                                               <span class="s1">&#39;actor&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                               <span class="s1">&#39;timestamp&#39;</span><span class="p">:</span> <span class="s1">&#39;1992-02-08T00:00:00-05:00&#39;</span><span class="p">}],</span>
-                                   <span class="s1">&#39;events_actor&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                   <span class="s1">&#39;handle&#39;</span><span class="p">:</span> <span class="s1">&#39;IBM-1&#39;</span><span class="p">,</span>
-                                   <span class="s1">&#39;links&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;https://rdap.arin.net/registry/entity/IBM-1&#39;</span><span class="p">,</span>
-                                             <span class="s1">&#39;https://whois.arin.net/rest/org/IBM-1&#39;</span><span class="p">],</span>
-                                   <span class="s1">&#39;notices&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                   <span class="s1">&#39;raw&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                   <span class="s1">&#39;remarks&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-                                   <span class="s1">&#39;roles&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;registrant&#39;</span><span class="p">],</span>
-                                   <span class="s1">&#39;status&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">}},</span>
-             <span class="s1">&#39;query&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.38.10&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;raw&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">},</span>
- <span class="s1">&#39;inputs&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;rdap_depth&#39;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="s1">&#39;rdap_query&#39;</span><span class="p">:</span> <span class="s1">&#39;https://www.ibm.com&#39;</span><span class="p">},</span>
- <span class="s1">&#39;metrics&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;execution_time_ms&#39;</span><span class="p">:</span> <span class="mi">337</span><span class="p">,</span>
-             <span class="s1">&#39;host&#39;</span><span class="p">:</span> <span class="s1">&#39;your@hostname.com&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;package&#39;</span><span class="p">:</span> <span class="s1">&#39;fn-whois-rdap&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;package_version&#39;</span><span class="p">:</span> <span class="s1">&#39;1.0.0&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;timestamp&#39;</span><span class="p">:</span> <span class="s1">&#39;2019-09-26 15:52:48&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;version&#39;</span><span class="p">:</span> <span class="s1">&#39;1.0&#39;</span><span class="p">},</span>
- <span class="s1">&#39;raw&#39;</span><span class="p">:</span> <span class="s1">&#39;{&quot;nir&quot;: null, &quot;asn_registry&quot;: &quot;arin&quot;, &quot;asn&quot;: &quot;16807&quot;, &quot;asn_cidr&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;129.42.38.0/24&quot;, &quot;asn_country_code&quot;: &quot;US&quot;, &quot;asn_date&quot;: &quot;1987-07-29&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;asn_description&quot;: &quot;IBM-EI - IBM - Events Infrastructure, US&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;query&quot;: &quot;129.42.38.10&quot;, &quot;network&quot;: {&quot;handle&quot;: &quot;NET-129-42-0-0-1&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;status&quot;: [&quot;active&quot;], &quot;remarks&quot;: null, &quot;notices&quot;: [{&quot;title&quot;: &quot;Terms &#39;</span>
-        <span class="s1">&#39;of Service&quot;, &quot;description&quot;: &quot;By using the ARIN RDAP/Whois service, &#39;</span>
-        <span class="s1">&#39;you are agreeing to the RDAP/Whois Terms of Use&quot;, &quot;links&quot;: &#39;</span>
-        <span class="s1">&#39;[&quot;https://www.arin.net/resources/registry/whois/tou/&quot;]}, {&quot;title&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;Whois Inaccuracy Reporting&quot;, &quot;description&quot;: &quot;If you see inaccuracies &#39;</span>
-        <span class="s1">&#39;in the results, please visit: &quot;, &quot;links&quot;: &#39;</span>
-        <span class="s1">&#39;[&quot;https://www.arin.net/resources/registry/whois/inaccuracy_reporting/&quot;]}, &#39;</span>
-        <span class="s1">&#39;{&quot;title&quot;: &quot;Copyright Notice&quot;, &quot;description&quot;: &quot;Copyright 1997-2019, &#39;</span>
-        <span class="s1">&#39;American Registry for Internet Numbers, Ltd.&quot;, &quot;links&quot;: null}], &#39;</span>
-        <span class="s1">&#39;&quot;links&quot;: [&quot;https://rdap.arin.net/registry/ip/129.42.0.0&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;https://whois.arin.net/rest/net/NET-129-42-0-0-1&quot;], &quot;events&quot;: &#39;</span>
-        <span class="s1">&#39;[{&quot;action&quot;: &quot;last changed&quot;, &quot;timestamp&quot;: &quot;2015-10-20T16:09:08-04:00&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;actor&quot;: null}, {&quot;action&quot;: &quot;registration&quot;, &quot;timestamp&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;1987-07-28T23:00:00-04:00&quot;, &quot;actor&quot;: null}], &quot;raw&quot;: null, &#39;</span>
-        <span class="s1">&#39;&quot;start_address&quot;: &quot;129.42.0.0&quot;, &quot;end_address&quot;: &quot;129.42.255.255&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;cidr&quot;: &quot;129.42.0.0/16&quot;, &quot;ip_version&quot;: &quot;v4&quot;, &quot;type&quot;: &quot;DIRECT &#39;</span>
-        <span class="s1">&#39;ASSIGNMENT&quot;, &quot;name&quot;: &quot;IBM-RSCH-NET2&quot;, &quot;country&quot;: null, &#39;</span>
-        <span class="s1">&#39;&quot;parent_handle&quot;: &quot;NET-129-0-0-0-0&quot;}, &quot;entities&quot;: [&quot;IBM-1&quot;], &#39;</span>
-        <span class="s1">&#39;&quot;objects&quot;: {&quot;IBM-1&quot;: {&quot;handle&quot;: &quot;IBM-1&quot;, &quot;status&quot;: null, &quot;remarks&quot;: &#39;</span>
-        <span class="s1">&#39;null, &quot;notices&quot;: null, &quot;links&quot;: &#39;</span>
-        <span class="s1">&#39;[&quot;https://rdap.arin.net/registry/entity/IBM-1&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;https://whois.arin.net/rest/org/IBM-1&quot;], &quot;events&quot;: [{&quot;action&quot;: &quot;last &#39;</span>
-        <span class="s1">&#39;changed&quot;, &quot;timestamp&quot;: &quot;2017-11-30T14:46:26-05:00&quot;, &quot;actor&quot;: null}, &#39;</span>
-        <span class="s1">&#39;{&quot;action&quot;: &quot;registration&quot;, &quot;timestamp&quot;: &quot;1992-02-08T00:00:00-05:00&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;actor&quot;: null}], &quot;raw&quot;: null, &quot;roles&quot;: [&quot;registrant&quot;], &quot;contact&quot;: &#39;</span>
-        <span class="s1">&#39;{&quot;name&quot;: &quot;IBM&quot;, &quot;kind&quot;: &quot;org&quot;, &quot;address&quot;: [{&quot;type&quot;: null, &quot;value&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;3039 Cornwallis Road</span><span class="se">\\</span><span class="s1">nResearch Triangle &#39;</span>
-        <span class="s1">&#39;Park</span><span class="se">\\</span><span class="s1">nNC</span><span class="se">\\</span><span class="s1">n27709-2195</span><span class="se">\\</span><span class="s1">nUnited States&quot;}], &quot;phone&quot;: null, &quot;email&quot;: &#39;</span>
-        <span class="s1">&#39;null, &quot;role&quot;: null, &quot;title&quot;: null}, &quot;events_actor&quot;: null, &quot;entities&quot;: &#39;</span>
-        <span class="s1">&#39;[&quot;RAIN-ARIN&quot;]}}, &quot;raw&quot;: null, &quot;dns_zone&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;10.38.42.129.origin.asn.cymru.com&quot;, &quot;display_content&quot;: &quot;{ &#39;</span>
-        <span class="s1">&#39;</span><span class="se">\\</span><span class="s1">&quot;nir</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;asn_registry</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;arin</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;16807</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn_cidr</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;129.42.38.0/24</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn_country_code</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;US</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn_date</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;1987-07-29</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn_description</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;IBM-EI &#39;</span>
-        <span class="s1">&#39;- IBM - Events Infrastructure, &#39;</span>
-        <span class="s1">&#39;US</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;query</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;129.42.38.10</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;network</span><span class="se">\\</span><span class="s1">&quot;:{ &#39;</span>
-        <span class="s1">&#39;</span><span class="se">\\</span><span class="s1">&quot;handle</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;NET-129-42-0-0-1</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;remarks</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;raw</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;start_address</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;129.42.0.0</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;end_address</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;129.42.255.255</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;cidr</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;129.42.0.0/16</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;ip_version</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;v4</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;type</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;DIRECT &#39;</span>
-        <span class="s1">&#39;ASSIGNMENT</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;name</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;IBM-RSCH-NET2</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;country</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;parent_handle</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;NET-129-0-0-0-0</span><span class="se">\\</span><span class="s1">&quot; &#39;</span>
-        <span class="s1">&#39;},</span><span class="se">\\</span><span class="s1">&quot;objects</span><span class="se">\\</span><span class="s1">&quot;:{ </span><span class="se">\\</span><span class="s1">&quot;IBM-1</span><span class="se">\\</span><span class="s1">&quot;:{ &#39;</span>
-        <span class="s1">&#39;</span><span class="se">\\</span><span class="s1">&quot;handle</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;IBM-1</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;status</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;remarks</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;notices</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;raw</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;contact</span><span class="se">\\</span><span class="s1">&quot;:{ &#39;</span>
-        <span class="s1">&#39;</span><span class="se">\\</span><span class="s1">&quot;name</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;IBM</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;kind</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;org</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;phone</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;email</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;role</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;title</span><span class="se">\\</span><span class="s1">&quot;:false &#39;</span>
-        <span class="s1">&#39;},</span><span class="se">\\</span><span class="s1">&quot;events_actor</span><span class="se">\\</span><span class="s1">&quot;:false } &#39;</span>
-        <span class="s1">&#39;},</span><span class="se">\\</span><span class="s1">&quot;raw</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;dns_zone</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;10.38.42.129.origin.asn.cymru.com</span><span class="se">\\</span><span class="s1">&quot; &#39;</span>
-        <span class="s1">&#39;}&quot;}&#39;</span><span class="p">,</span>
- <span class="s1">&#39;reason&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
- <span class="s1">&#39;success&#39;</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
- <span class="s1">&#39;version&#39;</span><span class="p">:</span> <span class="s1">&#39;1.0&#39;</span><span class="p">}</span>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;asn&quot;</span><span class="p">:</span> <span class="s2">&quot;8075&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_cidr&quot;</span><span class="p">:</span> <span class="s2">&quot;172.200.0.0/13&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_country_code&quot;</span><span class="p">:</span> <span class="s2">&quot;GB&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_date&quot;</span><span class="p">:</span> <span class="s2">&quot;2002-02-13&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_description&quot;</span><span class="p">:</span> <span class="s2">&quot;MICROSOFT-CORP-MSN-AS-BLOCK, US&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_registry&quot;</span><span class="p">:</span> <span class="s2">&quot;ripencc&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;display_content&quot;</span><span class="p">:</span> <span class="s2">&quot;{ </span><span class="se">\&quot;</span><span class="s2">dns_zone</span><span class="se">\&quot;</span><span class="s2">:</span><span class="se">\&quot;</span><span class="s2">25.147.206.172.origin.asn.cymru.com</span><span class="se">\&quot;</span><span class="s2"> }&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;dns_zone&quot;</span><span class="p">:</span> <span class="s2">&quot;25.147.206.172.origin.asn.cymru.com&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;entities&quot;</span><span class="p">:</span> <span class="p">[</span>
+      <span class="s2">&quot;DH5439-RIPE&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;MICROSOFT-MAINT&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;MRPA3-RIPE&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;ORG-MA42-RIPE&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;RIPE-NCC-HM-MNT&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;MAC274-RIPE&quot;</span>
+    <span class="p">],</span>
+    <span class="s2">&quot;network&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;cidr&quot;</span><span class="p">:</span> <span class="s2">&quot;172.128.0.0/10, 172.192.0.0/12, 172.208.0.0/13&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;country&quot;</span><span class="p">:</span> <span class="s2">&quot;GB&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;end_address&quot;</span><span class="p">:</span> <span class="s2">&quot;172.215.255.255&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;events&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;registration&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;actor&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-05-16T09:38:13Z&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;action&quot;</span><span class="p">:</span> <span class="s2">&quot;last changed&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;actor&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-05-16T09:38:13Z&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="s2">&quot;172.128.0.0 - 172.215.255.255&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;ip_version&quot;</span><span class="p">:</span> <span class="s2">&quot;v4&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="s2">&quot;https://rdap.db.ripe.net/ip/172.206.147.25&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;http://www.ripe.net/data-tools/support/documentation/terms&quot;</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;UK-MICROSOFT-20000324&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;notices&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;This output has been filtered.&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="s2">&quot;Filtered&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;If you see inaccuracies in the results, please visit:&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;https://www.ripe.net/contact-form?topic=ripe_dbm</span><span class="se">\u0026</span><span class="s2">show_form=true&quot;</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="s2">&quot;Whois Inaccuracy Reporting&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Objects returned came from source</span><span class="se">\n</span><span class="s2">RIPE&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="s2">&quot;Source&quot;</span>
+        <span class="p">},</span>
+        <span class="p">{</span>
+          <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;This is the RIPE Database query service. The objects are in RDAP format.&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="s2">&quot;http://www.ripe.net/db/support/db-terms-conditions.pdf&quot;</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="s2">&quot;Terms and Conditions&quot;</span>
+        <span class="p">}</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;parent_handle&quot;</span><span class="p">:</span> <span class="s2">&quot;0.0.0.0 - 255.255.255.255&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;remarks&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+      <span class="s2">&quot;start_address&quot;</span><span class="p">:</span> <span class="s2">&quot;172.128.0.0&quot;</span><span class="p">,</span>
+      <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="p">[</span>
+        <span class="s2">&quot;active&quot;</span>
+      <span class="p">],</span>
+      <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ALLOCATED PA&quot;</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;nir&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;objects&quot;</span><span class="p">:</span> <span class="p">{</span>
+      <span class="s2">&quot;DH5439-RIPE&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;contact&quot;</span><span class="p">:</span> <span class="p">{</span>
+          <span class="s2">&quot;address&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+              <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;One Microsoft Way</span><span class="se">\n</span><span class="s2">Redmond, WA 98052&quot;</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;email&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;kind&quot;</span><span class="p">:</span> <span class="s2">&quot;individual&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Divya Quamara&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;phone&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;voice&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;+1-425-882-8080&quot;</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;role&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="n">null</span>
+        <span class="p">},</span>
+        <span class="s2">&quot;entities&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events_actor&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="s2">&quot;DH5439-RIPE&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;https://rdap.db.ripe.net/entity/DH5439-RIPE&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;http://www.ripe.net/data-tools/support/documentation/terms&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;notices&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;remarks&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;roles&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;administrative&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="n">null</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;MAC274-RIPE&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;contact&quot;</span><span class="p">:</span> <span class="p">{</span>
+          <span class="s2">&quot;address&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+              <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;One Microsoft Way</span><span class="se">\n</span><span class="s2">Redmond, WA 98052&quot;</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;email&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;abuse&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;abuse@microsoft.com&quot;</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;kind&quot;</span><span class="p">:</span> <span class="s2">&quot;group&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Microsoft Abuse Contact&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;phone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;role&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="n">null</span>
+        <span class="p">},</span>
+        <span class="s2">&quot;entities&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;MICROSOFT-MAINT&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;events&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events_actor&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="s2">&quot;MAC274-RIPE&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;notices&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;remarks&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;roles&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;abuse&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="n">null</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;MICROSOFT-MAINT&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;contact&quot;</span><span class="p">:</span> <span class="p">{</span>
+          <span class="s2">&quot;address&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;email&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;kind&quot;</span><span class="p">:</span> <span class="s2">&quot;individual&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;MICROSOFT-MAINT&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;phone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;role&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="n">null</span>
+        <span class="p">},</span>
+        <span class="s2">&quot;entities&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events_actor&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="s2">&quot;MICROSOFT-MAINT&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;https://rdap.db.ripe.net/entity/MICROSOFT-MAINT&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;http://www.ripe.net/data-tools/support/documentation/terms&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;notices&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;remarks&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;roles&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;registrant&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="n">null</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;MRPA3-RIPE&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;contact&quot;</span><span class="p">:</span> <span class="p">{</span>
+          <span class="s2">&quot;address&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+              <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;One Microsoft Way</span><span class="se">\n</span><span class="s2">Redmond, WA 98052&quot;</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;email&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;kind&quot;</span><span class="p">:</span> <span class="s2">&quot;group&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Microsoft Routing, Peering, and DNS&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;phone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;role&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="n">null</span>
+        <span class="p">},</span>
+        <span class="s2">&quot;entities&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events_actor&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="s2">&quot;MRPA3-RIPE&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;https://rdap.db.ripe.net/entity/MRPA3-RIPE&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;http://www.ripe.net/data-tools/support/documentation/terms&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;notices&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;remarks&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;roles&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;technical&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="n">null</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;ORG-MA42-RIPE&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;contact&quot;</span><span class="p">:</span> <span class="p">{</span>
+          <span class="s2">&quot;address&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+              <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;One Microsoft Way</span><span class="se">\n</span><span class="s2">WA 98052</span><span class="se">\n</span><span class="s2">Redmond</span><span class="se">\n</span><span class="s2">UNITED STATES&quot;</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;email&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;kind&quot;</span><span class="p">:</span> <span class="s2">&quot;org&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Microsoft Limited&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;phone&quot;</span><span class="p">:</span> <span class="p">[</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;voice&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;+1 425 882 8080&quot;</span>
+            <span class="p">},</span>
+            <span class="p">{</span>
+              <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;fax&quot;</span><span class="p">,</span>
+              <span class="s2">&quot;value&quot;</span><span class="p">:</span> <span class="s2">&quot;+1 425 936 7329&quot;</span>
+            <span class="p">}</span>
+          <span class="p">],</span>
+          <span class="s2">&quot;role&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="n">null</span>
+        <span class="p">},</span>
+        <span class="s2">&quot;entities&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events_actor&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="s2">&quot;ORG-MA42-RIPE&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;https://rdap.db.ripe.net/entity/ORG-MA42-RIPE&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;http://www.ripe.net/data-tools/support/documentation/terms&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;notices&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;remarks&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;roles&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;registrant&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="n">null</span>
+      <span class="p">},</span>
+      <span class="s2">&quot;RIPE-NCC-HM-MNT&quot;</span><span class="p">:</span> <span class="p">{</span>
+        <span class="s2">&quot;contact&quot;</span><span class="p">:</span> <span class="p">{</span>
+          <span class="s2">&quot;address&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;email&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;kind&quot;</span><span class="p">:</span> <span class="s2">&quot;individual&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;RIPE-NCC-HM-MNT&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;phone&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;role&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+          <span class="s2">&quot;title&quot;</span><span class="p">:</span> <span class="n">null</span>
+        <span class="p">},</span>
+        <span class="s2">&quot;entities&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;events_actor&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="s2">&quot;RIPE-NCC-HM-MNT&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;links&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;https://rdap.db.ripe.net/entity/RIPE-NCC-HM-MNT&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;http://www.ripe.net/data-tools/support/documentation/terms&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;notices&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;remarks&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;roles&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;registrant&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;status&quot;</span><span class="p">:</span> <span class="n">null</span>
+      <span class="p">}</span>
+    <span class="p">},</span>
+    <span class="s2">&quot;query&quot;</span><span class="p">:</span> <span class="s2">&quot;172.206.147.25&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;rdap_depth&quot;</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span>
+    <span class="s2">&quot;rdap_query&quot;</span><span class="p">:</span> <span class="s2">&quot;172.206.147.25&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1470</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-whois-rdap&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.5&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-09-24 13:56:32&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+<span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">rdap_query</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
 <span class="n">inputs</span><span class="o">.</span><span class="n">rdap_depth</span> <span class="o">=</span> <span class="mi">0</span>
@@ -746,29 +985,49 @@ <h2>Function - RDAP: Query<a class="headerlink" href="#function-rdap-query" titl
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="k">try</span><span class="p">:</span>
-  <span class="n">des</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">description</span><span class="o">.</span><span class="n">content</span>
-<span class="k">except</span> <span class="ne">Exception</span><span class="p">:</span>
-  <span class="n">des</span> <span class="o">=</span> <span class="kc">None</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">format_link</span><span class="p">(</span><span class="n">item</span><span class="p">):</span>
+  <span class="k">if</span> <span class="n">item</span> <span class="ow">and</span> <span class="p">(</span><span class="s2">&quot;https://&quot;</span> <span class="ow">in</span> <span class="n">item</span> <span class="ow">or</span> <span class="s2">&quot;http://&quot;</span> <span class="ow">in</span> <span class="n">item</span><span class="p">):</span>
+    <span class="k">return</span> <span class="s2">&quot;&lt;a target=&#39;blank&#39; href=&#39;</span><span class="si">{0}</span><span class="s2">&#39;&gt;</span><span class="si">{0}</span><span class="s2">&lt;/a&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">item</span><span class="p">)</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="k">return</span> <span class="n">item</span>
 
-<span class="k">if</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;success&quot;</span><span class="p">]:</span>
-  <span class="k">if</span> <span class="n">des</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
-    <span class="n">note</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;&quot;&quot;&lt;div&gt;&lt;p&gt;&lt;br&gt;&lt;b&gt;RDAP threat intelligence at </span><span class="si">{2}</span><span class="s2">:&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;br&gt;&lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;&lt;/br&gt;&lt;/div&gt;&lt;/p&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;div&gt;&lt;p&gt;&lt;br&gt;&lt;b&gt; Possible accessible keys:&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;br&gt;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span><span class="s2">&quot;&quot;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">][</span><span class="s2">&quot;display_content&quot;</span><span class="p">],</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">]</span><span class="o">.</span><span class="n">keys</span><span class="p">(),</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">])</span>
-    <span class="n">artifact</span><span class="o">.</span><span class="n">description</span> <span class="o">=</span> <span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note</span><span class="p">)</span>
+<span class="k">def</span> <span class="nf">expand_list</span><span class="p">(</span><span class="n">list_value</span><span class="p">,</span> <span class="n">separator</span><span class="o">=</span><span class="s2">&quot;&lt;br&gt;&quot;</span><span class="p">):</span>
+  <span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">list_value</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+    <span class="k">return</span> <span class="n">format_link</span><span class="p">(</span><span class="n">list_value</span><span class="p">)</span>
   <span class="k">else</span><span class="p">:</span>
-    <span class="n">note</span> <span class="o">=</span><span class="n">des</span> <span class="o">+</span><span class="sa">u</span><span class="s2">&quot;&quot;&quot;&lt;div&gt;&lt;p&gt;&lt;br&gt;&lt;b&gt;RDAP threat intelligence at </span><span class="si">{2}</span><span class="s2">:&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;br&gt;&lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;&lt;/br&gt;&lt;/div&gt;&lt;/p&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;div&gt;&lt;p&gt;&lt;br&gt;&lt;b&gt; Possible accessible keys:&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;br&gt;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span><span class="s2">&quot;&quot;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">][</span><span class="s2">&quot;display_content&quot;</span><span class="p">],</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">]</span><span class="o">.</span><span class="n">keys</span><span class="p">(),</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">])</span>
-    <span class="n">artifact</span><span class="o">.</span><span class="n">description</span> <span class="o">=</span> <span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note</span><span class="p">)</span>
+    <span class="k">try</span><span class="p">:</span>
+      <span class="n">items</span> <span class="o">=</span> <span class="p">[]</span>
+      <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">list_value</span><span class="p">:</span>
+        <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
+          <span class="n">items</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s2">&quot;&lt;div style=&#39;padding:10px&#39;&gt;</span><span class="si">{}</span><span class="s2">&lt;/div&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">walk_dict</span><span class="p">(</span><span class="n">item</span><span class="p">)))</span>
+        <span class="k">else</span><span class="p">:</span>
+          <span class="n">items</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">format_link</span><span class="p">(</span><span class="n">item</span><span class="p">))</span>
+      <span class="k">return</span> <span class="n">separator</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">items</span><span class="p">)</span>
+    <span class="k">except</span><span class="p">:</span>
+        <span class="k">pass</span>
+    
+<span class="k">def</span> <span class="nf">walk_dict</span><span class="p">(</span><span class="n">sub_dict</span><span class="p">):</span>
+  <span class="n">notes</span> <span class="o">=</span> <span class="p">[]</span>
+  <span class="k">for</span> <span class="n">key</span><span class="p">,</span> <span class="n">value</span> <span class="ow">in</span> <span class="n">sub_dict</span><span class="o">.</span><span class="n">items</span><span class="p">():</span>
+    <span class="k">if</span> <span class="n">key</span> <span class="ow">not</span> <span class="ow">in</span> <span class="p">[</span><span class="s1">&#39;display_content&#39;</span><span class="p">]:</span>
+      <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
+        <span class="n">notes</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">u</span><span class="s2">&quot;&lt;b&gt;</span><span class="si">{}</span><span class="s2">&lt;/b&gt;: &lt;div style=&#39;padding:10px&#39;&gt;</span><span class="si">{}</span><span class="s2">&lt;/div&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">walk_dict</span><span class="p">(</span><span class="n">value</span><span class="p">)))</span>
+      <span class="k">else</span><span class="p">:</span>
+        <span class="n">notes</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">u</span><span class="s2">&quot;&lt;b&gt;</span><span class="si">{}</span><span class="s2">&lt;/b&gt;: </span><span class="si">{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">expand_list</span><span class="p">(</span><span class="n">value</span><span class="p">)))</span>
+      
+  <span class="k">return</span> <span class="sa">u</span><span class="s2">&quot;&lt;br&gt;&quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">notes</span><span class="p">)</span>
+    
+
+<span class="n">note</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;RDAP Whois for artifact: </span><span class="si">{}</span><span class="s2">&lt;br&gt;&lt;br&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">)</span>
+<span class="k">if</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;success&quot;</span><span class="p">]:</span>
+  <span class="n">note</span> <span class="o">=</span> <span class="n">note</span> <span class="o">+</span> <span class="n">walk_dict</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">])</span>
 <span class="k">else</span><span class="p">:</span>
-  <span class="n">note</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;&quot;&quot;RDAP threat intelligence at </span><span class="si">{}</span><span class="s2">:</span><span class="se">\n\n</span><span class="s2">  This Artifact has no ans registry information, </span><span class="se">\n\n</span><span class="s2"> so no intelligence was gathered.  </span><span class="se">\n\n</span><span class="s2">&quot;&quot;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">])</span>
-  <span class="n">artifact</span><span class="o">.</span><span class="n">description</span> <span class="o">=</span> <span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note</span><span class="p">)</span>
+  <span class="n">note</span> <span class="o">=</span> <span class="n">note</span> <span class="o">+</span> <span class="sa">u</span><span class="s2">&quot;This Artifact has no ans accessible registry information&quot;</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note</span><span class="p">))</span>
+
 </pre></div>
 </div>
 </p>
@@ -776,7 +1035,7 @@ <h2>Function - RDAP: Query<a class="headerlink" href="#function-rdap-query" titl
 </section>
 <hr class="docutils" />
 <section id="function-whois-query">
-<h2>Function - WHOIS: Query<a class="headerlink" href="#function-whois-query" title="Link to this heading">¶</a></h2>
+<h2>Function - WHOIS: query<a class="headerlink" href="#function-whois-query" title="Link to this heading">¶</a></h2>
 <p>Using ipwhois library to make general queries in whois format</p>
 <p><img alt="screenshot: fn-whois-query " src="../_images/fn-rdap-query.png" /></p>
 <details><summary>Inputs:</summary>
@@ -796,7 +1055,7 @@ <h2>Function - WHOIS: Query<a class="headerlink" href="#function-whois-query" ti
 <td class="text-center"><p><code class="docutils literal notranslate"><span class="pre">text</span></code></p></td>
 <td class="text-center"><p>Yes</p></td>
 <td><p><code class="docutils literal notranslate"><span class="pre">ibm.com</span></code></p></td>
-<td><p>IP, URL or DNS value</p></td>
+<td><p>IP, URL or DNS Artifact</p></td>
 </tr>
 </tbody>
 </table>
@@ -805,142 +1064,172 @@ <h2>Function - WHOIS: Query<a class="headerlink" href="#function-whois-query" ti
 </details>
 <details><summary>Outputs:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span><span class="s1">&#39;content&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;asn&#39;</span><span class="p">:</span> <span class="s1">&#39;16807&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_cidr&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.38.0/24&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_country_code&#39;</span><span class="p">:</span> <span class="s1">&#39;US&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_date&#39;</span><span class="p">:</span> <span class="s1">&#39;1987-07-29&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_description&#39;</span><span class="p">:</span> <span class="s1">&#39;IBM-EI - IBM - Events Infrastructure, US&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;asn_registry&#39;</span><span class="p">:</span> <span class="s1">&#39;arin&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;display_content&#39;</span><span class="p">:</span> <span class="s1">&#39;{ &#39;</span>
-                                <span class="s1">&#39;&quot;nir&quot;:false,&quot;asn_registry&quot;:&quot;arin&quot;,&quot;asn&quot;:&quot;16807&quot;,&quot;asn_cidr&quot;:&quot;129.42.38.0/24&quot;,&quot;asn_country_code&quot;:&quot;US&quot;,&quot;asn_date&quot;:&quot;1987-07-29&quot;,&quot;asn_description&quot;:&quot;IBM-EI &#39;</span>
-                                <span class="s1">&#39;- IBM - Events Infrastructure, &#39;</span>
-                                <span class="s1">&#39;US&quot;,&quot;query&quot;:&quot;129.42.38.10&quot;,&quot;raw&quot;:false,&quot;referral&quot;:false,&quot;raw_referral&quot;:false,&quot;dns_zone&quot;:&quot;10.38.42.129.origin.asn.cymru.com&quot; &#39;</span>
-                                <span class="s1">&#39;}&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;dns_zone&#39;</span><span class="p">:</span> <span class="s1">&#39;10.38.42.129.origin.asn.cymru.com&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;nets&#39;</span><span class="p">:</span> <span class="p">[{</span><span class="s1">&#39;address&#39;</span><span class="p">:</span> <span class="s1">&#39;3039 Cornwallis Road&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;cidr&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.0.0/16&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;city&#39;</span><span class="p">:</span> <span class="s1">&#39;Research Triangle Park&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;country&#39;</span><span class="p">:</span> <span class="s1">&#39;US&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;created&#39;</span><span class="p">:</span> <span class="s1">&#39;1987-07-28&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;description&#39;</span><span class="p">:</span> <span class="s1">&#39;IBM&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;emails&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;ipreg@us.ibm.com&#39;</span><span class="p">],</span>
-                       <span class="s1">&#39;handle&#39;</span><span class="p">:</span> <span class="s1">&#39;NET-129-42-0-0-1&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;name&#39;</span><span class="p">:</span> <span class="s1">&#39;IBM-RSCH-NET2&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;postal_code&#39;</span><span class="p">:</span> <span class="s1">&#39;27709-2195&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;range&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.0.0 - 129.42.255.255&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;state&#39;</span><span class="p">:</span> <span class="s1">&#39;NC&#39;</span><span class="p">,</span>
-                       <span class="s1">&#39;updated&#39;</span><span class="p">:</span> <span class="s1">&#39;2015-10-20&#39;</span><span class="p">}],</span>
-             <span class="s1">&#39;nir&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-             <span class="s1">&#39;query&#39;</span><span class="p">:</span> <span class="s1">&#39;129.42.38.10&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;raw&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-             <span class="s1">&#39;raw_referral&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
-             <span class="s1">&#39;referral&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">},</span>
- <span class="s1">&#39;inputs&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;whois_query&#39;</span><span class="p">:</span> <span class="s1">&#39;https://www.ibm.com&#39;</span><span class="p">},</span>
- <span class="s1">&#39;metrics&#39;</span><span class="p">:</span> <span class="p">{</span><span class="s1">&#39;execution_time_ms&#39;</span><span class="p">:</span> <span class="mi">2362</span><span class="p">,</span>
-             <span class="s1">&#39;host&#39;</span><span class="p">:</span> <span class="s1">&#39;your@hostname.com&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;package&#39;</span><span class="p">:</span> <span class="s1">&#39;fn-whois-rdap&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;package_version&#39;</span><span class="p">:</span> <span class="s1">&#39;1.0.0&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;timestamp&#39;</span><span class="p">:</span> <span class="s1">&#39;2019-09-26 15:57:35&#39;</span><span class="p">,</span>
-             <span class="s1">&#39;version&#39;</span><span class="p">:</span> <span class="s1">&#39;1.0&#39;</span><span class="p">},</span>
- <span class="s1">&#39;raw&#39;</span><span class="p">:</span> <span class="s1">&#39;{&quot;nir&quot;: null, &quot;asn_registry&quot;: &quot;arin&quot;, &quot;asn&quot;: &quot;16807&quot;, &quot;asn_cidr&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;129.42.38.0/24&quot;, &quot;asn_country_code&quot;: &quot;US&quot;, &quot;asn_date&quot;: &quot;1987-07-29&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;asn_description&quot;: &quot;IBM-EI - IBM - Events Infrastructure, US&quot;, &#39;</span>
-        <span class="s1">&#39;&quot;query&quot;: &quot;129.42.38.10&quot;, &quot;nets&quot;: [{&quot;cidr&quot;: &quot;129.42.0.0/16&quot;, &quot;name&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;IBM-RSCH-NET2&quot;, &quot;handle&quot;: &quot;NET-129-42-0-0-1&quot;, &quot;range&quot;: &quot;129.42.0.0 - &#39;</span>
-        <span class="s1">&#39;129.42.255.255&quot;, &quot;description&quot;: &quot;IBM&quot;, &quot;country&quot;: &quot;US&quot;, &quot;state&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;NC&quot;, &quot;city&quot;: &quot;Research Triangle Park&quot;, &quot;address&quot;: &quot;3039 Cornwallis &#39;</span>
-        <span class="s1">&#39;Road&quot;, &quot;postal_code&quot;: &quot;27709-2195&quot;, &quot;emails&quot;: [&quot;ipreg@us.ibm.com&quot;], &#39;</span>
-        <span class="s1">&#39;&quot;created&quot;: &quot;1987-07-28&quot;, &quot;updated&quot;: &quot;2015-10-20&quot;}], &quot;raw&quot;: null, &#39;</span>
-        <span class="s1">&#39;&quot;referral&quot;: null, &quot;raw_referral&quot;: null, &quot;dns_zone&quot;: &#39;</span>
-        <span class="s1">&#39;&quot;10.38.42.129.origin.asn.cymru.com&quot;, &quot;display_content&quot;: &quot;{ &#39;</span>
-        <span class="s1">&#39;</span><span class="se">\\</span><span class="s1">&quot;nir</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;asn_registry</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;arin</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;16807</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn_cidr</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;129.42.38.0/24</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn_country_code</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;US</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn_date</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;1987-07-29</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;asn_description</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;IBM-EI &#39;</span>
-        <span class="s1">&#39;- IBM - Events Infrastructure, &#39;</span>
-        <span class="s1">&#39;US</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;query</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;129.42.38.10</span><span class="se">\\</span><span class="s1">&quot;,</span><span class="se">\\</span><span class="s1">&quot;raw</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;referral</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;raw_referral</span><span class="se">\\</span><span class="s1">&quot;:false,</span><span class="se">\\</span><span class="s1">&quot;dns_zone</span><span class="se">\\</span><span class="s1">&quot;:</span><span class="se">\\</span><span class="s1">&quot;10.38.42.129.origin.asn.cymru.com</span><span class="se">\\</span><span class="s1">&quot; &#39;</span>
-        <span class="s1">&#39;}&quot;}&#39;</span><span class="p">,</span>
- <span class="s1">&#39;reason&#39;</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span>
- <span class="s1">&#39;success&#39;</span><span class="p">:</span> <span class="kc">True</span><span class="p">,</span>
- <span class="s1">&#39;version&#39;</span><span class="p">:</span> <span class="s1">&#39;1.0&#39;</span><span class="p">}</span>
+<blockquote>
+<div><p><strong>NOTE:</strong> This example might be in JSON format, but <code class="docutils literal notranslate"><span class="pre">results</span></code> is a Python Dictionary on the SOAR platform.</p>
+</div></blockquote>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">results</span> <span class="o">=</span> <span class="p">{</span>
+  <span class="s2">&quot;content&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;asn&quot;</span><span class="p">:</span> <span class="s2">&quot;8075&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_cidr&quot;</span><span class="p">:</span> <span class="s2">&quot;172.200.0.0/13&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_country_code&quot;</span><span class="p">:</span> <span class="s2">&quot;GB&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_date&quot;</span><span class="p">:</span> <span class="s2">&quot;2002-02-13&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_description&quot;</span><span class="p">:</span> <span class="s2">&quot;MICROSOFT-CORP-MSN-AS-BLOCK, US&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;asn_registry&quot;</span><span class="p">:</span> <span class="s2">&quot;ripencc&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;display_content&quot;</span><span class="p">:</span> <span class="s2">&quot;{ </span><span class="se">\&quot;</span><span class="s2">dns_zone</span><span class="se">\&quot;</span><span class="s2">:</span><span class="se">\&quot;</span><span class="s2">25.147.206.172.origin.asn.cymru.com</span><span class="se">\&quot;</span><span class="s2"> }&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;dns_zone&quot;</span><span class="p">:</span> <span class="s2">&quot;25.147.206.172.origin.asn.cymru.com&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;nets&quot;</span><span class="p">:</span> <span class="p">[</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;address&quot;</span><span class="p">:</span> <span class="s2">&quot;One Microsoft Way</span><span class="se">\n</span><span class="s2">WA 98052</span><span class="se">\n</span><span class="s2">Redmond</span><span class="se">\n</span><span class="s2">UNITED STATES&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;cidr&quot;</span><span class="p">:</span> <span class="s2">&quot;172.128.0.0/10, 172.192.0.0/12, 172.208.0.0/13&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;city&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;country&quot;</span><span class="p">:</span> <span class="s2">&quot;GB&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-05-16T09:38:13Z&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Microsoft Corporation AS8075</span><span class="se">\n</span><span class="s2">To report suspected security issues specific to</span><span class="se">\n</span><span class="s2">traffic emanating from Microsoft online services,</span><span class="se">\n</span><span class="s2">including the distribution of malicious content</span><span class="se">\n</span><span class="s2">or other illicit or illegal material through a</span><span class="se">\n</span><span class="s2">Microsoft online service, please submit reports</span><span class="se">\n</span><span class="s2">to:</span><span class="se">\n</span><span class="s2">* https://cert.microsoft.com</span><span class="se">\n</span><span class="s2">For SPAM and other abuse issues, such as Microsoft</span><span class="se">\n</span><span class="s2">Accounts, please contact:</span><span class="se">\n</span><span class="s2">* abuse@microsoft.com</span><span class="se">\n</span><span class="s2">To report security vulnerabilities in Microsoft</span><span class="se">\n</span><span class="s2">products and services, please contact:</span><span class="se">\n</span><span class="s2">* secure@microsoft.com</span><span class="se">\n</span><span class="s2">For legal and law enforcement-related requests,</span><span class="se">\n</span><span class="s2">please contact:</span><span class="se">\n</span><span class="s2">* msndcc@microsoft.com</span><span class="se">\n</span><span class="s2">For routing, peering or DNS issues, please</span><span class="se">\n</span><span class="s2">contact:</span><span class="se">\n</span><span class="s2">* IOC@microsoft.com&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;emails&quot;</span><span class="p">:</span> <span class="p">[</span>
+          <span class="s2">&quot;abuse@microsoft.com&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;secure@microsoft.com&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;msndcc@microsoft.com&quot;</span><span class="p">,</span>
+          <span class="s2">&quot;IOC@microsoft.com&quot;</span>
+        <span class="p">],</span>
+        <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="s2">&quot;MRPA3-RIPE&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;UK-MICROSOFT-20000324&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;postal_code&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;range&quot;</span><span class="p">:</span> <span class="s2">&quot;172.128.0.0 - 172.215.255.255&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;state&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;updated&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-05-16T09:38:13Z&quot;</span>
+      <span class="p">},</span>
+      <span class="p">{</span>
+        <span class="s2">&quot;address&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;cidr&quot;</span><span class="p">:</span> <span class="s2">&quot;172.200.0.0/13&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;city&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;country&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;created&quot;</span><span class="p">:</span> <span class="s2">&quot;2022-07-08T19:11:00Z&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;description&quot;</span><span class="p">:</span> <span class="s2">&quot;Microsoft&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;emails&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;handle&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;postal_code&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;range&quot;</span><span class="p">:</span> <span class="s2">&quot;172.200.0.0 - 172.207.255.255&quot;</span><span class="p">,</span>
+        <span class="s2">&quot;state&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+        <span class="s2">&quot;updated&quot;</span><span class="p">:</span> <span class="s2">&quot;2022-07-08T19:11:00Z&quot;</span>
+      <span class="p">}</span>
+    <span class="p">],</span>
+    <span class="s2">&quot;nir&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;query&quot;</span><span class="p">:</span> <span class="s2">&quot;172.206.147.25&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;raw_referral&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+    <span class="s2">&quot;referral&quot;</span><span class="p">:</span> <span class="n">null</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;inputs&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;whois_query&quot;</span><span class="p">:</span> <span class="s2">&quot;172.206.147.25&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;metrics&quot;</span><span class="p">:</span> <span class="p">{</span>
+    <span class="s2">&quot;execution_time_ms&quot;</span><span class="p">:</span> <span class="mi">1307</span><span class="p">,</span>
+    <span class="s2">&quot;host&quot;</span><span class="p">:</span> <span class="s2">&quot;my.app.host&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package&quot;</span><span class="p">:</span> <span class="s2">&quot;fn-whois-rdap&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;package_version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0.5&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;timestamp&quot;</span><span class="p">:</span> <span class="s2">&quot;2024-09-24 13:57:53&quot;</span><span class="p">,</span>
+    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+  <span class="p">},</span>
+  <span class="s2">&quot;raw&quot;</span><span class="p">:</span> <span class="s2">&quot;&quot;</span><span class="p">,</span>
+  <span class="s2">&quot;reason&quot;</span><span class="p">:</span> <span class="n">null</span><span class="p">,</span>
+  <span class="s2">&quot;success&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
+  <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1.0&quot;</span>
+<span class="p">}</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Pre-Process Script:</summary>
+<details><summary>Example Function Input Script:</summary>
 <p>
 <div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="n">inputs</span><span class="o">.</span><span class="n">whois_query</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">value</span>
 </pre></div>
 </div>
 </p>
 </details>
-<details><summary>Example Post-Process Script:</summary>
+<details><summary>Example Function Post Process Script:</summary>
 <p>
-<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="k">try</span><span class="p">:</span>
-  <span class="n">des</span> <span class="o">=</span> <span class="n">artifact</span><span class="o">.</span><span class="n">description</span><span class="o">.</span><span class="n">content</span>
-<span class="k">except</span> <span class="ne">Exception</span><span class="p">:</span>
-  <span class="n">des</span> <span class="o">=</span> <span class="kc">None</span>
+<div class="highlight-python notranslate"><div class="highlight"><pre><span></span><span class="k">def</span> <span class="nf">format_link</span><span class="p">(</span><span class="n">item</span><span class="p">):</span>
+  <span class="k">if</span> <span class="n">item</span> <span class="ow">and</span> <span class="p">(</span><span class="s2">&quot;https://&quot;</span> <span class="ow">in</span> <span class="n">item</span> <span class="ow">or</span> <span class="s2">&quot;http://&quot;</span> <span class="ow">in</span> <span class="n">item</span><span class="p">):</span>
+    <span class="k">return</span> <span class="s2">&quot;&lt;a target=&#39;blank&#39; href=&#39;</span><span class="si">{0}</span><span class="s2">&#39;&gt;</span><span class="si">{0}</span><span class="s2">&lt;/a&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">item</span><span class="p">)</span>
+  <span class="k">else</span><span class="p">:</span>
+    <span class="k">return</span> <span class="n">item</span>
 
-<span class="k">if</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;success&quot;</span><span class="p">]:</span>
-  <span class="k">if</span> <span class="n">des</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
-    <span class="n">note</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;&quot;&quot;&lt;div&gt;&lt;p&gt;&lt;br&gt;&lt;b&gt;WHOIS threat intelligence at </span><span class="si">{2}</span><span class="s2">:&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;br&gt;&lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;&lt;/br&gt;&lt;/div&gt;&lt;/p&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;div&gt;&lt;p&gt;&lt;br&gt;&lt;b&gt; Possible accessible keys:&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;br&gt;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span><span class="s2">&quot;&quot;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">][</span><span class="s2">&quot;display_content&quot;</span><span class="p">],</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">]</span><span class="o">.</span><span class="n">keys</span><span class="p">(),</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">])</span>
-    <span class="n">artifact</span><span class="o">.</span><span class="n">description</span> <span class="o">=</span> <span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note</span><span class="p">)</span>
+<span class="k">def</span> <span class="nf">expand_list</span><span class="p">(</span><span class="n">list_value</span><span class="p">,</span> <span class="n">separator</span><span class="o">=</span><span class="s2">&quot;&lt;br&gt;&quot;</span><span class="p">):</span>
+  <span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">list_value</span><span class="p">,</span> <span class="nb">list</span><span class="p">):</span>
+    <span class="k">return</span> <span class="n">format_link</span><span class="p">(</span><span class="n">list_value</span><span class="p">)</span>
   <span class="k">else</span><span class="p">:</span>
-    <span class="n">note</span> <span class="o">=</span><span class="n">des</span> <span class="o">+</span><span class="sa">u</span><span class="s2">&quot;&quot;&quot;&lt;div&gt;&lt;p&gt;&lt;br&gt;&lt;b&gt;WHOIS threat intelligence at </span><span class="si">{2}</span><span class="s2">:&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;br&gt;&lt;b&gt;</span><span class="si">{0}</span><span class="s2">&lt;/b&gt;&lt;/br&gt;&lt;/div&gt;&lt;/p&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;div&gt;&lt;p&gt;&lt;br&gt;&lt;b&gt; Possible accessible keys:&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span>
-<span class="s2">    &lt;br&gt;&lt;b&gt;</span><span class="si">{1}</span><span class="s2">&lt;/b&gt;&lt;/br&gt;</span><span class="se">\n\n</span><span class="s2">&quot;&quot;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">][</span><span class="s2">&quot;display_content&quot;</span><span class="p">],</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">]</span><span class="o">.</span><span class="n">keys</span><span class="p">(),</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">])</span>
-    <span class="n">artifact</span><span class="o">.</span><span class="n">description</span> <span class="o">=</span> <span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note</span><span class="p">)</span>
+    <span class="k">try</span><span class="p">:</span>
+      <span class="n">items</span> <span class="o">=</span> <span class="p">[]</span>
+      <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">list_value</span><span class="p">:</span>
+        <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">item</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
+          <span class="n">items</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="s2">&quot;&lt;div style=&#39;padding:10px&#39;&gt;</span><span class="si">{}</span><span class="s2">&lt;/div&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">walk_dict</span><span class="p">(</span><span class="n">item</span><span class="p">)))</span>
+        <span class="k">else</span><span class="p">:</span>
+          <span class="n">items</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">format_link</span><span class="p">(</span><span class="n">item</span><span class="p">))</span>
+      <span class="k">return</span> <span class="n">separator</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">items</span><span class="p">)</span>
+    <span class="k">except</span><span class="p">:</span>
+        <span class="k">pass</span>
+    
+<span class="k">def</span> <span class="nf">walk_dict</span><span class="p">(</span><span class="n">sub_dict</span><span class="p">):</span>
+  <span class="n">notes</span> <span class="o">=</span> <span class="p">[]</span>
+  <span class="k">for</span> <span class="n">key</span><span class="p">,</span> <span class="n">value</span> <span class="ow">in</span> <span class="n">sub_dict</span><span class="o">.</span><span class="n">items</span><span class="p">():</span>
+    <span class="k">if</span> <span class="n">key</span> <span class="ow">not</span> <span class="ow">in</span> <span class="p">[</span><span class="s1">&#39;display_content&#39;</span><span class="p">]:</span>
+      <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">value</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
+        <span class="n">notes</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">u</span><span class="s2">&quot;&lt;b&gt;</span><span class="si">{}</span><span class="s2">&lt;/b&gt;: &lt;div style=&#39;padding:10px&#39;&gt;</span><span class="si">{}</span><span class="s2">&lt;/div&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">walk_dict</span><span class="p">(</span><span class="n">value</span><span class="p">)))</span>
+      <span class="k">else</span><span class="p">:</span>
+        <span class="n">notes</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="sa">u</span><span class="s2">&quot;&lt;b&gt;</span><span class="si">{}</span><span class="s2">&lt;/b&gt;: </span><span class="si">{}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">key</span><span class="p">,</span> <span class="n">expand_list</span><span class="p">(</span><span class="n">value</span><span class="p">)))</span>
+      
+  <span class="k">return</span> <span class="sa">u</span><span class="s2">&quot;&lt;br&gt;&quot;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">notes</span><span class="p">)</span>
+    
+
+<span class="n">note</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;Whois for artifact: </span><span class="si">{}</span><span class="s2">&lt;br&gt;&lt;br&gt;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">artifact</span><span class="o">.</span><span class="n">value</span><span class="p">)</span>
+<span class="k">if</span> <span class="n">results</span><span class="p">[</span><span class="s2">&quot;success&quot;</span><span class="p">]:</span>
+  <span class="n">note</span> <span class="o">=</span> <span class="n">note</span> <span class="o">+</span> <span class="n">walk_dict</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;content&quot;</span><span class="p">])</span>
 <span class="k">else</span><span class="p">:</span>
-  <span class="n">note</span> <span class="o">=</span> <span class="sa">u</span><span class="s2">&quot;&quot;&quot;WHOIS threat intelligence at </span><span class="si">{}</span><span class="s2">:</span><span class="se">\n\n</span><span class="s2">  This Artifact has no ans registry information, </span><span class="se">\n\n</span><span class="s2"> so no intelligence was gathered.  </span><span class="se">\n\n</span><span class="s2">&quot;&quot;&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="s2">&quot;metrics&quot;</span><span class="p">][</span><span class="s2">&quot;timestamp&quot;</span><span class="p">])</span>
-  <span class="n">artifact</span><span class="o">.</span><span class="n">description</span> <span class="o">=</span> <span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note</span><span class="p">)</span>
+  <span class="n">note</span> <span class="o">=</span> <span class="n">note</span> <span class="o">+</span> <span class="sa">u</span><span class="s2">&quot;This Artifact has no whois information&quot;</span>
+
+<span class="n">incident</span><span class="o">.</span><span class="n">addNote</span><span class="p">(</span><span class="n">helper</span><span class="o">.</span><span class="n">createRichText</span><span class="p">(</span><span class="n">note</span><span class="p">))</span>
+
 </pre></div>
 </div>
 </p>
 </details>
 </section>
 <hr class="docutils" />
-<section id="troubleshooting">
-<h2>Troubleshooting<a class="headerlink" href="#troubleshooting" title="Link to this heading">¶</a></h2>
-<p>There are several ways to verify the successful operation of a function.</p>
-<section id="resilient-action-status">
-<h3>Resilient Action Status<a class="headerlink" href="#resilient-action-status" title="Link to this heading">¶</a></h3>
-<ul class="simple">
-<li><p>When viewing an incident, use the Actions menu to view <strong>Action Status</strong>.</p></li>
-<li><p>By default, pending and errors are displayed.</p></li>
-<li><p>Modify the filter for actions to also show Completed actions.</p></li>
-<li><p>Clicking on an action displays additional information on the progress made or what error occurred.</p></li>
-</ul>
-</section>
-<section id="resilient-scripting-log">
-<h3>Resilient Scripting Log<a class="headerlink" href="#resilient-scripting-log" title="Link to this heading">¶</a></h3>
-<ul class="simple">
-<li><p>A separate log file is available to review scripting errors.</p></li>
-<li><p>This is useful when issues occur in the pre-processing or post-processing scripts.</p></li>
-<li><p>The default location for this log file is: <code class="docutils literal notranslate"><span class="pre">/var/log/resilient-scripting/resilient-scripting.log</span></code>.</p></li>
-</ul>
-</section>
-<section id="resilient-logs">
-<h3>Resilient Logs<a class="headerlink" href="#resilient-logs" title="Link to this heading">¶</a></h3>
-<ul class="simple">
-<li><p>By default, Resilient logs are retained at <code class="docutils literal notranslate"><span class="pre">/usr/share/co3/logs</span></code>.</p></li>
-<li><p>The <code class="docutils literal notranslate"><span class="pre">client.log</span></code> may contain additional information regarding the execution of functions.</p></li>
-</ul>
-</section>
-<section id="resilient-circuits">
-<h3>Resilient-Circuits<a class="headerlink" href="#resilient-circuits" title="Link to this heading">¶</a></h3>
-<ul class="simple">
-<li><p>The log is controlled in the <code class="docutils literal notranslate"><span class="pre">.resilient/app.config</span></code> file under the section [resilient] and the property <code class="docutils literal notranslate"><span class="pre">logdir</span></code>.</p></li>
-<li><p>The default file name is <code class="docutils literal notranslate"><span class="pre">app.log</span></code>.</p></li>
-<li><p>Each function will create progress information.</p></li>
-<li><p>Failures will show up as errors and may contain python trace statements.</p></li>
-</ul>
-</section>
+<section id="rules">
+<h2>Rules<a class="headerlink" href="#rules" title="Link to this heading">¶</a></h2>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head"><p>Rule Name</p></th>
+<th class="head"><p>Object</p></th>
+<th class="head"><p>Workflow Triggered</p></th>
+<th class="head"><p>Condition</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td><p>Run rdap query against Artifact</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">example_rdap_query</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">in</span> <span class="pre">['IP</span> <span class="pre">Address',</span> <span class="pre">'DNS</span> <span class="pre">Name',</span> <span class="pre">'URL']</span></code></p></td>
+</tr>
+<tr class="row-odd"><td><p>Run whois query against Artifact (RDAP)</p></td>
+<td><p>artifact</p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">example_whois_query</span></code></p></td>
+<td><p><code class="docutils literal notranslate"><span class="pre">artifact.type</span> <span class="pre">in</span> <span class="pre">['IP</span> <span class="pre">Address',</span> <span class="pre">'DNS</span> <span class="pre">Name',</span> <span class="pre">'URL']</span></code></p></td>
+</tr>
+</tbody>
+</table>
+</div>
 </section>
 <hr class="docutils" />
-<section id="support">
-<h2>Support<a class="headerlink" href="#support" title="Link to this heading">¶</a></h2>
-<p>View the <a class="reference external" href="https://ibm.biz/soarcommunity">community forums</a> for help with this app.</p>
+<section id="troubleshooting-support">
+<h2>Troubleshooting &amp; Support<a class="headerlink" href="#troubleshooting-support" title="Link to this heading">¶</a></h2>
+<p>Refer to the documentation listed in the Requirements section for troubleshooting information.</p>
+<section id="for-support">
+<h3>For Support<a class="headerlink" href="#for-support" title="Link to this heading">¶</a></h3>
+<p>This is a IBM Community provided app. Please search the Community <a class="reference external" href="https://ibm.biz/soarcommunity">ibm.biz/soarcommunity</a> for assistance.</p>
+</section>
 </section>
 </section>
 
@@ -999,31 +1288,32 @@ <h2>Support<a class="headerlink" href="#support" title="Link to this heading">¶
         <div class="toc-tree-container">
           <div class="toc-tree">
             <ul>
-<li><a class="reference internal" href="#">Whois RDAP</a><ul>
-<li><a class="reference internal" href="#release-notes">Release Notes</a><ul>
-<li><a class="reference internal" href="#history">History</a></li>
-</ul>
-</li>
+<li><a class="reference internal" href="#">fn_whois_rdap</a><ul>
+<li><a class="reference internal" href="#table-of-contents">Table of Contents</a></li>
+<li><a class="reference internal" href="#release-notes">Release Notes</a></li>
 <li><a class="reference internal" href="#overview">Overview</a><ul>
 <li><a class="reference internal" href="#key-features">Key Features</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#requirements">Requirements</a></li>
+<li><a class="reference internal" href="#requirements">Requirements</a><ul>
+<li><a class="reference internal" href="#soar-platform">SOAR platform</a></li>
+<li><a class="reference internal" href="#cloud-pak-for-security">Cloud Pak for Security</a></li>
+<li><a class="reference internal" href="#proxy-server">Proxy Server</a></li>
+<li><a class="reference internal" href="#python-environment">Python Environment</a></li>
+</ul>
+</li>
 <li><a class="reference internal" href="#installation">Installation</a><ul>
-<li><a class="reference internal" href="#app-host-installation">App Host Installation</a></li>
-<li><a class="reference internal" href="#integration-server-installation">Integration Server Installation</a></li>
+<li><a class="reference internal" href="#install">Install</a></li>
+<li><a class="reference internal" href="#app-configuration">App Configuration</a></li>
 </ul>
 </li>
 <li><a class="reference internal" href="#function-rdap-query">Function - RDAP: Query</a></li>
-<li><a class="reference internal" href="#function-whois-query">Function - WHOIS: Query</a></li>
-<li><a class="reference internal" href="#troubleshooting">Troubleshooting</a><ul>
-<li><a class="reference internal" href="#resilient-action-status">Resilient Action Status</a></li>
-<li><a class="reference internal" href="#resilient-scripting-log">Resilient Scripting Log</a></li>
-<li><a class="reference internal" href="#resilient-logs">Resilient Logs</a></li>
-<li><a class="reference internal" href="#resilient-circuits">Resilient-Circuits</a></li>
+<li><a class="reference internal" href="#function-whois-query">Function - WHOIS: query</a></li>
+<li><a class="reference internal" href="#rules">Rules</a></li>
+<li><a class="reference internal" href="#troubleshooting-support">Troubleshooting &amp; Support</a><ul>
+<li><a class="reference internal" href="#for-support">For Support</a></li>
 </ul>
 </li>
-<li><a class="reference internal" href="#support">Support</a></li>
 </ul>
 </li>
 </ul>
diff --git a/fn_wiki/README.html b/fn_wiki/README.html
index 73d352d3e..0996292e8 100644
--- a/fn_wiki/README.html
+++ b/fn_wiki/README.html
@@ -3,7 +3,7 @@
   <head><meta charset="utf-8"/>
     <meta name="viewport" content="width=device-width,initial-scale=1"/>
     <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
-<link rel="search" title="Search" href="../search.html" /><link rel="next" title="IBM XForce Collections" href="../fn_xforce/README.html" /><link rel="prev" title="Whois RDAP" href="../fn_whois_rdap/README.html" />
+<link rel="search" title="Search" href="../search.html" /><link rel="next" title="IBM XForce Collections" href="../fn_xforce/README.html" /><link rel="prev" title="fn_whois_rdap" href="../fn_whois_rdap/README.html" />
 
     <link rel="shortcut icon" href="../_static/IBM_Security_Shield.ico"/><!-- Generated with Sphinx 8.0.2 and Furo 2024.08.06 -->
         <title>SOAR Wiki - QRadar SOAR Apps</title>
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -494,7 +496,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p>Perform operations against the Resilient wiki: create or update pages, read wiki contents and perform lookups of content.</p>
-<p><img alt="screenshot: main" src="../_images/main75.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main77.png" /></p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
 <!--
@@ -825,7 +827,7 @@ <h3>For Support<a class="headerlink" href="#for-support" title="Link to this hea
                   <span>Previous</span>
                 </div>
                 
-                <div class="title">Whois RDAP</div>
+                <div class="title">fn_whois_rdap</div>
                 
               </div>
             </a>
diff --git a/fn_wiz/README.html b/fn_wiz/README.html
index 115313107..ab1ca41cd 100644
--- a/fn_wiz/README.html
+++ b/fn_wiz/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -491,7 +493,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM SOAR app for synchronization with Wiz issue, project, and vulnerability data</strong></p>
-<p><img alt="screenshot: main" src="../_images/main76.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main78.png" /></p>
 <p>Wiz is a cloud security platform that scans and monitors cloud resources for vulnerabilities and affected assets.</p>
 <p>This app polls Wiz Issues to create, update, or close corresponding cases in IBM QRadar SOAR and enriches the cases with Wiz project and vulnerability data for investigation. The app also updates Wiz issues based on changes to corresponding SOAR cases.</p>
 <section id="key-features">
@@ -1530,7 +1532,7 @@ <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts32.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts34.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/fn_xforce/README.html b/fn_xforce/README.html
index 4c8a4eeac..793dbbea9 100644
--- a/fn_xforce/README.html
+++ b/fn_xforce/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -483,7 +485,7 @@ <h3>1.1.0 Changes<a class="headerlink" href="#changes" title="Link to this headi
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>IBM SOAR Components for the IBM XForce Collections API</strong></p>
-<p><img alt="screenshot: main" src="../_images/main77.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main79.png" /></p>
 <p>The fn_xforce integration provides the ability to query the IBM XForce Collections API. Collections can be queried either by matching a provided search term or by Collection ID. Additionally, it is possible to query both public and private Collections. Information gathered from X-Force can be used for incident and artifact enrichment.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_yeti/README.html b/fn_yeti/README.html
index f381b44f9..e243addd0 100644
--- a/fn_yeti/README.html
+++ b/fn_yeti/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Yeti</a></li>
@@ -490,7 +492,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>IBM Security SOAR app for Yeti</strong></p>
-<p><img alt="screenshot: main" src="../_images/main78.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main80.png" /></p>
 <p>Queries Yeti and updates SOAR with any information gained on the artifact. All Yeti observables are supported by this integration. For more info about YETI platform, please visit https://yeti-platform.github.io.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
diff --git a/fn_zia/README.html b/fn_zia/README.html
index 399d3e9f5..d9526c984 100644
--- a/fn_zia/README.html
+++ b/fn_zia/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -519,7 +521,7 @@ <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">
   The text below is parsed from the "description" and "long_description" attributes in the setup.py file
 -->
 <p><strong>Zscaler Internet Access Integration for IBM SOAR</strong></p>
-<p><img alt="screenshot: main" src="../_images/main79.png" /></p>
+<p><img alt="screenshot: main" src="../_images/main81.png" /></p>
 <p>The Zscaler Internet Access Integration (ZIA) for SOAR to facilitate manual enrichment and actions against a ZIA environment in the IBM SOAR Platform.</p>
 <section id="key-features">
 <h3>Key Features<a class="headerlink" href="#key-features" title="Link to this heading">¶</a></h3>
@@ -2221,7 +2223,7 @@ <h2>Custom Layouts<a class="headerlink" href="#custom-layouts" title="Link to th
 -->
 <ul>
 <li><p>Import the Data Tables and Custom Fields like the screenshot below:</p>
-<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts33.png" /></p>
+<p><img alt="screenshot: custom_layouts" src="../_images/custom_layouts35.png" /></p>
 </li>
 </ul>
 </section>
diff --git a/index.html b/index.html
index b08918b9c..72fa7e1a4 100644
--- a/index.html
+++ b/index.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_yeti/README.html">Yeti</a></li>
@@ -441,6 +443,7 @@ <h1>IBM Security QRadar SOAR Apps<a class="headerlink" href="#ibm-security-qrada
 <div class="toctree-wrapper compound">
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -556,6 +559,7 @@ <h1>IBM Security QRadar SOAR Apps<a class="headerlink" href="#ibm-security-qrada
 <li class="toctree-l1"><a class="reference internal" href="fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_threatminer/README.html">ThreatMiner</a></li>
@@ -572,7 +576,7 @@ <h1>IBM Security QRadar SOAR Apps<a class="headerlink" href="#ibm-security-qrada
 <li class="toctree-l1"><a class="reference internal" href="fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_yeti/README.html">Yeti</a></li>
diff --git a/oauth-utils/README.html b/oauth-utils/README.html
index a13b0d808..9e571f101 100644
--- a/oauth-utils/README.html
+++ b/oauth-utils/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/objects.inv b/objects.inv
index ca568b3bf..50177d207 100644
Binary files a/objects.inv and b/objects.inv differ
diff --git a/older/README.html b/older/README.html
index 9e0fa6cca..f0c01d865 100644
--- a/older/README.html
+++ b/older/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/older/fn_bluecoat_site_review/README.html b/older/fn_bluecoat_site_review/README.html
index 94b8d4722..07feb58cb 100644
--- a/older/fn_bluecoat_site_review/README.html
+++ b/older/fn_bluecoat_site_review/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/older/fn_ldap_search/README.html b/older/fn_ldap_search/README.html
index f362d9650..1da5861a9 100644
--- a/older/fn_ldap_search/README.html
+++ b/older/fn_ldap_search/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/older/fn_res_to_icd/README.html b/older/fn_res_to_icd/README.html
index 6c1843bfd..d17b00667 100644
--- a/older/fn_res_to_icd/README.html
+++ b/older/fn_res_to_icd/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
@@ -454,7 +456,7 @@ <h3>v1.0.0<a class="headerlink" href="#v1-0-0" title="Link to this heading">¶</
 <section id="overview">
 <h2>Overview<a class="headerlink" href="#overview" title="Link to this heading">¶</a></h2>
 <p><strong>Manual escalation of Resilient incidents to the ICD Platform</strong></p>
-<p><img alt="screenshot: main" src="../../_images/main80.png" /></p>
+<p><img alt="screenshot: main" src="../../_images/main82.png" /></p>
 <p>This integration allows a SOC Analyst to escalate a Resilient incident to the ICD dashboard.
 If the icd_priority parameter is not defined in app.config file, the INTERNAL PRIORITY on the ICD platform (4) will be set on the escalated ticket corresponding to that Resilient incident.
 IP Sources or Destination Artifacts will be automatically added to the icd ticket if the icd_field_severity is not None (or a negative number) in the app.config file.</p>
diff --git a/older/fn_risk_fabric/README.html b/older/fn_risk_fabric/README.html
index 17bab5563..0b038b463 100644
--- a/older/fn_risk_fabric/README.html
+++ b/older/fn_risk_fabric/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/older/rc-query-csv/README.html b/older/rc-query-csv/README.html
index 61a150bd4..21c306681 100644
--- a/older/rc-query-csv/README.html
+++ b/older/rc-query-csv/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/older/rc-query-runner/README.html b/older/rc-query-runner/README.html
index a6296f7a5..4afdd47a6 100644
--- a/older/rc-query-runner/README.html
+++ b/older/rc-query-runner/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/older/rc-shell-runner/README.html b/older/rc-shell-runner/README.html
index 6917848c7..1fd378abf 100644
--- a/older/rc-shell-runner/README.html
+++ b/older/rc-shell-runner/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/older/rc-splunk-search/README.html b/older/rc-splunk-search/README.html
index aac6da8d7..cd063ffa1 100644
--- a/older/rc-splunk-search/README.html
+++ b/older/rc-splunk-search/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../../fn_yeti/README.html">Yeti</a></li>
diff --git a/pb_sans_isc_scan_ip/README.html b/pb_sans_isc_scan_ip/README.html
index fc6b22fb9..c9be7913e 100644
--- a/pb_sans_isc_scan_ip/README.html
+++ b/pb_sans_isc_scan_ip/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/pl_criminalip/README.html b/pl_criminalip/README.html
index eff242295..81339fee7 100644
--- a/pl_criminalip/README.html
+++ b/pl_criminalip/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-abuseipdb/README.html b/rc-cts-abuseipdb/README.html
index fb9f0e654..b492474da 100644
--- a/rc-cts-abuseipdb/README.html
+++ b/rc-cts-abuseipdb/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-googlesafebrowsing/README.html b/rc-cts-googlesafebrowsing/README.html
index dea79976c..6e689a36b 100644
--- a/rc-cts-googlesafebrowsing/README.html
+++ b/rc-cts-googlesafebrowsing/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-haveibeenpwned/README.html b/rc-cts-haveibeenpwned/README.html
index aed8fc664..357668d8b 100644
--- a/rc-cts-haveibeenpwned/README.html
+++ b/rc-cts-haveibeenpwned/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-mcafeetie/README.html b/rc-cts-mcafeetie/README.html
index d178e9017..ee66c0c64 100644
--- a/rc-cts-mcafeetie/README.html
+++ b/rc-cts-mcafeetie/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-misp/README.html b/rc-cts-misp/README.html
index 6b17ceef4..b5e204a66 100644
--- a/rc-cts-misp/README.html
+++ b/rc-cts-misp/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-passivetotal/README.html b/rc-cts-passivetotal/README.html
index 0f2c6d1d2..be950473d 100644
--- a/rc-cts-passivetotal/README.html
+++ b/rc-cts-passivetotal/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-shadowserver/README.html b/rc-cts-shadowserver/README.html
index e3f319cc2..454fb5b57 100644
--- a/rc-cts-shadowserver/README.html
+++ b/rc-cts-shadowserver/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-urlscanio/README.html b/rc-cts-urlscanio/README.html
index 7938c28a8..b46d102c0 100644
--- a/rc-cts-urlscanio/README.html
+++ b/rc-cts-urlscanio/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-cts-yeti/README.html b/rc-cts-yeti/README.html
index 6372e0a97..b0934a56a 100644
--- a/rc-cts-yeti/README.html
+++ b/rc-cts-yeti/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc-data-feed-plugin-filefeed/README.html b/rc-data-feed-plugin-filefeed/README.html
index c47bfbb0d..fc7fdce61 100644
--- a/rc-data-feed-plugin-filefeed/README.html
+++ b/rc-data-feed-plugin-filefeed/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc_data_feed/README.html b/rc_data_feed/README.html
index 9648480ef..58f431601 100644
--- a/rc_data_feed/README.html
+++ b/rc_data_feed/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc_data_feed_plugin_elasticfeed/README.html b/rc_data_feed_plugin_elasticfeed/README.html
index 7308a621b..f1901b240 100644
--- a/rc_data_feed_plugin_elasticfeed/README.html
+++ b/rc_data_feed_plugin_elasticfeed/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc_data_feed_plugin_kafkafeed/README.html b/rc_data_feed_plugin_kafkafeed/README.html
index ac5537cf4..912236831 100644
--- a/rc_data_feed_plugin_kafkafeed/README.html
+++ b/rc_data_feed_plugin_kafkafeed/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc_data_feed_plugin_odbcfeed/README.html b/rc_data_feed_plugin_odbcfeed/README.html
index a1904d599..9d508df0c 100644
--- a/rc_data_feed_plugin_odbcfeed/README.html
+++ b/rc_data_feed_plugin_odbcfeed/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc_data_feed_plugin_resilientfeed/README.html b/rc_data_feed_plugin_resilientfeed/README.html
index 297b6c31e..a5b51cfed 100644
--- a/rc_data_feed_plugin_resilientfeed/README.html
+++ b/rc_data_feed_plugin_resilientfeed/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/rc_data_feed_plugin_splunkfeed/README.html b/rc_data_feed_plugin_splunkfeed/README.html
index 41e63e4e8..f5398fd40 100644
--- a/rc_data_feed_plugin_splunkfeed/README.html
+++ b/rc_data_feed_plugin_splunkfeed/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul class="current">
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/res_hibp/README.html b/res_hibp/README.html
index ba8aa6610..e522f7419 100644
--- a/res_hibp/README.html
+++ b/res_hibp/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -462,7 +464,7 @@ <h2>Usage<a class="headerlink" href="#usage" title="Link to this heading">¶</a>
 <section id="example-of-have-i-been-pwned-workflow-with-hits">
 <h3>Example of Have I Been Pwned Workflow with Hits<a class="headerlink" href="#example-of-have-i-been-pwned-workflow-with-hits" title="Link to this heading">¶</a></h3>
 <p>This workflow invokes two functions from the fn_hibp integration packages.
-<img alt="Workflow1" src="../_images/main81.png" /></p>
+<img alt="Workflow1" src="../_images/main83.png" /></p>
 </section>
 </section>
 <section id="function-have-i-been-pwned-get-breaches">
diff --git a/res_qraw_mitre/README.html b/res_qraw_mitre/README.html
index 066210821..0e22e0751 100644
--- a/res_qraw_mitre/README.html
+++ b/res_qraw_mitre/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/res_urlscanio/README.html b/res_urlscanio/README.html
index 36d48790a..209245d5c 100644
--- a/res_urlscanio/README.html
+++ b/res_urlscanio/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -462,7 +464,7 @@ <h2>Usage<a class="headerlink" href="#usage" title="Link to this heading">¶</a>
 <section id="example-of-urlscan-io-workflow-with-hits">
 <h3>Example of URLScan.io Workflow with Hits<a class="headerlink" href="#example-of-urlscan-io-workflow-with-hits" title="Link to this heading">¶</a></h3>
 <p>This workflow invokes the funciton from the fn_urlscanio integration packages.
-<img alt="Workflow1" src="../_images/main82.png" /></p>
+<img alt="Workflow1" src="../_images/main84.png" /></p>
 </section>
 </section>
 <section id="function-scan-with-urlscan-io">
diff --git a/res_virustotal/README.html b/res_virustotal/README.html
index f923b8a66..1c697fa1a 100644
--- a/res_virustotal/README.html
+++ b/res_virustotal/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
@@ -464,7 +466,7 @@ <h2>Usage<a class="headerlink" href="#usage" title="Link to this heading">¶</a>
 <section id="virustotal-scan-for-hits-automatic-pb-playbook">
 <h3>VirusTotal: Scan for Hits Automatic (PB) Playbook<a class="headerlink" href="#virustotal-scan-for-hits-automatic-pb-playbook" title="Link to this heading">¶</a></h3>
 <p>This playbook automatically invokes a function from the fn_virustotal integration package and uses the results to create hits on artifacts based on the results from VirusTotal.</p>
-<p><img alt="Playbook" src="../_images/main83.png" /></p>
+<p><img alt="Playbook" src="../_images/main85.png" /></p>
 </section>
 </section>
 <section id="function-virustotal">
diff --git a/sc_convert_json_to_rich_text/README.html b/sc_convert_json_to_rich_text/README.html
index d929963b5..08340a6da 100644
--- a/sc_convert_json_to_rich_text/README.html
+++ b/sc_convert_json_to_rich_text/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/sc_email_approval/README.html b/sc_email_approval/README.html
index cd794a02f..652fcde5d 100644
--- a/sc_email_approval/README.html
+++ b/sc_email_approval/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/sc_email_parser/README.html b/sc_email_parser/README.html
index 780520e3b..036deac5d 100644
--- a/sc_email_parser/README.html
+++ b/sc_email_parser/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>
diff --git a/search.html b/search.html
index 5abe29b94..ee6fa176e 100644
--- a/search.html
+++ b/search.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="fn_yeti/README.html">Yeti</a></li>
diff --git a/searchindex.js b/searchindex.js
index 01fa464ba..842a6237d 100644
--- a/searchindex.js
+++ b/searchindex.js
@@ -1 +1 @@
-Search.setIndex({"alltitles": {"1. Client Authentication Certificate (client_auth_cert)": [[110, "client-authentication-certificate-client-auth-cert"]], "1. Guardium: Run Active Risk Spotter - Risky Users Scores:": [[55, "guardium-run-active-risk-spotter-risky-users-scores"]], "1. JSON format:": [[110, "json-format"]], "1. RETRY TRIES (rest_retry_tries)": [[110, "retry-tries-rest-retry-tries"]], "1. Using Endpoint provided token": [[110, "using-endpoint-provided-token"]], "1. file bundled as a multipart/form-data:": [[110, "file-bundled-as-a-multipart-form-data"]], "1.1 Changes": [[42, "changes"], [98, "changes"]], "1.1.0 Changes": [[86, "changes"], [90, "changes"], [128, "changes"], [142, "changes"], [151, "changes"], [178, "changes"], [182, "changes"]], "1.2.0 <!-- omit in toc -->": [[107, "id2"]], "1.2.0 Changes": [[10, "changes"], [24, "changes"], [77, "changes"], [88, "id2"], [102, "id2"], [182, "id1"]], "1.3.0": [[107, "id1"]], "1.3.0 Changes": [[88, "id1"]], "1.4.0": [[41, "id2"], [128, "id1"]], "1.4.0 Changes": [[88, "changes"]], "1.4.1": [[41, "id1"]], "1: Run Docker Container": [[37, "run-docker-container"]], "1: Send Artifact To Docker Container": [[37, "send-artifact-to-docker-container"]], "2. Client Authentication Private Key (client_auth_key)": [[110, "client-authentication-private-key-client-auth-key"]], "2. Compiling a Token using JWT parameters": [[110, "compiling-a-token-using-jwt-parameters"]], "2. New-line separated (Legacy) format:": [[110, "new-line-separated-legacy-format"]], "2. RETRY DELAY (rest_retry_delay)": [[110, "retry-delay-rest-retry-delay"]], "2. file bundled as request body:": [[110, "file-bundled-as-request-body"]], "2.0 Changes": [[87, "id2"]], "2.0.0 Changes": [[66, "id1"]], "2.1 Changes": [[87, "changes"]], "2.1.0 Changes": [[35, "changes"], [66, "changes"], [73, "changes"], [131, "changes"]], "2.2.0 Changes": [[103, "id1"], [117, "changes"]], "2.3.0 Changes": [[102, "id1"], [103, "changes"]], "2.4.0 Changes": [[102, "changes"]], "2: Post-Process Script:": [[37, "id2"]], "2: Pre-Process Script:": [[37, "id1"]], "2: Send Attachment To Docker Container": [[37, "send-attachment-to-docker-container"]], "3. Client Authentication PEM (client_auth_pem)": [[110, "client-authentication-pem-client-auth-pem"]], "3. RETRY BACKOFF (rest_retry_backoff)": [[110, "retry-backoff-rest-retry-backoff"]], "3.0.2": [[80, "id1"]], "<b>Example of adding a incident note from post-processing scripts:</b><br>\nscreenshot": [[143, "example-of-adding-a-incident-note-from-post-processing-scripts"]], "A note on sn_table_name": [[118, "a-note-on-sn-table-name"]], "API Key Permission Setup": [[29, "api-key-permission-setup"]], "API Name:": [[14, "api-name"], [14, "id1"], [14, "id3"], [14, "id5"], [14, "id7"], [14, "id9"], [15, "api-name"], [15, "id1"], [17, "api-name"], [18, "api-name"], [18, "id1"], [18, "id3"], [18, "id5"], [18, "id7"], [19, "api-name"], [20, "api-name"], [23, "api-name"], [23, "id1"], [23, "id3"], [23, "id5"], [23, "id7"], [23, "id9"], [23, "id11"], [23, "id13"], [24, "api-name"], [32, "api-name"], [32, "id9"], [35, "api-name"], [36, "api-name"], [37, "api-name"], [40, "api-name"], [40, "id1"], [41, "api-name"], [42, "api-name"], [42, "id1"], [42, "id3"], [42, "id5"], [42, "id7"], [48, "api-name"], [54, "api-name"], [58, "api-name"], [63, "api-name"], [66, "api-name"], [68, "api-name"], [68, "id1"], [73, "api-name"], [73, "id1"], [73, "id3"], [73, "id5"], [73, "id7"], [73, "id9"], [73, "id11"], [73, "id13"], [76, "api-name"], [77, "api-name"], [77, "id1"], [77, "id3"], [79, "api-name"], [79, "id1"], [81, "api-name"], [81, "id1"], [81, "id3"], [81, "id5"], [86, "api-name"], [87, "api-name"], [95, "api-name"], [97, "api-name"], [98, "api-name"], [101, "api-name"], [101, "id1"], [102, "api-name"], [102, "id3"], [102, "id5"], [102, "id7"], [102, "id9"], [102, "id11"], [102, "id13"], [102, "id15"], [103, "api-name"], [103, "id2"], [103, "id4"], [103, "id6"], [105, "api-name"], [106, "api-name"], [107, "api-name"], [107, "id3"], [108, "api-name"], [109, "api-name"], [113, "api-name"], [115, "api-name"], [116, "api-name"], [116, "id1"], [116, "id3"], [116, "id5"], [116, "id7"], [116, "id9"], [118, "api-name"], [123, "api-name"], [124, "api-name"], [128, "api-name"], [135, "api-name"], [144, "api-name"], [144, "id3"], [144, "id5"], [150, "api-name"], [150, "id1"], [153, "api-name"], [153, "id1"], [153, "id3"], [153, "id5"], [153, "id7"]], "API Name: <!-- omit in toc -->": [[34, "api-name"], [34, "id1"], [34, "id3"]], "API Permissions": [[131, "api-permissions"], [155, "api-permissions"]], "APIVoid Threat Analysis APIs": [[12, null]], "AWS GuardDuty App  1.1.0 Changes": [[14, "aws-guardduty-app-1-1-0-changes"]], "AWS IAM": [[15, null]], "AWS Utilities": [[16, null]], "About Apility.IO": [[13, null]], "About MxToolBox": [[82, null]], "About This Package": [[29, "about-this-package"]], "About This Package:": [[8, "about-this-package"], [33, "about-this-package"]], "About the provided UseCases": [[37, "about-the-provided-usecases"]], "About this Package:": [[1, "about-this-package"], [2, "about-this-package"]], "About this package": [[55, "about-this-package"]], "AbuseIPDB": [[7, null]], "AbuseIPDB Threat Service": [[167, null]], "Activity Fields": [[20, "activity-fields"]], "Add Customized Incident Fields": [[55, "add-customized-incident-fields"]], "Add Firewall Network Object Group pairs to Activation form": [[24, "add-firewall-network-object-group-pairs-to-activation-form"]], "Add IBM SOAR tab to Security Incident UI (SIR only)": [[120, "add-ibm-soar-tab-to-security-incident-ui-sir-only"]], "Add Results table": [[55, "add-results-table"]], "Add Thug configuration details to the config file:": [[133, "add-thug-configuration-details-to-the-config-file"]], "Adding Additional Python Files after Deployment": [[29, "adding-additional-python-files-after-deployment"]], "Adding Additional Python Packages": [[29, "adding-additional-python-packages"]], "Adding Usage Data for Datatables": [[97, "adding-usage-data-for-datatables"]], "Additional Data Feed Documentation": [[182, "additional-data-feed-documentation"]], "Additional connection strings": [[180, "additional-connection-strings"]], "Aditional Notes": [[133, "aditional-notes"]], "Advanced Changes": [[4, "advanced-changes"]], "Alert Filtering": [[144, "alert-filtering"]], "AlienVault OTX": [[8, null]], "All Apps": [[154, null]], "Allowlisting": [[189, "allowlisting"]], "Amass": [[37, "amass"]], "Anomali Staxx": [[9, null]], "Anomali Staxx Notes": [[9, "anomali-staxx-notes"]], "Ansible Playbooks": [[10, "ansible-playbooks"]], "Ansible Tower": [[11, null]], "Ansible for SOAR": [[10, null]], "App Config Settings (app.config)": [[118, "app-config-settings-app-config"]], "App Configuration": [[7, "app-configuration"], [10, "app-configuration"], [12, "app-configuration"], [14, "app-configuration"], [15, "app-configuration"], [16, "app-configuration"], [17, "app-configuration"], [18, "app-configuration"], [19, "app-configuration"], [20, "app-configuration"], [21, "app-configuration"], [23, "app-configuration"], [24, "app-configuration"], [27, "app-configuration"], [30, "app-configuration"], [31, "app-configuration"], [34, "app-configuration"], [35, "app-configuration"], [38, "app-configuration"], [40, "app-configuration"], [42, "app-configuration"], [45, "app-configuration"], [46, "app-configuration"], [48, "app-configuration"], [50, "app-configuration"], [52, "app-configuration"], [54, "app-configuration"], [57, "app-configuration"], [58, "app-configuration"], [59, "app-configuration"], [62, "app-configuration"], [63, "app-configuration"], [64, "app-configuration"], [65, "app-configuration"], [66, "app-configuration"], [68, "app-configuration"], [71, "app-configuration"], [73, "app-configuration"], [74, "app-configuration"], [75, "app-configuration"], [76, "app-configuration"], [77, "app-configuration"], [78, "app-configuration"], [78, "id1"], [79, "app-configuration"], [80, "app-configuration"], [83, "app-configuration"], [84, "app-configuration"], [86, "app-configuration"], [87, "app-configuration"], [88, "app-configuration"], [89, "app-configuration"], [90, "app-configuration"], [91, "app-configuration"], [92, "app-configuration"], [93, "app-configuration"], [95, "app-configuration"], [96, "app-configuration"], [97, "app-configuration"], [98, "app-configuration"], [101, "app-configuration"], [102, "app-configuration"], [103, "app-configuration"], [105, "app-configuration"], [106, "app-configuration"], [107, "app-configuration"], [108, "app-configuration"], [109, "app-configuration"], [112, "app-configuration"], [113, "app-configuration"], [115, "app-configuration"], [116, "app-configuration"], [121, "app-configuration"], [123, "app-configuration"], [124, "app-configuration"], [125, "app-configuration"], [128, "app-configuration"], [129, "app-configuration"], [134, "app-configuration"], [135, "app-configuration"], [138, "app-configuration"], [142, "app-configuration"], [144, "app-configuration"], [145, "app-configuration"], [146, "app-configuration"], [149, "app-configuration"], [150, "app-configuration"], [151, "app-configuration"], [152, "app-configuration"], [153, "app-configuration"]], "App Configuration (Both Permissions)": [[131, "app-configuration-both-permissions"]], "App Configuration:": [[120, "app-configuration"]], "App Development": [[154, null]], "App Format": [[143, "app-format"]], "App Host": [[9, "app-host"], [11, "app-host"], [28, "app-host"], [44, "app-host"], [54, "app-host"], [114, "app-host"], [143, "app-host"], [180, "app-host"], [182, "app-host"]], "App Host Components": [[29, null]], "App Host Configuration": [[1, "app-host-configuration"], [76, "app-host-configuration"]], "App Host Conversion Files": [[4, null]], "App Host Installation": [[10, "app-host-installation"], [148, "app-host-installation"], [178, "app-host-installation"], [181, "app-host-installation"]], "App Host Setup": [[60, "app-host-setup"], [140, "app-host-setup"]], "App Host Troubleshooting": [[29, "app-host-troubleshooting"]], "App Host sshPass Support": [[10, "app-host-sshpass-support"]], "App Registration": [[155, "app-registration"]], "App Restart": [[29, "app-restart"]], "Appendix - Create Incident Data Model": [[59, "appendix-create-incident-data-model"], [126, "appendix-create-incident-data-model"]], "Application Permission": [[131, "application-permission"]], "Application Usage and Details": [[55, "application-usage-and-details"]], "Approval Adjectives": [[188, "approval-adjectives"]], "Apps Included with Export": [[165, "apps-included-with-export"], [166, "apps-included-with-export"]], "Architectural Diagram": [[119, "architectural-diagram"]], "Arguments": [[155, "arguments"]], "Artifact Process": [[188, "artifact-process"]], "Artifacts": [[113, "artifacts"]], "Assets Field Masks": [[48, "assets-field-masks"]], "Attachments": [[110, "attachments"]], "Authenticated SMTP": [[155, "authenticated-smtp"]], "Authenticating to Google Cloud": [[46, "authenticating-to-google-cloud"]], "Authentication": [[110, "authentication"], [155, "authentication"]], "Authorize": [[87, "authorize"]], "Axonius": [[17, null]], "Axonius Development Version": [[17, "axonius-development-version"]], "Axonius Devices Data Table Field Names": [[17, "axonius-devices-data-table-field-names"]], "Axonius Devices Data Table Limit": [[17, "axonius-devices-data-table-limit"]], "Azure App Configuration": [[77, "azure-app-configuration"]], "Azure Automation Utilities": [[18, null]], "BMC Helix": [[20, null]], "BMC Helix Platform": [[20, "bmc-helix-platform"]], "Base Input Fields for Function Development": [[5, null]], "Basic Authentication": [[87, "basic-authentication"]], "Behavior": [[181, "behavior"]], "Bidirectional Synchronization": [[181, "bidirectional-synchronization"]], "BigFix": [[19, null]], "Bluecoat Site Review": [[157, null]], "Build a machine learning model": [[69, "build-a-machine-learning-model"]], "Build a model": [[69, "build-a-model"]], "Build a new NLP model": [[70, "build-a-new-nlp-model"]], "Building Your Container": [[4, "building-your-container"]], "CS Falcon: Devices": [[32, "cs-falcon-devices"]], "CS Falcon: Devices IOC Ran On Results": [[32, "cs-falcon-devices-ioc-ran-on-results"]], "CVE Browse Function": [[33, "cve-browse-function"]], "CVE Browse Function Layout:": [[33, "cve-browse-function-layout"]], "CVE Browse Post-Process Script": [[33, "cve-browse-post-process-script"]], "CVE Browse Pre-Process Script": [[33, "cve-browse-pre-process-script"]], "CVE Search": [[33, null], [33, "id1"]], "CVE Search Function": [[33, "cve-search-function"]], "CVE Search Function Layout:": [[33, "cve-search-function-layout"]], "CVE Search Post-Process Script": [[33, "cve-search-post-process-script"]], "CVE Search Pre-Process Script": [[33, "cve-search-pre-process-script"]], "Calendar Invite": [[21, null]], "Campaign identifier": [[189, "campaign-identifier"]], "CarbonBlack Protection": [[22, null]], "Case Fields Returned from Query and Case Update Limits": [[112, "case-fields-returned-from-query-and-case-update-limits"]], "Case Filtering": [[112, "case-filtering"]], "Change Log": [[33, "change-log"]], "Change log": [[180, "change-log"]], "Changelog": [[140, "changelog"]], "Changes for v2.3.0": [[189, "changes-for-v2-3-0"]], "Cisco ASA": [[24, null]], "Cisco ASA Configuration": [[24, "cisco-asa-configuration"]], "Cisco ASA Development Version": [[24, "cisco-asa-development-version"]], "Cisco Secure Endpoint": [[23, null]], "Cisco Umbrella Enforcement": [[25, null]], "Cisco Umbrella Investigate": [[26, null]], "Cisco WebEx": [[30, null]], "Cisco Webex": [[146, null]], "ClamAV": [[27, null]], "Client-side authentication with certificates": [[110, "client-side-authentication-with-certificates"]], "Close Incident Layout Tab": [[114, "close-incident-layout-tab"]], "Closing and Updating Incidents": [[65, "closing-and-updating-incidents"]], "Cloud Foundry": [[28, null]], "Cloud Pak for Security": [[7, "cloud-pak-for-security"], [10, "cloud-pak-for-security"], [12, "cloud-pak-for-security"], [14, "cloud-pak-for-security"], [15, "cloud-pak-for-security"], [16, "cloud-pak-for-security"], [17, "cloud-pak-for-security"], [18, "cloud-pak-for-security"], [19, "cloud-pak-for-security"], [20, "cloud-pak-for-security"], [21, "cloud-pak-for-security"], [23, "cloud-pak-for-security"], [24, "cloud-pak-for-security"], [27, "cloud-pak-for-security"], [30, "cloud-pak-for-security"], [31, "cloud-pak-for-security"], [34, "cloud-pak-for-security"], [35, "cloud-pak-for-security"], [38, "cloud-pak-for-security"], [40, "cloud-pak-for-security"], [41, "cloud-pak-for-security"], [42, "cloud-pak-for-security"], [45, "cloud-pak-for-security"], [46, "cloud-pak-for-security"], [48, "cloud-pak-for-security"], [50, "cloud-pak-for-security"], [52, "cloud-pak-for-security"], [54, "cloud-pak-for-security"], [57, "cloud-pak-for-security"], [58, "cloud-pak-for-security"], [59, "cloud-pak-for-security"], [62, "cloud-pak-for-security"], [63, "cloud-pak-for-security"], [64, "cloud-pak-for-security"], [65, "cloud-pak-for-security"], [66, "cloud-pak-for-security"], [71, "cloud-pak-for-security"], [73, "cloud-pak-for-security"], [76, "cloud-pak-for-security"], [77, "cloud-pak-for-security"], [78, "cloud-pak-for-security"], [79, "cloud-pak-for-security"], [80, "cloud-pak-for-security"], [81, "cloud-pak-for-security"], [83, "cloud-pak-for-security"], [84, "cloud-pak-for-security"], [85, "cloud-pak-for-security"], [86, "cloud-pak-for-security"], [87, "cloud-pak-for-security"], [88, "cloud-pak-for-security"], [89, "cloud-pak-for-security"], [90, "cloud-pak-for-security"], [91, "cloud-pak-for-security"], [92, "cloud-pak-for-security"], [93, "cloud-pak-for-security"], [95, "cloud-pak-for-security"], [96, "cloud-pak-for-security"], [97, "cloud-pak-for-security"], [98, "cloud-pak-for-security"], [101, "cloud-pak-for-security"], [102, "cloud-pak-for-security"], [103, "cloud-pak-for-security"], [105, "cloud-pak-for-security"], [106, "cloud-pak-for-security"], [107, "cloud-pak-for-security"], [108, "cloud-pak-for-security"], [109, "cloud-pak-for-security"], [110, "cloud-pak-for-security"], [112, "cloud-pak-for-security"], [113, "cloud-pak-for-security"], [115, "cloud-pak-for-security"], [116, "cloud-pak-for-security"], [121, "cloud-pak-for-security"], [123, "cloud-pak-for-security"], [124, "cloud-pak-for-security"], [125, "cloud-pak-for-security"], [126, "cloud-pak-for-security"], [128, "cloud-pak-for-security"], [129, "cloud-pak-for-security"], [131, "cloud-pak-for-security"], [134, "cloud-pak-for-security"], [135, "cloud-pak-for-security"], [142, "cloud-pak-for-security"], [144, "cloud-pak-for-security"], [145, "cloud-pak-for-security"], [146, "cloud-pak-for-security"], [150, "cloud-pak-for-security"], [151, "cloud-pak-for-security"], [152, "cloud-pak-for-security"], [153, "cloud-pak-for-security"], [165, "cloud-pak-for-security"]], "Columns:": [[14, "columns"], [14, "id2"], [14, "id4"], [14, "id6"], [14, "id8"], [14, "id10"], [15, "columns"], [15, "id2"], [17, "columns"], [18, "columns"], [18, "id2"], [18, "id4"], [18, "id6"], [18, "id8"], [19, "columns"], [20, "columns"], [23, "columns"], [23, "id2"], [23, "id4"], [23, "id6"], [23, "id8"], [23, "id10"], [23, "id12"], [23, "id14"], [24, "columns"], [32, "columns"], [32, "id10"], [35, "columns"], [36, "columns"], [37, "columns"], [40, "columns"], [40, "id2"], [41, "columns"], [42, "columns"], [42, "id2"], [42, "id4"], [42, "id6"], [42, "id8"], [48, "columns"], [54, "columns"], [58, "columns"], [63, "columns"], [66, "columns"], [68, "columns"], [68, "id2"], [73, "columns"], [73, "id2"], [73, "id4"], [73, "id6"], [73, "id8"], [73, "id10"], [73, "id12"], [73, "id14"], [76, "columns"], [77, "columns"], [77, "id2"], [77, "id4"], [79, "columns"], [79, "id2"], [81, "columns"], [81, "id2"], [81, "id4"], [81, "id6"], [86, "columns"], [87, "columns"], [95, "columns"], [97, "columns"], [98, "columns"], [101, "columns"], [101, "id2"], [102, "columns"], [102, "id4"], [102, "id6"], [102, "id8"], [102, "id10"], [102, "id12"], [102, "id14"], [102, "id16"], [103, "columns"], [103, "id3"], [103, "id5"], [103, "id7"], [105, "columns"], [106, "columns"], [107, "columns"], [107, "id4"], [108, "columns"], [109, "columns"], [113, "columns"], [115, "columns"], [116, "columns"], [116, "id2"], [116, "id4"], [116, "id6"], [116, "id8"], [116, "id10"], [118, "columns"], [123, "columns"], [124, "columns"], [128, "columns"], [135, "columns"], [144, "columns"], [144, "id4"], [144, "id6"], [150, "columns"], [150, "id2"], [153, "columns"], [153, "id2"], [153, "id4"], [153, "id6"], [153, "id8"]], "Columns: <!-- omit in toc -->": [[34, "columns"], [34, "id2"], [34, "id4"]], "Common connection issues with TLS and TroubleShooting": [[87, "common-connection-issues-with-tls-and-troubleshooting"]], "Compatibility": [[178, "compatibility"], [182, "compatibility"]], "Components": [[44, "components"], [157, "components"]], "Configuration": [[17, "configuration"], [31, "configuration"], [40, "configuration"], [41, "configuration"], [42, "configuration"], [50, "configuration"], [55, "configuration"], [72, "configuration"], [81, "configuration"], [87, "configuration"], [89, "configuration"], [96, "configuration"], [98, "configuration"], [106, "configuration"], [107, "configuration"], [115, "configuration"], [123, "configuration"], [129, "configuration"], [142, "configuration"], [153, "configuration"], [155, "configuration"], [160, "configuration"], [181, "configuration"], [188, "configuration"], [189, "configuration"]], "Configure Ansible Tower": [[11, "configure-ansible-tower"]], "Configure Credentials.": [[155, "configure-credentials"]], "Configure IBM QRadar Advisor with Watson": [[101, "configure-ibm-qradar-advisor-with-watson"]], "Configure OAuth 2.0 credentials": [[155, "configure-oauth-2-0-credentials"]], "Configure OAuth Consent Screen.": [[155, "configure-oauth-consent-screen"]], "Configure QRadar Use Case MAnager": [[101, "configure-qradar-use-case-manager"]], "Configure SOAR Inbound Email Connection": [[135, "configure-soar-inbound-email-connection"]], "Configure ServiceNowAllowedTableNames (SIR only)": [[120, "configure-servicenowallowedtablenames-sir-only"]], "Configure Symantec DLP Custom Attributes": [[129, "configure-symantec-dlp-custom-attributes"]], "Configure Trusteer Email Feeds": [[135, "configure-trusteer-email-feeds"]], "Configuring OAuth": [[63, "configuring-oauth"]], "Configuring Real time update to Offenses": [[102, "configuring-real-time-update-to-offenses"]], "Configuring bidirectional sync": [[63, "configuring-bidirectional-sync"]], "Connection options and installation:": [[37, "connection-options-and-installation"]], "Considerations": [[10, "considerations"], [113, "considerations"], [178, "considerations"], [181, "considerations"], [182, "considerations"]], "Container Environment": [[29, "container-environment"]], "Contents:": [[111, "contents"]], "Convert JSON to Rich Text Script": [[187, null]], "Create Cisco ASA Network Object Groups": [[24, "create-cisco-asa-network-object-groups"]], "Create Own Custom ServiceNow Workflow": [[119, "create-own-custom-servicenow-workflow"]], "Create a Connected App in Salesforce": [[112, "create-a-connected-app-in-salesforce"]], "Create a client Secret Value (Both Permissions)": [[131, "create-a-client-secret-value-both-permissions"]], "Create client secret": [[155, "create-client-secret"]], "Create the new project.": [[155, "create-the-new-project"]], "Creating Playbooks when server/servers in app.config are labeled": [[103, "creating-playbooks-when-server-servers-in-app-config-are-labeled"]], "Creating playbooks when server/servers in app.config are labeled": [[66, "creating-playbooks-when-server-servers-in-app-config-are-labeled"], [88, "creating-playbooks-when-server-servers-in-app-config-are-labeled"], [128, "creating-playbooks-when-server-servers-in-app-config-are-labeled"]], "Creating workflows when database/databases in app.config are labeled": [[86, "creating-workflows-when-database-databases-in-app-config-are-labeled"]], "Creating workflows when server/servers in app.config are labeled": [[63, "creating-workflows-when-server-servers-in-app-config-are-labeled"], [102, "creating-workflows-when-server-servers-in-app-config-are-labeled"]], "CriminalIP Threat Enrichment for IP Address and URL Artifacts": [[166, null]], "CrowdStrike Falcon": [[32, null]], "Custom Artifact Type": [[76, "custom-artifact-type"]], "Custom Artifact Types": [[14, "custom-artifact-types"], [15, "custom-artifact-types"], [68, "custom-artifact-types"], [98, "custom-artifact-types"], [102, "custom-artifact-types"], [108, "custom-artifact-types"], [135, "custom-artifact-types"]], "Custom Fields": [[14, "custom-fields"], [18, "custom-fields"], [20, "custom-fields"], [34, "custom-fields"], [42, "custom-fields"], [48, "custom-fields"], [54, "custom-fields"], [63, "custom-fields"], [66, "custom-fields"], [77, "custom-fields"], [78, "custom-fields"], [79, "custom-fields"], [80, "custom-fields"], [81, "custom-fields"], [87, "custom-fields"], [98, "custom-fields"], [101, "custom-fields"], [102, "custom-fields"], [103, "custom-fields"], [105, "custom-fields"], [106, "custom-fields"], [107, "custom-fields"], [108, "custom-fields"], [112, "custom-fields"], [115, "custom-fields"], [118, "custom-fields"], [123, "custom-fields"], [129, "custom-fields"], [135, "custom-fields"], [144, "custom-fields"], [150, "custom-fields"]], "Custom Layout": [[42, "custom-layout"]], "Custom Layouts": [[11, "custom-layouts"], [14, "custom-layouts"], [17, "custom-layouts"], [18, "custom-layouts"], [19, "custom-layouts"], [20, "custom-layouts"], [23, "custom-layouts"], [24, "custom-layouts"], [34, "custom-layouts"], [40, "custom-layouts"], [41, "custom-layouts"], [48, "custom-layouts"], [54, "custom-layouts"], [63, "custom-layouts"], [68, "custom-layouts"], [73, "custom-layouts"], [74, "custom-layouts"], [76, "custom-layouts"], [77, "custom-layouts"], [79, "custom-layouts"], [81, "custom-layouts"], [86, "custom-layouts"], [95, "custom-layouts"], [97, "custom-layouts"], [98, "custom-layouts"], [99, "custom-layouts"], [101, "custom-layouts"], [102, "custom-layouts"], [103, "custom-layouts"], [105, "custom-layouts"], [106, "custom-layouts"], [106, "id1"], [107, "custom-layouts"], [108, "custom-layouts"], [109, "custom-layouts"], [112, "custom-layouts"], [113, "custom-layouts"], [114, "custom-layouts"], [115, "custom-layouts"], [116, "custom-layouts"], [120, "custom-layouts"], [123, "custom-layouts"], [128, "custom-layouts"], [135, "custom-layouts"], [144, "custom-layouts"], [144, "id2"], [150, "custom-layouts"], [153, "custom-layouts"]], "Custom Templates": [[79, "custom-templates"]], "Custom poller filter template": [[79, "custom-poller-filter-template"]], "Customization": [[72, "customization"]], "Customize": [[43, "customize"], [69, "customize"], [70, "customize"], [117, "customize"]], "DXL Subscriber": [[75, "dxl-subscriber"]], "Darktrace <!-- omit in toc -->": [[34, null]], "Darktrace Development Version": [[34, "darktrace-development-version"]], "Data Feed Elasticsearch Plugin": [[178, null]], "Data Feed Extension": [[177, null]], "Data Feed FileFeed Plugin": [[176, null]], "Data Feed KafkaFeed Plugin": [[179, null]], "Data Feed plugin for Splunk": [[182, null]], "Data Feeder for ODBC Databases": [[180, null]], "Data Feeder for SOAR": [[181, null]], "Data Table": [[33, "data-table"]], "Data Table - AWS IAM Access Keys": [[15, "data-table-aws-iam-access-keys"]], "Data Table - AWS IAM Users": [[15, "data-table-aws-iam-users"]], "Data Table - Associated Devices": [[34, "data-table-associated-devices"]], "Data Table - Axonius Devices": [[17, "data-table-axonius-devices"]], "Data Table - Azure Automation Accounts": [[18, "data-table-azure-automation-accounts"]], "Data Table - Azure Automation Credentials": [[18, "data-table-azure-automation-credentials"]], "Data Table - Azure Automation Runbooks": [[18, "data-table-azure-automation-runbooks"]], "Data Table - Azure Automation Schedules": [[18, "data-table-azure-automation-schedules"]], "Data Table - Azure Automation Statistics": [[18, "data-table-azure-automation-statistics"]], "Data Table - BMC Helix Incidents": [[20, "data-table-bmc-helix-incidents"]], "Data Table - BigFix Query Results": [[19, "data-table-bigfix-query-results"]], "Data Table - CBC Device": [[144, "data-table-cbc-device"]], "Data Table - Cisco AMP Simple Custom Detections  file lists": [[23, "data-table-cisco-amp-simple-custom-detections-file-lists"]], "Data Table - Cisco AMP activity": [[23, "data-table-cisco-amp-activity"]], "Data Table - Cisco AMP computer trajectory": [[23, "data-table-cisco-amp-computer-trajectory"]], "Data Table - Cisco AMP computers": [[23, "data-table-cisco-amp-computers"]], "Data Table - Cisco AMP event types": [[23, "data-table-cisco-amp-event-types"]], "Data Table - Cisco AMP events": [[23, "data-table-cisco-amp-events"]], "Data Table - Cisco AMP file list files": [[23, "data-table-cisco-amp-file-list-files"]], "Data Table - Cisco AMP groups": [[23, "data-table-cisco-amp-groups"]], "Data Table - Cisco ASA Network Objects": [[24, "data-table-cisco-asa-network-objects"]], "Data Table - Defender Alerts": [[77, "data-table-defender-alerts"]], "Data Table - Defender Indicators": [[77, "data-table-defender-indicators"]], "Data Table - Defender Machines": [[77, "data-table-defender-machines"]], "Data Table - Detections": [[105, "data-table-detections"]], "Data Table - Discovery Path": [[105, "data-table-discovery-path"]], "Data Table - Email Conversations": [[87, "data-table-email-conversations"]], "Data Table - Email Information": [[40, "data-table-email-information"]], "Data Table - Example CSV Datatable": [[35, "data-table-example-csv-datatable"]], "Data Table - Exchange Online Message Query Results": [[41, "data-table-exchange-online-message-query-results"]], "Data Table - ExtraHop Activitymaps": [[42, "data-table-extrahop-activitymaps"]], "Data Table - ExtraHop Devices": [[42, "data-table-extrahop-devices"]], "Data Table - ExtraHop Watchlist": [[42, "data-table-extrahop-watchlist"]], "Data Table - Extrahop Detections": [[42, "data-table-extrahop-detections"]], "Data Table - Extrahop Tags": [[42, "data-table-extrahop-tags"]], "Data Table - Finding Source Properties": [[48, "data-table-finding-source-properties"]], "Data Table - GuardDuty Action/Actor Details": [[14, "data-table-guardduty-action-actor-details"]], "Data Table - GuardDuty Finding Overview": [[14, "data-table-guardduty-finding-overview"]], "Data Table - GuardDuty Resource - Access Key Details": [[14, "data-table-guardduty-resource-access-key-details"]], "Data Table - GuardDuty Resource - Instance Details": [[14, "data-table-guardduty-resource-instance-details"]], "Data Table - GuardDuty Resource - S3 Bucket Details": [[14, "data-table-guardduty-resource-s3-bucket-details"]], "Data Table - GuardDuty Resource Affected": [[14, "data-table-guardduty-resource-affected"]], "Data Table - Guardium Insights Classification Report": [[54, "data-table-guardium-insights-classification-report"]], "Data Table - ICDx Queried Events": [[58, "data-table-icdx-queried-events"]], "Data Table - Incident Events": [[34, "data-table-incident-events"]], "Data Table - Jira Task References": [[63, "data-table-jira-task-references"]], "Data Table - LDAP Query results": [[66, "data-table-ldap-query-results"]], "Data Table - MITRE ATT&CK Groups": [[81, "data-table-mitre-att-ck-groups"]], "Data Table - MITRE ATT&CK Software": [[81, "data-table-mitre-att-ck-software"]], "Data Table - MITRE ATT&CK Tactics": [[81, "data-table-mitre-att-ck-tactics"]], "Data Table - MITRE ATT&CK Techniques": [[81, "data-table-mitre-att-ck-techniques"]], "Data Table - MaaS360 Device datatable": [[68, "data-table-maas360-device-datatable"]], "Data Table - MaaS360 Installed Software datatable": [[68, "data-table-maas360-installed-software-datatable"]], "Data Table - McAfee ePO Client Tasks": [[73, "data-table-mcafee-epo-client-tasks"]], "Data Table - McAfee ePO Groups": [[73, "data-table-mcafee-epo-groups"]], "Data Table - McAfee ePO Issues": [[73, "data-table-mcafee-epo-issues"]], "Data Table - McAfee ePO Permission sets": [[73, "data-table-mcafee-epo-permission-sets"]], "Data Table - McAfee ePO Policies": [[73, "data-table-mcafee-epo-policies"]], "Data Table - McAfee ePO Systems": [[73, "data-table-mcafee-epo-systems"]], "Data Table - McAfee ePO Users": [[73, "data-table-mcafee-epo-users"]], "Data Table - McAfee ePO tags": [[73, "data-table-mcafee-epo-tags"]], "Data Table - Meeting Information": [[40, "data-table-meeting-information"]], "Data Table - Model Breaches": [[34, "data-table-model-breaches"]], "Data Table - Observations": [[144, "data-table-observations"]], "Data Table - Pipl person data": [[95, "data-table-pipl-person-data"]], "Data Table - Playbook/Workflow Usage": [[97, "data-table-playbook-workflow-usage"]], "Data Table - Processes": [[144, "data-table-processes"]], "Data Table - Proofpoint TAP Campaign Object Details": [[98, "data-table-proofpoint-tap-campaign-object-details"]], "Data Table - QR Assets": [[102, "data-table-qr-assets"]], "Data Table - QR Categories": [[102, "data-table-qr-categories"]], "Data Table - QR Destination IPs (First 10)": [[102, "data-table-qr-destination-ips-first-10"]], "Data Table - QR Events (First 10 Events)": [[102, "data-table-qr-events-first-10-events"]], "Data Table - QR Flows": [[102, "data-table-qr-flows"]], "Data Table - QR Source IPs (First 10)": [[102, "data-table-qr-source-ips-first-10"]], "Data Table - QR Triggered Rules": [[102, "data-table-qr-triggered-rules"]], "Data Table - QRadar Advisor analysis results": [[101, "data-table-qradar-advisor-analysis-results"]], "Data Table - QRadar EDR Process List": [[107, "data-table-qradar-edr-process-list"]], "Data Table - QRadar EDR Trigger Events": [[107, "data-table-qradar-edr-trigger-events"]], "Data Table - QRadar Rules and MITRE Tactics and Techniques": [[102, "data-table-qradar-rules-and-mitre-tactics-and-techniques"]], "Data Table - QRadar SIEM Offense Events": [[103, "data-table-qradar-siem-offense-events"]], "Data Table - QRadar SIEM Reference Sets": [[103, "data-table-qradar-siem-reference-sets"]], "Data Table - QRadar SIEM Reference Table Queried Rows": [[103, "data-table-qradar-siem-reference-table-queried-rows"]], "Data Table - QRadar SIEM Reference Tables": [[103, "data-table-qradar-siem-reference-tables"]], "Data Table - Rapid7 InsightIDR Alerts": [[106, "data-table-rapid7-insightidr-alerts"]], "Data Table - Relations Child Incidents": [[108, "data-table-relations-child-incidents"]], "Data Table - Remedy Linked Incidents Reference Table": [[109, "data-table-remedy-linked-incidents-reference-table"]], "Data Table - SQL query results": [[86, "data-table-sql-query-results"]], "Data Table - Scheduler Rules": [[113, "data-table-scheduler-rules"]], "Data Table - Sentinel Incident Alerts": [[79, "data-table-sentinel-incident-alerts"]], "Data Table - Sentinel Incident Entities": [[79, "data-table-sentinel-incident-entities"]], "Data Table - SentinelOne Agent": [[115, "data-table-sentinelone-agent"]], "Data Table - Siemplify List Entries": [[123, "data-table-siemplify-list-entries"]], "Data Table - Slack Conversations": [[124, "data-table-slack-conversations"]], "Data Table - Splunk Intel Results": [[128, "data-table-splunk-intel-results"]], "Data Table - Symantec SEP - EOC scan results": [[116, "data-table-symantec-sep-eoc-scan-results"]], "Data Table - Symantec SEP - Endpoint details": [[116, "data-table-symantec-sep-endpoint-details"]], "Data Table - Symantec SEP - Endpoint status summary": [[116, "data-table-symantec-sep-endpoint-status-summary"]], "Data Table - Symantec SEP - Fingerprint lists": [[116, "data-table-symantec-sep-fingerprint-lists"]], "Data Table - Symantec SEP - Groups": [[116, "data-table-symantec-sep-groups"]], "Data Table - Symantec SEP - Non-compliant Endpoints status details": [[116, "data-table-symantec-sep-non-compliant-endpoints-status-details"]], "Data Table - TIE Results": [[76, "data-table-tie-results"]], "Data Table - Trusteer Alerts": [[135, "data-table-trusteer-alerts"]], "Data Table - Watson Search with Local Context results": [[101, "data-table-watson-search-with-local-context-results"]], "Data Table - Wiz Projects Table": [[150, "data-table-wiz-projects-table"]], "Data Table - Wiz Vulnerabilities Table": [[150, "data-table-wiz-vulnerabilities-table"]], "Data Table - Zscaler Internet Access - Allowlist": [[153, "data-table-zscaler-internet-access-allowlist"]], "Data Table - Zscaler Internet Access - Blocklist": [[153, "data-table-zscaler-internet-access-blocklist"]], "Data Table - Zscaler Internet Access - Custom lists": [[153, "data-table-zscaler-internet-access-custom-lists"]], "Data Table - Zscaler Internet Access - Sandbox Report Summary": [[153, "data-table-zscaler-internet-access-sandbox-report-summary"]], "Data Table - Zscaler Internet Access - URL Categories": [[153, "data-table-zscaler-internet-access-url-categories"]], "Data Table Utils: CVE Searched Data": [[33, "data-table-utils-cve-searched-data"]], "Data Tables": [[32, "data-tables"]], "Data Tables:": [[118, "data-tables"]], "Database Support": [[181, "database-support"]], "Datatable": [[36, "datatable"]], "Datatable Utilities": [[35, null]], "Datatable:": [[37, "datatable"]], "Datatables": [[113, "datatables"]], "Datetime Fields and Timezones": [[180, "datetime-fields-and-timezones"]], "Delegated Permission": [[131, "delegated-permission"]], "Dependancies": [[47, "dependancies"]], "Description": [[69, "description"], [70, "description"], [183, "description"], [184, "description"], [185, "description"], [186, "description"]], "Determine the Rapid7 Data Storage Region": [[106, "determine-the-rapid7-data-storage-region"]], "Development Endpoint Environment": [[101, "development-endpoint-environment"]], "Development Version": [[23, "development-version"], [31, "development-version"], [40, "development-version"], [65, "development-version"], [71, "development-version"], [98, "development-version"], [107, "development-version"], [123, "development-version"], [150, "development-version"], [153, "development-version"]], "Digital Shadows Search": [[36, null]], "Digital Shadows Search Datatable": [[36, "digital-shadows-search-datatable"]], "Display a Data Table in an Incident": [[32, "display-a-data-table-in-an-incident"], [37, "display-a-data-table-in-an-incident"]], "Display the Data Table in an incident": [[33, "display-the-data-table-in-an-incident"]], "Display the Datatable in an Incident": [[36, "display-the-datatable-in-an-incident"]], "Docker": [[37, null]], "Docker Integration Invocations": [[37, "docker-integration-invocations"]], "Dockerfile": [[4, "dockerfile"]], "Documentation": [[117, "documentation"]], "Download & Install on App Host": [[120, "download-install-on-app-host"]], "Download & Install on Integration Server": [[120, "download-install-on-integration-server"]], "Download incidents": [[69, "download-incidents"]], "Drivers": [[86, "drivers"]], "ElasticFeed Class": [[178, "elasticfeed-class"]], "ElasticSearch": [[38, null]], "Email Header Validation": [[39, null]], "Email Message": [[188, "email-message"]], "Email Template": [[188, "email-template"]], "Enable the Rule: Trusteer PPD: Parse Trusteer Email v1.0.0": [[135, "enable-the-rule-trusteer-ppd-parse-trusteer-email-v1-0-0"]], "Endpoint Configuration": [[71, "endpoint-configuration"], [131, "endpoint-configuration"]], "Endpoint Developed With": [[7, "endpoint-developed-with"], [40, "endpoint-developed-with"], [42, "endpoint-developed-with"], [48, "endpoint-developed-with"], [50, "endpoint-developed-with"], [85, "endpoint-developed-with"], [91, "endpoint-developed-with"], [116, "endpoint-developed-with"], [121, "endpoint-developed-with"], [124, "endpoint-developed-with"], [129, "endpoint-developed-with"], [131, "endpoint-developed-with"]], "Endpoint Information": [[38, "endpoint-information"]], "Endpoints": [[155, "endpoints"], [155, "id2"]], "Enhancements for Multiple Templates and Attachment & Notes Inclusion": [[87, "enhancements-for-multiple-templates-and-attachment-notes-inclusion"]], "Environment": [[13, "environment"], [22, "environment"], [26, "environment"], [82, "environment"], [158, "environment"], [167, "environment"], [175, "environment"]], "Example": [[1, "example"]], "Example Create Incident Scripts": [[160, "example-create-incident-scripts"]], "Example Create Incidents with Action Plans": [[160, "example-create-incidents-with-action-plans"]], "Example Create Incidents with Risk Models": [[160, "example-create-incidents-with-risk-models"]], "Example of Have I Been Pwned Workflow with Hits": [[183, "example-of-have-i-been-pwned-workflow-with-hits"]], "Example of QRadar Advisor Offense Analysis with MITRE": [[184, "example-of-qradar-advisor-offense-analysis-with-mitre"]], "Example of URLScan.io Workflow with Hits": [[185, "example-of-urlscan-io-workflow-with-hits"]], "Example of mapping QRadar rule to tactic": [[184, "example-of-mapping-qradar-rule-to-tactic"]], "Example:  <!-- omit in toc -->": [[110, "example"], [110, "id1"], [110, "id3"]], "Example: <!-- omit in toc -->": [[110, "id2"]], "Example: Generate Guardium Client Secret": [[55, "example-generate-guardium-client-secret"]], "Example: Guardium Block User Access to DB": [[55, "example-guardium-block-user-access-to-db"]], "Example: Guardium List Parameter Names by Report Name": [[55, "example-guardium-list-parameter-names-by-report-name"]], "Example: Guardium Run Active Risk Spotter:": [[55, "example-guardium-run-active-risk-spotter"]], "Example: Guardium Search Outlier Details": [[55, "example-guardium-search-outlier-details"]], "Example: Guardium Search Report": [[55, "example-guardium-search-report"]], "Example: Guardium Search Sensitive Objects": [[55, "example-guardium-search-sensitive-objects"]], "Example: Twilio Receive Messages": [[136, "example-twilio-receive-messages"]], "Examples": [[1, "examples"], [2, "examples"], [189, "examples"]], "Examples of remote commands:": [[84, "examples-of-remote-commands"]], "Export Description": [[165, "export-description"], [166, "export-description"]], "Extending the solution to deal with Phishing reports": [[189, "extending-the-solution-to-deal-with-phishing-reports"]], "Extension and Customization": [[189, "extension-and-customization"]], "ExtraHop": [[42, null]], "ExtraHop Cloud Services": [[42, "extrahop-cloud-services"]], "ExtraHop standalone sensor": [[42, "extrahop-standalone-sensor"]], "FAQ": [[177, "faq"]], "Features": [[181, "features"]], "Features:": [[166, "features"], [187, "features"]], "Fetch the tokens": [[87, "fetch-the-tokens"]], "File Structure": [[0, "file-structure"]], "File names": [[29, "file-names"]], "FileFeed Class": [[176, "filefeed-class"]], "Files": [[4, "files"]], "Filters and Field Masks": [[48, "filters-and-field-masks"]], "Findings and Assets Filters": [[48, "findings-and-assets-filters"]], "Floss": [[43, null]], "Folder Paths": [[40, "folder-paths"]], "For App Host Environments:": [[90, "for-app-host-environments"], [90, "id4"], [90, "id5"]], "For Customers that are having performance issues related to the poller": [[102, "for-customers-that-are-having-performance-issues-related-to-the-poller"]], "For Customers who do not use the QRadar-Plugin": [[102, "for-customers-who-do-not-use-the-qradar-plugin"]], "For Integrations Servers:": [[90, "for-integrations-servers"], [90, "id2"]], "For Support": [[7, "for-support"], [10, "for-support"], [12, "for-support"], [14, "for-support"], [15, "for-support"], [16, "for-support"], [17, "for-support"], [18, "for-support"], [19, "for-support"], [20, "for-support"], [21, "for-support"], [23, "for-support"], [24, "for-support"], [27, "for-support"], [30, "for-support"], [31, "for-support"], [34, "for-support"], [35, "for-support"], [38, "for-support"], [40, "for-support"], [41, "for-support"], [42, "for-support"], [45, "for-support"], [46, "for-support"], [48, "for-support"], [50, "for-support"], [52, "for-support"], [54, "for-support"], [57, "for-support"], [58, "for-support"], [59, "for-support"], [62, "for-support"], [63, "for-support"], [64, "for-support"], [65, "for-support"], [66, "for-support"], [68, "for-support"], [71, "for-support"], [73, "for-support"], [74, "for-support"], [75, "for-support"], [76, "for-support"], [77, "for-support"], [78, "for-support"], [79, "for-support"], [80, "for-support"], [81, "for-support"], [83, "for-support"], [84, "for-support"], [85, "for-support"], [86, "for-support"], [87, "for-support"], [88, "for-support"], [89, "for-support"], [90, "for-support"], [91, "for-support"], [92, "for-support"], [93, "for-support"], [95, "for-support"], [96, "for-support"], [97, "for-support"], [98, "for-support"], [101, "for-support"], [102, "for-support"], [103, "for-support"], [105, "for-support"], [106, "for-support"], [107, "for-support"], [108, "for-support"], [109, "for-support"], [110, "for-support"], [112, "for-support"], [113, "for-support"], [115, "for-support"], [116, "for-support"], [121, "for-support"], [123, "for-support"], [124, "for-support"], [125, "for-support"], [126, "for-support"], [128, "for-support"], [129, "for-support"], [131, "for-support"], [134, "for-support"], [135, "for-support"], [138, "for-support"], [142, "for-support"], [144, "for-support"], [145, "for-support"], [146, "for-support"], [149, "for-support"], [150, "for-support"], [151, "for-support"], [152, "for-support"], [153, "for-support"], [155, "for-support"], [165, "for-support"], [166, "for-support"]], "Format:": [[110, "format"]], "Formatted Output Example": [[187, "formatted-output-example"]], "Full screen images are not viewable within SOAR.": [[125, "full-screen-images-are-not-viewable-within-soar"]], "Function - AMP: Computer Isolation": [[23, "function-amp-computer-isolation"]], "Function - AMP: Delete File from List": [[23, "function-amp-delete-file-from-list"]], "Function - AMP: Get Activity": [[23, "function-amp-get-activity"]], "Function - AMP: Get Computer": [[23, "function-amp-get-computer"]], "Function - AMP: Get Computer Trajectory": [[23, "function-amp-get-computer-trajectory"]], "Function - AMP: Get Computers": [[23, "function-amp-get-computers"]], "Function - AMP: Get Event Types": [[23, "function-amp-get-event-types"]], "Function - AMP: Get Events": [[23, "function-amp-get-events"]], "Function - AMP: Get File Lists": [[23, "function-amp-get-file-lists"]], "Function - AMP: Get Files from List": [[23, "function-amp-get-files-from-list"]], "Function - AMP: Get Groups": [[23, "function-amp-get-groups"]], "Function - AMP: Move Computer": [[23, "function-amp-move-computer"]], "Function - AMP: Set File in List": [[23, "function-amp-set-file-in-list"]], "Function - APIVoid Request": [[12, "function-apivoid-request"]], "Function - AWS GuardDuty: Archive finding": [[14, "function-aws-guardduty-archive-finding"]], "Function - AWS GuardDuty: Refresh Finding": [[14, "function-aws-guardduty-refresh-finding"]], "Function - AWS IAM: Add User To Groups": [[15, "function-aws-iam-add-user-to-groups"]], "Function - AWS IAM: Attach User policies": [[15, "function-aws-iam-attach-user-policies"]], "Function - AWS IAM: Deactivate MFA Devices": [[15, "function-aws-iam-deactivate-mfa-devices"]], "Function - AWS IAM: Delete Access Keys": [[15, "function-aws-iam-delete-access-keys"]], "Function - AWS IAM: Delete Login Profile": [[15, "function-aws-iam-delete-login-profile"]], "Function - AWS IAM: Delete SSH Public Keys": [[15, "function-aws-iam-delete-ssh-public-keys"]], "Function - AWS IAM: Delete Service Specific Credentials": [[15, "function-aws-iam-delete-service-specific-credentials"]], "Function - AWS IAM: Delete Signing Certificates": [[15, "function-aws-iam-delete-signing-certificates"]], "Function - AWS IAM: Delete User": [[15, "function-aws-iam-delete-user"]], "Function - AWS IAM: Delete Virtual MFA Devices": [[15, "function-aws-iam-delete-virtual-mfa-devices"]], "Function - AWS IAM: Detach User policies": [[15, "function-aws-iam-detach-user-policies"]], "Function - AWS IAM: List MFA Devices": [[15, "function-aws-iam-list-mfa-devices"]], "Function - AWS IAM: List SSH Public Keys": [[15, "function-aws-iam-list-ssh-public-keys"]], "Function - AWS IAM: List Service Specific Credentials": [[15, "function-aws-iam-list-service-specific-credentials"]], "Function - AWS IAM: List Signing Certificates": [[15, "function-aws-iam-list-signing-certificates"]], "Function - AWS IAM: List User Access Key IDs": [[15, "function-aws-iam-list-user-access-key-ids"]], "Function - AWS IAM: List User Groups": [[15, "function-aws-iam-list-user-groups"]], "Function - AWS IAM: List User Policies": [[15, "function-aws-iam-list-user-policies"]], "Function - AWS IAM: List Users": [[15, "function-aws-iam-list-users"]], "Function - AWS IAM: Remove User From Groups": [[15, "function-aws-iam-remove-user-from-groups"]], "Function - AWS IAM: Update Access Key": [[15, "function-aws-iam-update-access-key"]], "Function - AWS IAM: Update Login Profile": [[15, "function-aws-iam-update-login-profile"]], "Function - AbuseIPDB": [[7, "function-abuseipdb"]], "Function - Ansible Module": [[10, "function-ansible-module"]], "Function - Ansible Playbook": [[10, "function-ansible-playbook"]], "Function - Archive Slack Channel": [[124, "function-archive-slack-channel"]], "Function - Axonius: Get Device By ID": [[17, "function-axonius-get-device-by-id"]], "Function - Axonius: Get Device Count": [[17, "function-axonius-get-device-count"]], "Function - Axonius: Get Device by Query": [[17, "function-axonius-get-device-by-query"]], "Function - Axonius: Run Enforcement Set": [[17, "function-axonius-run-enforcement-set"]], "Function - Azure Create Account": [[18, "function-azure-create-account"]], "Function - Azure Create Credential": [[18, "function-azure-create-credential"]], "Function - Azure Create Schedule": [[18, "function-azure-create-schedule"]], "Function - Azure Delete Account": [[18, "function-azure-delete-account"]], "Function - Azure Delete Credential": [[18, "function-azure-delete-credential"]], "Function - Azure Delete Runbook": [[18, "function-azure-delete-runbook"]], "Function - Azure Delete Schedule": [[18, "function-azure-delete-schedule"]], "Function - Azure Execute Runbook": [[18, "function-azure-execute-runbook"]], "Function - Azure Get Account": [[18, "function-azure-get-account"]], "Function - Azure Get Agent Registration Information": [[18, "function-azure-get-agent-registration-information"]], "Function - Azure Get Credential": [[18, "function-azure-get-credential"]], "Function - Azure Get Job": [[18, "function-azure-get-job"]], "Function - Azure Get Module Activity": [[18, "function-azure-get-module-activity"]], "Function - Azure Get Node Report": [[18, "function-azure-get-node-report"]], "Function - Azure Get Runbook": [[18, "function-azure-get-runbook"]], "Function - Azure Get Schedule": [[18, "function-azure-get-schedule"]], "Function - Azure List Statistics by Automation Account": [[18, "function-azure-list-statistics-by-automation-account"]], "Function - Azure Regenerate Agent Registration Key": [[18, "function-azure-regenerate-agent-registration-key"]], "Function - BigFix Action Status": [[19, "function-bigfix-action-status"]], "Function - BigFix Artifact": [[19, "function-bigfix-artifact"]], "Function - BigFix Assets": [[19, "function-bigfix-assets"]], "Function - BigFix Remediation": [[19, "function-bigfix-remediation"]], "Function - CS Falcon: Device Actions": [[32, "function-cs-falcon-device-actions"]], "Function - CS Falcon: Get Devices IOC Ran On": [[32, "function-cs-falcon-get-devices-ioc-ran-on"]], "Function - CS Falcon: Search": [[32, "function-cs-falcon-search"]], "Function - Calendar Invite": [[21, "function-calendar-invite"]], "Function - Call REST API": [[165, "function-call-rest-api"], [166, "function-call-rest-api"]], "Function - Cisco ASA Add Artifact to Network Object Group": [[24, "function-cisco-asa-add-artifact-to-network-object-group"]], "Function - Cisco ASA Get Network Object Details": [[24, "function-cisco-asa-get-network-object-details"]], "Function - Cisco ASA Get Network Objects": [[24, "function-cisco-asa-get-network-objects"]], "Function - Cisco ASA Remove Network Object from Network Object Group": [[24, "function-cisco-asa-remove-network-object-from-network-object-group"]], "Function - ClamAV scan stream": [[27, "function-clamav-scan-stream"]], "Function - Create Pastebin": [[92, "function-create-pastebin"]], "Function - Create WebEx Meeting": [[30, "function-create-webex-meeting"]], "Function - Create Zoom Meeting": [[31, "function-create-zoom-meeting"]], "Function - Darktrace: Acknowledge Incident Event": [[34, "function-darktrace-acknowledge-incident-event"]], "Function - Darktrace: Acknowledge Model Breach": [[34, "function-darktrace-acknowledge-model-breach"]], "Function - Darktrace: Add Device Tags": [[34, "function-darktrace-add-device-tags"]], "Function - Darktrace: Clear Data Table": [[34, "function-darktrace-clear-data-table"]], "Function - Darktrace: Get Devices": [[34, "function-darktrace-get-devices"]], "Function - Darktrace: Get Incident Events": [[34, "function-darktrace-get-incident-events"]], "Function - Darktrace: Get Incident Group": [[34, "function-darktrace-get-incident-group"]], "Function - Darktrace: List Similar Devices": [[34, "function-darktrace-list-similar-devices"]], "Function - Darktrace: Unacknowledge Incident Event": [[34, "function-darktrace-unacknowledge-incident-event"]], "Function - Darktrace: Unacknowledge Model Breach": [[34, "function-darktrace-unacknowledge-model-breach"]], "Function - Data Table Utils: Add Row": [[35, "function-data-table-utils-add-row"]], "Function - Data Table Utils: Clear Datatable": [[35, "function-data-table-utils-clear-datatable"]], "Function - Data Table Utils: Create CSV Datatable": [[35, "function-data-table-utils-create-csv-datatable"]], "Function - Data Table Utils: Delete Row": [[35, "function-data-table-utils-delete-row"]], "Function - Data Table Utils: Delete Rows": [[35, "function-data-table-utils-delete-rows"]], "Function - Data Table Utils: Get All Data Table Rows": [[35, "function-data-table-utils-get-all-data-table-rows"]], "Function - Data Table Utils: Get Row": [[35, "function-data-table-utils-get-row"]], "Function - Data Table Utils: Get Rows": [[35, "function-data-table-utils-get-rows"]], "Function - Data Table Utils: Update Row": [[35, "function-data-table-utils-update-row"]], "Function - Defender Alert Search": [[77, "function-defender-alert-search"]], "Function - Defender App Execution": [[77, "function-defender-app-execution"]], "Function - Defender Collect Machine Investigation Package": [[77, "function-defender-collect-machine-investigation-package"]], "Function - Defender Delete Indicator": [[77, "function-defender-delete-indicator"]], "Function - Defender Find Machines by File": [[77, "function-defender-find-machines-by-file"]], "Function - Defender Find Machines by Internal IP": [[77, "function-defender-find-machines-by-internal-ip"]], "Function - Defender Find Machines by filter": [[77, "function-defender-find-machines-by-filter"]], "Function - Defender Get File Information": [[77, "function-defender-get-file-information"]], "Function - Defender Get Incident": [[77, "function-defender-get-incident"]], "Function - Defender Get Related Alert Information": [[77, "function-defender-get-related-alert-information"]], "Function - Defender List Indicators": [[77, "function-defender-list-indicators"]], "Function - Defender Machine Isolation": [[77, "function-defender-machine-isolation"]], "Function - Defender Machine Scan": [[77, "function-defender-machine-scan"]], "Function - Defender Machine Vulnerabilities": [[77, "function-defender-machine-vulnerabilities"]], "Function - Defender Quarantine File": [[77, "function-defender-quarantine-file"]], "Function - Defender Set Indicator": [[77, "function-defender-set-indicator"]], "Function - Defender Update Alert": [[77, "function-defender-update-alert"]], "Function - Defender Update Incident": [[77, "function-defender-update-incident"]], "Function - ElasticSearch Utilities: Query": [[38, "function-elasticsearch-utilities-query"]], "Function - Exchange Create Meeting": [[40, "function-exchange-create-meeting"]], "Function - Exchange Delete Emails": [[40, "function-exchange-delete-emails"]], "Function - Exchange Find Emails": [[40, "function-exchange-find-emails"]], "Function - Exchange Get Mailbox Info": [[40, "function-exchange-get-mailbox-info"]], "Function - Exchange Move Emails": [[40, "function-exchange-move-emails"]], "Function - Exchange Online: Create Meeting": [[41, "function-exchange-online-create-meeting"]], "Function - Exchange Online: Delete Message": [[41, "function-exchange-online-delete-message"]], "Function - Exchange Online: Delete Messages From Query Results": [[41, "function-exchange-online-delete-messages-from-query-results"]], "Function - Exchange Online: Get Message": [[41, "function-exchange-online-get-message"]], "Function - Exchange Online: Get User Profile": [[41, "function-exchange-online-get-user-profile"]], "Function - Exchange Online: Move Message to Folder": [[41, "function-exchange-online-move-message-to-folder"]], "Function - Exchange Online: Query Messages": [[41, "function-exchange-online-query-messages"]], "Function - Exchange Online: Send Message": [[41, "function-exchange-online-send-message"]], "Function - Exchange Online: Write Message as Attachment": [[41, "function-exchange-online-write-message-as-attachment"]], "Function - Exchange Send Email": [[40, "function-exchange-send-email"]], "Function - Extrahop Reveal(x) add detection note": [[42, "function-extrahop-reveal-x-add-detection-note"]], "Function - Extrahop Reveal(x) assign tag": [[42, "function-extrahop-reveal-x-assign-tag"]], "Function - Extrahop Reveal(x) create tag": [[42, "function-extrahop-reveal-x-create-tag"]], "Function - Extrahop Reveal(x) get activitymaps": [[42, "function-extrahop-reveal-x-get-activitymaps"]], "Function - Extrahop Reveal(x) get detection note": [[42, "function-extrahop-reveal-x-get-detection-note"]], "Function - Extrahop Reveal(x) get detections": [[42, "function-extrahop-reveal-x-get-detections"]], "Function - Extrahop Reveal(x) get devices": [[42, "function-extrahop-reveal-x-get-devices"]], "Function - Extrahop Reveal(x) get tags": [[42, "function-extrahop-reveal-x-get-tags"]], "Function - Extrahop Reveal(x) get watchlist": [[42, "function-extrahop-reveal-x-get-watchlist"]], "Function - Extrahop Reveal(x) search detections": [[42, "function-extrahop-reveal-x-search-detections"]], "Function - Extrahop Reveal(x) search devices": [[42, "function-extrahop-reveal-x-search-devices"]], "Function - Extrahop Reveal(x) search packets": [[42, "function-extrahop-reveal-x-search-packets"]], "Function - Extrahop Reveal(x) update detection": [[42, "function-extrahop-reveal-x-update-detection"]], "Function - Extrahop Reveal(x) update watchlist": [[42, "function-extrahop-reveal-x-update-watchlist"]], "Function - Function Guardium Insights Block User": [[54, "function-function-guardium-insights-block-user"]], "Function - Function Guardium Insights Classification Report": [[54, "function-function-guardium-insights-classification-report"]], "Function - Function Guardium Insights populate breach data types": [[54, "function-function-guardium-insights-populate-breach-data-types"]], "Function - GRPC": [[52, "function-grpc"]], "Function - Get AWS Step Function Execution": [[16, "function-get-aws-step-function-execution"]], "Function - GitHub Delete File": [[45, "function-github-delete-file"]], "Function - GitHub Get Latest Release": [[45, "function-github-get-latest-release"]], "Function - GitHub Update File": [[45, "function-github-update-file"]], "Function - GitHub: Create Branch": [[45, "function-github-create-branch"]], "Function - GitHub: Create File": [[45, "function-github-create-file"]], "Function - GitHub: Create Release": [[45, "function-github-create-release"]], "Function - GitHub: Delete Branch": [[45, "function-github-delete-branch"]], "Function - GitHub: Get Branch": [[45, "function-github-get-branch"]], "Function - GitHub: Get Commit": [[45, "function-github-get-commit"]], "Function - GitHub: Get Commits": [[45, "function-github-get-commits"]], "Function - GitHub: Get File": [[45, "function-github-get-file"]], "Function - GitHub: Get Release": [[45, "function-github-get-release"]], "Function - GitHub: Get Releases": [[45, "function-github-get-releases"]], "Function - GitHub: Get Repositories": [[45, "function-github-get-repositories"]], "Function - GitHub: List Directory Files": [[45, "function-github-list-directory-files"]], "Function - Google Cloud DLP: De-Identify Content": [[46, "function-google-cloud-dlp-de-identify-content"]], "Function - Google Cloud DLP: Inspect Content": [[46, "function-google-cloud-dlp-inspect-content"]], "Function - Google Cloud SCC: Get Findings": [[48, "function-google-cloud-scc-get-findings"]], "Function - Google Cloud SCC: List Assets": [[48, "function-google-cloud-scc-list-assets"]], "Function - Google Cloud SCC: Update Findings": [[48, "function-google-cloud-scc-update-findings"]], "Function - Google Cloud SCC: Update Security Mark": [[48, "function-google-cloud-scc-update-security-mark"]], "Function - Google Safe Browsing": [[50, "function-google-safe-browsing"]], "Function - HTML to PDF": [[57, "function-html-to-pdf"]], "Function - Have I Been Pwned Get Breaches": [[183, "function-have-i-been-pwned-get-breaches"]], "Function - Have I Been Pwned Get Pastes": [[183, "function-have-i-been-pwned-get-pastes"]], "Function - Helix: Close Incident": [[20, "function-helix-close-incident"]], "Function - Helix: Create Incident": [[20, "function-helix-create-incident"]], "Function - ICDx: Find Events": [[58, "function-icdx-find-events"]], "Function - ICDx: Get Archive List": [[58, "function-icdx-get-archive-list"]], "Function - ICDx: Get Event": [[58, "function-icdx-get-event"]], "Function - Incident Utils: Close Incident": [[59, "function-incident-utils-close-incident"]], "Function - Incident Utils: Create Incident": [[59, "function-incident-utils-create-incident"]], "Function - Invoke AWS Lambda": [[16, "function-invoke-aws-lambda"]], "Function - Invoke AWS Step Function": [[16, "function-invoke-aws-step-function"]], "Function - IsItPhishing HTML document": [[62, "function-isitphishing-html-document"]], "Function - IsItPhishing URL": [[62, "function-isitphishing-url"]], "Function - Jira Create Comment": [[63, "function-jira-create-comment"]], "Function - Jira Open Issue": [[63, "function-jira-open-issue"]], "Function - Jira Transition Issue": [[63, "function-jira-transition-issue"]], "Function - Joe Sandbox Analysis": [[64, "function-joe-sandbox-analysis"]], "Function - Kafka Send": [[65, "function-kafka-send"]], "Function - LDAP Utilities: Add": [[66, "function-ldap-utilities-add"]], "Function - LDAP Utilities: Add to Group(s)": [[66, "function-ldap-utilities-add-to-group-s"]], "Function - LDAP Utilities: Remove from Group(s)": [[66, "function-ldap-utilities-remove-from-group-s"]], "Function - LDAP Utilities: Search": [[66, "function-ldap-utilities-search"]], "Function - LDAP Utilities: Set Password": [[66, "function-ldap-utilities-set-password"]], "Function - LDAP Utilities: Toggle Access": [[66, "function-ldap-utilities-toggle-access"]], "Function - LDAP Utilities: Update": [[66, "function-ldap-utilities-update"]], "Function - MISP Create Attribute": [[80, "function-misp-create-attribute"]], "Function - MISP Create Event": [[80, "function-misp-create-event"]], "Function - MISP Create Sighting": [[80, "function-misp-create-sighting"]], "Function - MISP Create Tag": [[80, "function-misp-create-tag"]], "Function - MISP Search Attribute": [[80, "function-misp-search-attribute"]], "Function - MISP Sighting List": [[80, "function-misp-sighting-list"]], "Function - MITRE Get Groups Using All Given Techniques": [[81, "function-mitre-get-groups-using-all-given-techniques"]], "Function - MITRE Groups Using Given Techniques": [[81, "function-mitre-groups-using-given-techniques"]], "Function - MITRE Tactic Information": [[81, "function-mitre-tactic-information"]], "Function - MITRE Technique Information": [[81, "function-mitre-technique-information"]], "Function - MITRE Technique\u2019s Software": [[81, "function-mitre-technique-s-software"]], "Function - MS Teams: Archive Team": [[131, "function-ms-teams-archive-team"]], "Function - MS Teams: Create Channel": [[131, "function-ms-teams-create-channel"]], "Function - MS Teams: Create group": [[131, "function-ms-teams-create-group"]], "Function - MS Teams: Create team": [[131, "function-ms-teams-create-team"]], "Function - MS Teams: Delete Channel": [[131, "function-ms-teams-delete-channel"]], "Function - MS Teams: Delete Group": [[131, "function-ms-teams-delete-group"]], "Function - MS Teams: Enable Team": [[131, "function-ms-teams-enable-team"]], "Function - MS Teams: Post Message": [[131, "function-ms-teams-post-message"]], "Function - MS Teams: Read Message": [[131, "function-ms-teams-read-message"]], "Function - MaaS360 Action": [[68, "function-maas360-action"]], "Function - MaaS360 Basic Search": [[68, "function-maas360-basic-search"]], "Function - MaaS360 Delete App": [[68, "function-maas360-delete-app"]], "Function - MaaS360 Stop App Distribution": [[68, "function-maas360-stop-app-distribution"]], "Function - Make Playbook": [[96, "function-make-playbook"]], "Function - Mandiant: Threat Intelligence": [[71, "function-mandiant-threat-intelligence"]], "Function - McAfee Publish to DXL": [[75, "function-mcafee-publish-to-dxl"]], "Function - McAfee TIE search hash": [[76, "function-mcafee-tie-search-hash"]], "Function - McAfee TIE: Set File Reputation": [[76, "function-mcafee-tie-set-file-reputation"]], "Function - McAfee Tag an ePO Asset": [[73, "function-mcafee-tag-an-epo-asset"]], "Function - McAfee ePO Add Permission sets to user": [[73, "function-mcafee-epo-add-permission-sets-to-user"]], "Function - McAfee ePO Add System": [[73, "function-mcafee-epo-add-system"]], "Function - McAfee ePO Add User": [[73, "function-mcafee-epo-add-user"]], "Function - McAfee ePO Assign Policy to Group": [[73, "function-mcafee-epo-assign-policy-to-group"]], "Function - McAfee ePO Assign Policy to Systems": [[73, "function-mcafee-epo-assign-policy-to-systems"]], "Function - McAfee ePO Create Issue": [[73, "function-mcafee-epo-create-issue"]], "Function - McAfee ePO Delete Issue": [[73, "function-mcafee-epo-delete-issue"]], "Function - McAfee ePO Delete System": [[73, "function-mcafee-epo-delete-system"]], "Function - McAfee ePO Execute Query": [[73, "function-mcafee-epo-execute-query"]], "Function - McAfee ePO Find Client Tasks": [[73, "function-mcafee-epo-find-client-tasks"]], "Function - McAfee ePO Find Groups": [[73, "function-mcafee-epo-find-groups"]], "Function - McAfee ePO Find Policies": [[73, "function-mcafee-epo-find-policies"]], "Function - McAfee ePO Find Systems in Group": [[73, "function-mcafee-epo-find-systems-in-group"]], "Function - McAfee ePO Find a System": [[73, "function-mcafee-epo-find-a-system"]], "Function - McAfee ePO Get All Permission sets": [[73, "function-mcafee-epo-get-all-permission-sets"]], "Function - McAfee ePO Get All Users": [[73, "function-mcafee-epo-get-all-users"]], "Function - McAfee ePO List Issues": [[73, "function-mcafee-epo-list-issues"]], "Function - McAfee ePO List Tags": [[73, "function-mcafee-epo-list-tags"]], "Function - McAfee ePO Remove Permission sets from user": [[73, "function-mcafee-epo-remove-permission-sets-from-user"]], "Function - McAfee ePO Remove Tag": [[73, "function-mcafee-epo-remove-tag"]], "Function - McAfee ePO Remove User": [[73, "function-mcafee-epo-remove-user"]], "Function - McAfee ePO Run Client Task": [[73, "function-mcafee-epo-run-client-task"]], "Function - McAfee ePO Update Issue": [[73, "function-mcafee-epo-update-issue"]], "Function - McAfee ePO Update User": [[73, "function-mcafee-epo-update-user"]], "Function - McAfee ePO Wake up agent": [[73, "function-mcafee-epo-wake-up-agent"]], "Function - Microsoft Security Graph Alert Search": [[78, "function-microsoft-security-graph-alert-search"]], "Function - Microsoft Security Graph Get Alert Details": [[78, "function-microsoft-security-graph-get-alert-details"]], "Function - Microsoft Security Graph Update Alert": [[78, "function-microsoft-security-graph-update-alert"]], "Function - Network Utilities: Domain Distance": [[84, "function-network-utilities-domain-distance"]], "Function - Network Utilities: Expand URL": [[84, "function-network-utilities-expand-url"]], "Function - Network Utilities: Extract SSL Cert From URL": [[84, "function-network-utilities-extract-ssl-cert-from-url"]], "Function - Network Utilities: Linux Shell Command": [[84, "function-network-utilities-linux-shell-command"]], "Function - Network Utilities: Local Shell Command": [[84, "function-network-utilities-local-shell-command"]], "Function - Network Utilities: Windows Shell Command": [[84, "function-network-utilities-windows-shell-command"]], "Function - OCR: Read Text From Image Bytes": [[85, "function-ocr-read-text-from-image-bytes"]], "Function - Outbound Email: Send Email": [[87, "function-outbound-email-send-email"]], "Function - Outbound Email: Send Email 2": [[87, "function-outbound-email-send-email-2"]], "Function - PB: Export Playbook": [[97, "function-pb-export-playbook"]], "Function - PB: Get Playbooks": [[97, "function-pb-get-playbooks"]], "Function - PB: Get Workflow Content": [[97, "function-pb-get-workflow-content"]], "Function - PB: Get Workflow Data": [[97, "id1"]], "Function - PB: Get playbook data": [[97, "function-pb-get-playbook-data"]], "Function - PB: Get workflow data": [[97, "function-pb-get-workflow-data"]], "Function - PB: Import Playbook": [[97, "function-pb-import-playbook"]], "Function - PagerDuty Create Incident": [[89, "function-pagerduty-create-incident"]], "Function - PagerDuty Create Note": [[89, "function-pagerduty-create-note"]], "Function - PagerDuty Create Service": [[89, "function-pagerduty-create-service"]], "Function - PagerDuty List Incidents": [[89, "function-pagerduty-list-incidents"]], "Function - PagerDuty List Services": [[89, "function-pagerduty-list-services"]], "Function - PagerDuty Transition Incident": [[89, "function-pagerduty-transition-incident"]], "Function - Panorama Create Address": [[88, "function-panorama-create-address"]], "Function - Panorama Edit Address Group": [[88, "function-panorama-edit-address-group"]], "Function - Panorama Edit Users in a Group": [[88, "function-panorama-edit-users-in-a-group"]], "Function - Panorama Get Address Groups": [[88, "function-panorama-get-address-groups"]], "Function - Panorama Get Addresses": [[88, "function-panorama-get-addresses"]], "Function - Panorama Get Users in a Group": [[88, "function-panorama-get-users-in-a-group"]], "Function - Parse Utilities: Email Parse": [[90, "function-parse-utilities-email-parse"]], "Function - Parse Utilities: PDFID": [[90, "function-parse-utilities-pdfid"]], "Function - Parse Utilities: Parse SSL Certificate": [[90, "function-parse-utilities-parse-ssl-certificate"]], "Function - Parse Utilities: XML Transformation": [[90, "function-parse-utilities-xml-transformation"]], "Function - PassiveTotal": [[91, "function-passivetotal"]], "Function - Phish.AI Get Report": [[93, "function-phish-ai-get-report"]], "Function - Phish.AI Scan URL": [[93, "function-phish-ai-scan-url"]], "Function - Pipl search function": [[95, "function-pipl-search-function"]], "Function - Post attachment to Slack": [[124, "function-post-attachment-to-slack"]], "Function - Post message to Slack": [[124, "function-post-message-to-slack"]], "Function - Proofpoint TAP Get Campaign": [[98, "function-proofpoint-tap-get-campaign"]], "Function - Proofpoint TAP Get Forensics": [[98, "function-proofpoint-tap-get-forensics"]], "Function - QRadar Advisor Map Rule": [[101, "function-qradar-advisor-map-rule"]], "Function - QRadar Advisor Offense Analysis": [[101, "function-qradar-advisor-offense-analysis"]], "Function - QRadar Create Note": [[102, "function-qradar-create-note"]], "Function - QRadar EDR: Attach File": [[107, "function-qradar-edr-attach-file"]], "Function - QRadar EDR: Close Alert": [[107, "function-qradar-edr-close-alert"]], "Function - QRadar EDR: Create Artifact": [[107, "function-qradar-edr-create-artifact"]], "Function - QRadar EDR: Create Note": [[107, "function-qradar-edr-create-note"]], "Function - QRadar EDR: Create Policy": [[107, "function-qradar-edr-create-policy"]], "Function - QRadar EDR: Deisolate Machine": [[107, "function-qradar-edr-deisolate-machine"]], "Function - QRadar EDR: Get Alert Information": [[107, "function-qradar-edr-get-alert-information"]], "Function - QRadar EDR: Get Endpoint Status": [[107, "function-qradar-edr-get-endpoint-status"]], "Function - QRadar EDR: Get Processes": [[107, "function-qradar-edr-get-processes"]], "Function - QRadar EDR: Isolate Machine": [[107, "function-qradar-edr-isolate-machine"]], "Function - QRadar EDR: Kill Process": [[107, "function-qradar-edr-kill-process"]], "Function - QRadar Get Offense MITRE Reference": [[102, "function-qradar-get-offense-mitre-reference"]], "Function - QRadar Offense Summary": [[102, "function-qradar-offense-summary"]], "Function - QRadar SIEM: Add Reference Set Item": [[103, "function-qradar-siem-add-reference-set-item"]], "Function - QRadar SIEM: Create Offense Note": [[103, "function-qradar-siem-create-offense-note"]], "Function - QRadar SIEM: Delete Reference Set Item": [[103, "function-qradar-siem-delete-reference-set-item"]], "Function - QRadar SIEM: Find Reference Set Item": [[103, "function-qradar-siem-find-reference-set-item"]], "Function - QRadar SIEM: Find Reference Sets": [[103, "function-qradar-siem-find-reference-sets"]], "Function - QRadar SIEM: QRadar Search": [[103, "function-qradar-siem-qradar-search"]], "Function - QRadar SIEM: Reference Table Add Item": [[103, "function-qradar-siem-reference-table-add-item"]], "Function - QRadar SIEM: Reference Table Delete Item": [[103, "function-qradar-siem-reference-table-delete-item"]], "Function - QRadar SIEM: Reference Table Get All Tables": [[103, "function-qradar-siem-reference-table-get-all-tables"]], "Function - QRadar SIEM: Reference Table Get Table Data": [[103, "function-qradar-siem-reference-table-get-table-data"]], "Function - QRadar SIEM: Reference Table Update Item": [[103, "function-qradar-siem-reference-table-update-item"]], "Function - QRadar SIEM: Update Offense": [[103, "function-qradar-siem-update-offense"]], "Function - QRadar Top Events": [[102, "function-qradar-top-events"]], "Function - RDAP: Query": [[148, "function-rdap-query"]], "Function - REST API": [[110, "function-rest-api"]], "Function - Randori: Clear Data Table": [[105, "function-randori-clear-data-table"]], "Function - Randori: Get Detections of Target": [[105, "function-randori-get-detections-of-target"]], "Function - Randori: Get Paths": [[105, "function-randori-get-paths"]], "Function - Randori: Get Target": [[105, "function-randori-get-target"]], "Function - Randori: Send Note as Comment to Target": [[105, "function-randori-send-note-as-comment-to-target"]], "Function - Randori: Update Notes from Randori Target": [[105, "function-randori-update-notes-from-randori-target"]], "Function - Randori: Update Target Impact Score": [[105, "function-randori-update-target-impact-score"]], "Function - Randori: Update Target Status": [[105, "function-randori-update-target-status"]], "Function - Rapid7 InsightIDR: Add Attachments to SOAR Case": [[106, "function-rapid7-insightidr-add-attachments-to-soar-case"]], "Function - Rapid7 InsightIDR: Get Alert Evidence": [[106, "function-rapid7-insightidr-get-alert-evidence"]], "Function - Rapid7 InsightIDR: Get Alerts": [[106, "function-rapid7-insightidr-get-alerts"]], "Function - Rapid7 InsightIDR: Get Comments from Rapid7 Investigation": [[106, "function-rapid7-insightidr-get-comments-from-rapid7-investigation"]], "Function - Rapid7 InsightIDR: Get Investigation": [[106, "function-rapid7-insightidr-get-investigation"]], "Function - Rapid7 InsightIDR: List Attachments": [[106, "function-rapid7-insightidr-list-attachments"]], "Function - Rapid7 InsightIDR: Post Comment to Rapid7 Investigation": [[106, "function-rapid7-insightidr-post-comment-to-rapid7-investigation"]], "Function - Rapid7 InsightIDR: Set Priority": [[106, "function-rapid7-insightidr-set-priority"]], "Function - Rapid7: InsightIDR Set Status": [[106, "function-rapid7-insightidr-set-status"]], "Function - Relations: Assign Parent": [[108, "function-relations-assign-parent"]], "Function - Relations: Auto Close Child Incidents": [[108, "function-relations-auto-close-child-incidents"]], "Function - Relations: Copy Task": [[108, "function-relations-copy-task"]], "Function - Relations: Remove Child Relation": [[108, "function-relations-remove-child-relation"]], "Function - Relations: Sync Artifact": [[108, "function-relations-sync-artifact"]], "Function - Relations: Sync Child Table Data": [[108, "function-relations-sync-child-table-data"]], "Function - Relations: Sync Datatable Data": [[108, "function-relations-sync-datatable-data"]], "Function - Relations: Sync Notes": [[108, "function-relations-sync-notes"]], "Function - Relations: Sync Task Notes": [[108, "function-relations-sync-task-notes"]], "Function - Remedy: Close Incident": [[109, "function-remedy-close-incident"]], "Function - Remedy: Create Incident": [[109, "function-remedy-create-incident"]], "Function - Run Scheduled Job Now": [[113, "function-run-scheduled-job-now"]], "Function - SEP - Add Fingerprint List": [[116, "function-sep-add-fingerprint-list"]], "Function - SEP - Assign Fingerprint List to Group": [[116, "function-sep-assign-fingerprint-list-to-group"]], "Function - SEP - Delete Fingerprint List": [[116, "function-sep-delete-fingerprint-list"]], "Function - SEP - Get Command Status": [[116, "function-sep-get-command-status"]], "Function - SEP - Get Computers": [[116, "function-sep-get-computers"]], "Function - SEP - Get Domains": [[116, "function-sep-get-domains"]], "Function - SEP - Get File Content as Base64": [[116, "function-sep-get-file-content-as-base64"]], "Function - SEP - Get Fingerprint List": [[116, "function-sep-get-fingerprint-list"]], "Function - SEP - Get Groups": [[116, "function-sep-get-groups"]], "Function - SEP - Move endpoint": [[116, "function-sep-move-endpoint"]], "Function - SEP - Quarantine Endpoints": [[116, "function-sep-quarantine-endpoints"]], "Function - SEP - Scan Endpoints": [[116, "function-sep-scan-endpoints"]], "Function - SEP - Update Fingerprint List": [[116, "function-sep-update-fingerprint-list"]], "Function - SEP - Upload File to SEPM": [[116, "function-sep-upload-file-to-sepm"]], "Function - SEP: Cancel a Command": [[116, "function-sep-cancel-a-command"]], "Function - SEP: Get Critical Events Info": [[116, "function-sep-get-critical-events-info"]], "Function - SEP: Get Exceptions Policy": [[116, "function-sep-get-exceptions-policy"]], "Function - SEP: Get Firewall Policy": [[116, "function-sep-get-firewall-policy"]], "Function - SEP: Get Policy Summary": [[116, "function-sep-get-policy-summary"]], "Function - SOAR Utilities Artifact Hash": [[126, "function-soar-utilities-artifact-hash"]], "Function - SOAR Utilities: Attachment Hash": [[126, "function-soar-utilities-attachment-hash"]], "Function - SOAR Utilities: Attachment Zip Extract": [[126, "function-soar-utilities-attachment-zip-extract"]], "Function - SOAR Utilities: Attachment Zip List": [[126, "function-soar-utilities-attachment-zip-list"]], "Function - SOAR Utilities: Attachment to Base64": [[126, "function-soar-utilities-attachment-to-base64"]], "Function - SOAR Utilities: Base64 to Artifact": [[126, "function-soar-utilities-base64-to-artifact"]], "Function - SOAR Utilities: Base64 to Attachment": [[126, "function-soar-utilities-base64-to-attachment"]], "Function - SOAR Utilities: Close Incident": [[126, "function-soar-utilities-close-incident"]], "Function - SOAR Utilities: Create Incident": [[126, "function-soar-utilities-create-incident"]], "Function - SOAR Utilities: Get Contact Info": [[126, "function-soar-utilities-get-contact-info"]], "Function - SOAR Utilities: SOAR Search": [[126, "function-soar-utilities-soar-search"]], "Function - SOAR Utilities: Search Incidents": [[126, "function-soar-utilities-search-incidents"]], "Function - SOAR Utilities: String to Attachment": [[126, "function-soar-utilities-string-to-attachment"]], "Function - Salesforce: Add Comment to Salesforce Case": [[112, "function-salesforce-add-comment-to-salesforce-case"]], "Function - Salesforce: Create Case in Salesforce": [[112, "function-salesforce-create-case-in-salesforce"]], "Function - Salesforce: Create Task in Salesforce Case": [[112, "function-salesforce-create-task-in-salesforce-case"]], "Function - Salesforce: Get Account": [[112, "function-salesforce-get-account"]], "Function - Salesforce: Get Attachments from Salesforce": [[112, "function-salesforce-get-attachments-from-salesforce"]], "Function - Salesforce: Get Case": [[112, "function-salesforce-get-case"]], "Function - Salesforce: Get Case Comments": [[112, "function-salesforce-get-case-comments"]], "Function - Salesforce: Get Contact": [[112, "function-salesforce-get-contact"]], "Function - Salesforce: Get User": [[112, "function-salesforce-get-user"]], "Function - Salesforce: Post Attachment to Salesforce Case": [[112, "function-salesforce-post-attachment-to-salesforce-case"]], "Function - Salesforce: Sync Tasks Between Cases": [[112, "function-salesforce-sync-tasks-between-cases"]], "Function - Salesforce: Update Case Status": [[112, "function-salesforce-update-case-status"]], "Function - Scan with urlscan.io": [[185, "function-scan-with-urlscan-io"]], "Function - Scheduled Rule Create": [[113, "function-scheduled-rule-create"]], "Function - Scheduled Rule List": [[113, "function-scheduled-rule-list"]], "Function - Scheduled Rule Modify": [[113, "function-scheduled-rule-modify"]], "Function - Scheduled Rule Pause": [[113, "function-scheduled-rule-pause"]], "Function - Scheduled Rule Remove": [[113, "function-scheduled-rule-remove"]], "Function - Scheduled Rule Resume": [[113, "function-scheduled-rule-resume"]], "Function - Search Incidents": [[59, "function-search-incidents"]], "Function - Send SMS using AWS SNS": [[16, "function-send-sms-using-aws-sns"]], "Function - Sentinel Add Incident Comment": [[79, "function-sentinel-add-incident-comment"]], "Function - Sentinel Get Incident Alerts": [[79, "function-sentinel-get-incident-alerts"]], "Function - Sentinel Get Incident Comments": [[79, "function-sentinel-get-incident-comments"]], "Function - Sentinel Get Incident Entities": [[79, "function-sentinel-get-incident-entities"]], "Function - Sentinel Update Incident": [[79, "function-sentinel-update-incident"]], "Function - SentinelOne: Abort Disk Scan": [[115, "function-sentinelone-abort-disk-scan"]], "Function - SentinelOne: Connect to Network": [[115, "function-sentinelone-connect-to-network"]], "Function - SentinelOne: Disconnect From Network": [[115, "function-sentinelone-disconnect-from-network"]], "Function - SentinelOne: Get Agent Details": [[115, "function-sentinelone-get-agent-details"]], "Function - SentinelOne: Get Hash Reputation": [[115, "function-sentinelone-get-hash-reputation"]], "Function - SentinelOne: Get Threat Details": [[115, "function-sentinelone-get-threat-details"]], "Function - SentinelOne: Initiate Disk Scan": [[115, "function-sentinelone-initiate-disk-scan"]], "Function - SentinelOne: Resolve Threat in SentinelOne": [[115, "function-sentinelone-resolve-threat-in-sentinelone"]], "Function - SentinelOne: Restart Agent": [[115, "function-sentinelone-restart-agent"]], "Function - SentinelOne: Send SOAR Note to SentinelOne": [[115, "function-sentinelone-send-soar-note-to-sentinelone"]], "Function - SentinelOne: Shutdown Agent": [[115, "function-sentinelone-shutdown-agent"]], "Function - SentinelOne: Update Notes From SentinelOne": [[115, "function-sentinelone-update-notes-from-sentinelone"]], "Function - Sentinelone: Update Threat Status": [[115, "function-sentinelone-update-threat-status"]], "Function - Shadowserver": [[121, "function-shadowserver"]], "Function - Siemplify Add Playbook": [[123, "function-siemplify-add-playbook"]], "Function - Siemplify Add/Update Entity to Custom List": [[123, "function-siemplify-add-update-entity-to-custom-list"]], "Function - Siemplify Close Case": [[123, "function-siemplify-close-case"]], "Function - Siemplify Get Custom List Entities": [[123, "function-siemplify-get-custom-list-entities"]], "Function - Siemplify Remove List Entry": [[123, "function-siemplify-remove-list-entry"]], "Function - Siemplify Sync Artifact": [[123, "function-siemplify-sync-artifact"]], "Function - Siemplify Sync Attachment": [[123, "function-siemplify-sync-attachment"]], "Function - Siemplify Sync Case": [[123, "function-siemplify-sync-case"]], "Function - Siemplify Sync Comment": [[123, "function-siemplify-sync-comment"]], "Function - Siemplify Sync Task": [[123, "function-siemplify-sync-task"]], "Function - Siemplify: Add/Update Entity to Blocklist": [[123, "function-siemplify-add-update-entity-to-blocklist"]], "Function - Siemplify: Get Blocklist Entities": [[123, "function-siemplify-get-blocklist-entities"]], "Function - SnapShot URL": [[125, "function-snapshot-url"]], "Function - Splunk Add Intel Item": [[128, "function-splunk-add-intel-item"]], "Function - Splunk Delete Threat Intel Item": [[128, "function-splunk-delete-threat-intel-item"]], "Function - Splunk Search": [[128, "function-splunk-search"]], "Function - Splunk Update Notable Event": [[128, "function-splunk-update-notable-event"]], "Function - Staxx Import": [[9, "function-staxx-import"]], "Function - Staxx Query": [[9, "function-staxx-query"]], "Function - Symantec DLP: Close DLP Case": [[129, "function-symantec-dlp-close-dlp-case"]], "Function - Symantec DLP: Get DLP Notes": [[129, "function-symantec-dlp-get-dlp-notes"]], "Function - Symantec DLP: Get Incident Details": [[129, "function-symantec-dlp-get-incident-details"]], "Function - Symantec DLP: Send Note to DLP Incident": [[129, "function-symantec-dlp-send-note-to-dlp-incident"]], "Function - Symantec DLP: Update Incident in DLP": [[129, "function-symantec-dlp-update-incident-in-dlp"]], "Function - Symantec DLP: Upload Binaries": [[129, "function-symantec-dlp-upload-binaries"]], "Function - Timer": [[134, "function-timer"], [166, "function-timer"]], "Function - Trusteer PPD: Get URL Links to Trusteer": [[135, "function-trusteer-ppd-get-url-links-to-trusteer"]], "Function - Trusteer PPD: Update Alert Classification": [[135, "function-trusteer-ppd-update-alert-classification"]], "Function - Trusteer PPD: Update Classification in Alert Datatable": [[135, "function-trusteer-ppd-update-classification-in-alert-datatable"]], "Function - URL to DNS": [[138, "function-url-to-dns"]], "Function - VMware CBC: Get Alert By ID": [[144, "function-vmware-cbc-get-alert-by-id"]], "Function - VMware CBC: Get CBC Notes": [[144, "function-vmware-cbc-get-cbc-notes"]], "Function - VMware CBC: Get Device By ID": [[144, "function-vmware-cbc-get-device-by-id"]], "Function - VMware CBC: Post Alert Workflow Data": [[144, "function-vmware-cbc-post-alert-workflow-data"]], "Function - VMware CBC: Post Device Action": [[144, "function-vmware-cbc-post-device-action"]], "Function - VMware CBC: Post Note to CBC Alert": [[144, "function-vmware-cbc-post-note-to-cbc-alert"]], "Function - VMware CBC: Post Observations Detail Job": [[144, "function-vmware-cbc-post-observations-detail-job"]], "Function - VMware CBC: Post Reputation Override": [[144, "function-vmware-cbc-post-reputation-override"]], "Function - VMware CBC: Post Tags": [[144, "function-vmware-cbc-post-tags"]], "Function - VMware: CBC Kill Process": [[144, "function-vmware-cbc-kill-process"]], "Function - VirusTotal": [[142, "function-virustotal"], [186, "function-virustotal"]], "Function - WHOIS: Query": [[148, "function-whois-query"]], "Function - Watson Search": [[101, "function-watson-search"]], "Function - Watson Search with Local Context": [[101, "function-watson-search-with-local-context"]], "Function - Watson Translate": [[145, "function-watson-translate"]], "Function - Webex: Create Meeting": [[146, "function-webex-create-meeting"]], "Function - Webex: Create Room": [[146, "function-webex-create-room"]], "Function - Webex: Create Team": [[146, "function-webex-create-team"]], "Function - Webex: Delete Room": [[146, "function-webex-delete-room"]], "Function - Webex: Delete Team": [[146, "function-webex-delete-team"]], "Function - Wiki Create or Update Page": [[149, "function-wiki-create-or-update-page"]], "Function - Wiki Get Contents": [[149, "function-wiki-get-contents"]], "Function - Wiki Lookup": [[149, "function-wiki-lookup"]], "Function - Wiz: Pull Vulnerabilities": [[150, "function-wiz-pull-vulnerabilities"]], "Function - Wiz: Query Issue": [[150, "function-wiz-query-issue"]], "Function - Wiz: Send SOAR Notes": [[150, "function-wiz-send-soar-notes"]], "Function - Wiz: Sync Status": [[150, "function-wiz-sync-status"]], "Function - X-Force Utilities: Get Collection by ID": [[151, "function-x-force-utilities-get-collection-by-id"]], "Function - X-Force Utilities: Query Collection": [[151, "function-x-force-utilities-query-collection"]], "Function - Yeti": [[152, "function-yeti"]], "Function - ZIA: Add To Allowlist": [[153, "function-zia-add-to-allowlist"]], "Function - ZIA: Add To Blocklist": [[153, "function-zia-add-to-blocklist"]], "Function - ZIA: Add To URL Category": [[153, "function-zia-add-to-url-category"]], "Function - ZIA: Add URL Category": [[153, "function-zia-add-url-category"]], "Function - ZIA: Get Allowlist": [[153, "function-zia-get-allowlist"]], "Function - ZIA: Get Blocklist": [[153, "function-zia-get-blocklist"]], "Function - ZIA: Get Sandbox Report": [[153, "function-zia-get-sandbox-report"]], "Function - ZIA: Get URL Categories": [[153, "function-zia-get-url-categories"]], "Function - ZIA: Remove From Allowlist": [[153, "function-zia-remove-from-allowlist"]], "Function - ZIA: Remove From Blocklist": [[153, "function-zia-remove-from-blocklist"]], "Function - ZIA: Remove From URL Category": [[153, "function-zia-remove-from-url-category"]], "Function - ZIA: URL Lookup": [[153, "function-zia-url-lookup"]], "Function - fn_netdevice_config": [[83, "function-fn-netdevice-config"]], "Function - fn_netdevice_query": [[83, "function-fn-netdevice-query"]], "Function - fn_odbc_query": [[86, "function-fn-odbc-query"]], "Function Guardium Generate Client Secret": [[55, "function-guardium-generate-client-secret"]], "Function Guardium List Parameter Names by Report Name": [[55, "function-guardium-list-parameter-names-by-report-name"]], "Function Guardium Search Outlier Details": [[55, "function-guardium-search-outlier-details"]], "Function Guardium Search Report": [[55, "function-guardium-search-report"], [55, "id5"]], "Function Guardium Search Sensitive Object": [[55, "function-guardium-search-sensitive-object"]], "Function Guardium block user": [[55, "function-guardium-block-user"]], "Function Inputs": [[8, "function-inputs"], [33, "function-inputs"], [136, "function-inputs"], [136, "id1"], [136, "id5"]], "Function Inputs with Activation Fields": [[96, "function-inputs-with-activation-fields"]], "Function Inputs without Activation Fields": [[96, "function-inputs-without-activation-fields"]], "Function Inputs:": [[36, "function-inputs"], [37, "function-inputs"], [49, "function-inputs"], [53, "function-inputs"], [56, "function-inputs"], [61, "function-inputs"], [137, "function-inputs"], [143, "function-inputs"], [147, "function-inputs"]], "Function Inputs: Base64 to Attachment:": [[47, "function-inputs-base64-to-attachment"]], "Function Inputs: Google Cloud Function:": [[47, "function-inputs-google-cloud-function"]], "Function Output": [[8, "function-output"], [33, "function-output"], [136, "function-output"], [136, "id2"], [136, "id6"]], "Function Output:": [[36, "function-output"], [37, "function-output"], [49, "function-output"], [53, "function-output"], [137, "function-output"], [143, "function-output"], [147, "function-output"]], "Function Outputs:": [[56, "function-outputs"]], "Function Workflow:": [[55, "function-workflow"], [55, "id1"], [55, "id2"], [55, "id3"], [55, "id4"], [55, "id6"], [55, "id7"]], "Function: GCP Cloud Functions: Sandbox and Screenshot Webpage": [[47, "function-gcp-cloud-functions-sandbox-and-screenshot-webpage"]], "Function: Utilities: Base64 to Attachment": [[47, "function-utilities-base64-to-attachment"]], "Functions": [[97, "functions"], [118, "functions"], [132, "functions"]], "Functions:": [[37, "functions"], [111, "functions"]], "GRR": [[53, null]], "Generate an Organization API Key in Rapid7 InsightIDR": [[106, "generate-an-organization-api-key-in-rapid7-insightidr"]], "Get the API Key and Secret in Axonius": [[17, "get-the-api-key-and-secret-in-axonius"]], "GitHub": [[45, null]], "GitHub Development Version": [[45, "github-development-version"]], "Google Cloud DLP": [[46, null]], "Google Cloud Function Output:": [[47, "google-cloud-function-output"]], "Google Cloud Functions": [[47, null]], "Google Cloud Security Command Center": [[48, null]], "Google Geocoding": [[44, null]], "Google Gmail": [[155, "google-gmail"]], "Google Maps": [[49, null]], "Google Safe Browsing": [[50, null]], "Google Safe Browsing Threat Searcher": [[168, null]], "GreyNoise": [[51, null]], "Guardium Insights Integration": [[54, null]], "Guardium Integration Application for IBM Resilient.": [[55, null]], "Guardium: 2. Search for Entitlements to Sensitive Objects:": [[55, "guardium-2-search-for-entitlements-to-sensitive-objects"]], "Guardium: 3. Search for User Outlier Details:": [[55, "guardium-3-search-for-user-outlier-details"]], "Guardium: 4A. List Parameter Names By Report Name :": [[55, "guardium-4a-list-parameter-names-by-report-name"]], "Guardium: 4B. Search All Guardium Reports :": [[55, "guardium-4b-search-all-guardium-reports"]], "Guardium: 5. Block User from Data Source:": [[55, "guardium-5-block-user-from-data-source"]], "Guardium: Generate Client Secret:": [[55, "guardium-generate-client-secret"]], "HTML to PDF": [[57, null]], "Have I Been Pwned": [[56, null]], "Have I Been Pwned Get Breaches:": [[56, "have-i-been-pwned-get-breaches"]], "Have I Been Pwned Get Pastes:": [[56, "have-i-been-pwned-get-pastes"]], "Have I Been Pwned Threat Searcher": [[169, null]], "Hint: <!-- omit in toc -->": [[110, "hint"]], "History": [[1, "history"], [2, null], [41, "history"], [44, "history"], [56, "history"], [60, "history"], [107, "history"], [147, "history"], [148, "history"], [166, "history"], [178, "history"], [179, "history"], [181, "history"], [187, "history"], [188, "history"], [189, "history"]], "How does this perform?": [[177, "how-does-this-perform"]], "How to configure to use a single Jira Server": [[63, "how-to-configure-to-use-a-single-jira-server"]], "How to configure to use a single LDAP Server": [[66, "how-to-configure-to-use-a-single-ldap-server"]], "How to configure to use a single ODBC database": [[86, "how-to-configure-to-use-a-single-odbc-database"]], "How to configure to use a single Panorama Server": [[88, "how-to-configure-to-use-a-single-panorama-server"]], "How to configure to use a single QRadar Server": [[102, "how-to-configure-to-use-a-single-qradar-server"], [103, "how-to-configure-to-use-a-single-qradar-server"]], "How to configure to use a single Splunk Server": [[128, "how-to-configure-to-use-a-single-splunk-server"]], "How to configure to use multiple QRadar servers that have the QRadar-Plugin installed": [[102, "how-to-configure-to-use-multiple-qradar-servers-that-have-the-qradar-plugin-installed"]], "How to use the function": [[25, "how-to-use-the-function"], [39, "how-to-use-the-function"], [133, "how-to-use-the-function"]], "IBM QRadar SOAR uses PostgreSQL.  Why can\u2019t I just open up access to the PostgreSQL and query the DB directly?": [[177, "ibm-qradar-soar-uses-postgresql-why-can-t-i-just-open-up-access-to-the-postgresql-and-query-the-db-directly"]], "IBM SOAR Email Approval Process Content Pack": [[188, null]], "IBM SOAR LDAP Utilities": [[66, null]], "IBM SOAR Python Documentation": [[6, null]], "IBM SOAR example email message parsing script": [[189, null]], "IBM SOAR platform": [[59, "ibm-soar-platform"], [97, "ibm-soar-platform"]], "IBM Security QRadar SOAR Apps": [[154, null]], "IBM Trusteer Development Version": [[135, "ibm-trusteer-development-version"]], "IBM XForce Collections": [[151, null]], "IOC Parser": [[60, null]], "IP address allowlists": [[189, "ip-address-allowlists"]], "IPInfo": [[61, null]], "ISC SANS": [[165, null]], "If Relation Level is: Child": [[108, "if-relation-level-is-child"]], "If Relation Level is: Parent": [[108, "if-relation-level-is-parent"]], "Image OCR": [[85, null]], "Image specific app.config sections": [[37, "image-specific-app-config-sections"]], "Import": [[183, "import"], [184, "import"], [185, "import"], [186, "import"]], "Import Keys": [[0, "import-keys"]], "Import statements": [[29, "import-statements"]], "Imported Apps": [[166, "imported-apps"]], "Incident Links": [[87, "incident-links"]], "Incident Utilities": [[59, null]], "Incident fields that are required for the example automatic rule to run": [[102, "incident-fields-that-are-required-for-the-example-automatic-rule-to-run"]], "Information as Data-tables or Artifacts": [[40, "information-as-data-tables-or-artifacts"]], "Initialization": [[1, "initialization"], [2, "initialization"]], "Input Considerations": [[110, "input-considerations"]], "Input Formats:": [[110, "input-formats"]], "Input format": [[110, "input-format"]], "Inputs:": [[32, "inputs"], [32, "id1"], [32, "id5"]], "Install": [[7, "install"], [10, "install"], [12, "install"], [14, "install"], [16, "install"], [17, "install"], [18, "install"], [19, "install"], [20, "install"], [21, "install"], [23, "install"], [24, "install"], [27, "install"], [30, "install"], [31, "install"], [34, "install"], [35, "install"], [38, "install"], [40, "install"], [41, "install"], [42, "install"], [45, "install"], [46, "install"], [48, "install"], [50, "install"], [52, "install"], [57, "install"], [58, "install"], [59, "install"], [62, "install"], [63, "install"], [64, "install"], [65, "install"], [66, "install"], [68, "install"], [71, "install"], [73, "install"], [75, "install"], [76, "install"], [77, "install"], [78, "install"], [79, "install"], [80, "install"], [81, "install"], [83, "install"], [84, "install"], [85, "install"], [86, "install"], [87, "install"], [88, "install"], [89, "install"], [90, "install"], [91, "install"], [92, "install"], [93, "install"], [95, "install"], [96, "install"], [97, "install"], [98, "install"], [101, "install"], [102, "install"], [103, "install"], [105, "install"], [106, "install"], [107, "install"], [108, "install"], [109, "install"], [110, "install"], [112, "install"], [113, "install"], [115, "install"], [116, "install"], [117, "install"], [121, "install"], [123, "install"], [124, "install"], [125, "install"], [126, "install"], [128, "install"], [129, "install"], [134, "install"], [135, "install"], [138, "install"], [142, "install"], [144, "install"], [145, "install"], [149, "install"], [150, "install"], [151, "install"], [152, "install"], [153, "install"], [155, "install"], [183, "install"], [185, "install"], [186, "install"]], "Install Docker": [[37, "install-docker"]], "Install and Configure ASA REST API Agent and Client": [[24, "install-and-configure-asa-rest-api-agent-and-client"]], "Install msgconvert on CentOS/RHEL based systems:": [[90, "install-msgconvert-on-centos-rhel-based-systems"], [90, "id3"]], "Install the Python components": [[176, "install-the-python-components"], [178, "install-the-python-components"], [179, "install-the-python-components"], [180, "install-the-python-components"], [182, "install-the-python-components"]], "Installation": [[7, "installation"], [8, "installation"], [9, "installation"], [10, "installation"], [11, "installation"], [12, "installation"], [14, "installation"], [15, "installation"], [16, "installation"], [17, "installation"], [18, "installation"], [19, "installation"], [20, "installation"], [21, "installation"], [23, "installation"], [24, "installation"], [25, "installation"], [27, "installation"], [28, "installation"], [30, "installation"], [31, "installation"], [33, "installation"], [34, "installation"], [35, "installation"], [38, "installation"], [40, "installation"], [41, "installation"], [42, "installation"], [43, "installation"], [44, "installation"], [45, "installation"], [46, "installation"], [48, "installation"], [50, "installation"], [51, "installation"], [52, "installation"], [54, "installation"], [55, "installation"], [57, "installation"], [58, "installation"], [59, "installation"], [60, "installation"], [62, "installation"], [63, "installation"], [64, "installation"], [65, "installation"], [66, "installation"], [67, "installation"], [68, "installation"], [69, "installation"], [70, "installation"], [71, "installation"], [72, "installation"], [73, "installation"], [74, "installation"], [75, "installation"], [76, "installation"], [77, "installation"], [78, "installation"], [79, "installation"], [80, "installation"], [81, "installation"], [83, "installation"], [84, "installation"], [85, "installation"], [86, "installation"], [87, "installation"], [88, "installation"], [89, "installation"], [90, "installation"], [91, "installation"], [92, "installation"], [93, "installation"], [94, "installation"], [95, "installation"], [96, "installation"], [97, "installation"], [98, "installation"], [99, "installation"], [100, "installation"], [101, "installation"], [102, "installation"], [103, "installation"], [104, "installation"], [105, "installation"], [106, "installation"], [107, "installation"], [108, "installation"], [109, "installation"], [110, "installation"], [112, "installation"], [113, "installation"], [114, "installation"], [115, "installation"], [116, "installation"], [121, "installation"], [123, "installation"], [124, "installation"], [125, "installation"], [126, "installation"], [128, "installation"], [129, "installation"], [130, "installation"], [131, "installation"], [132, "installation"], [134, "installation"], [135, "installation"], [136, "installation"], [138, "installation"], [140, "installation"], [141, "installation"], [142, "installation"], [143, "installation"], [144, "installation"], [145, "installation"], [146, "installation"], [148, "installation"], [149, "installation"], [150, "installation"], [151, "installation"], [152, "installation"], [153, "installation"], [155, "installation"], [157, "installation"], [159, "installation"], [160, "installation"], [165, "installation"], [169, "installation"], [170, "installation"], [171, "installation"], [172, "installation"], [173, "installation"], [174, "installation"], [176, "installation"], [178, "installation"], [179, "installation"], [180, "installation"], [181, "installation"], [182, "installation"], [188, "installation"]], "Installation (App Host)": [[122, "installation-app-host"], [127, "installation-app-host"], [139, "installation-app-host"]], "Installation (Integration Server)": [[122, "installation-integration-server"], [127, "installation-integration-server"], [139, "installation-integration-server"]], "Installation and Configuration": [[29, "installation-and-configuration"], [188, "installation-and-configuration"]], "Installation instructions": [[166, "installation-instructions"], [187, "installation-instructions"], [189, "installation-instructions"]], "Installation:": [[111, "installation"]], "Integration Server": [[9, "integration-server"], [11, "integration-server"], [28, "integration-server"], [44, "integration-server"], [54, "integration-server"], [114, "integration-server"], [143, "integration-server"], [180, "integration-server"], [181, "integration-server"], [182, "integration-server"]], "Integration Server Installation": [[10, "integration-server-installation"], [85, "integration-server-installation"], [125, "integration-server-installation"], [148, "integration-server-installation"], [178, "integration-server-installation"]], "Integration Server Requirements": [[179, "integration-server-requirements"], [180, "integration-server-requirements"]], "Integration Server Setup": [[60, "integration-server-setup"], [140, "integration-server-setup"]], "Integration app.config settings:": [[37, "integration-app-config-settings"]], "Integrations": [[113, "integrations"]], "Introduction": [[4, "introduction"], [157, "introduction"], [176, "introduction"], [177, "introduction"], [178, "introduction"], [179, "introduction"], [180, "introduction"], [182, "introduction"]], "Investigation Filtering": [[106, "investigation-filtering"]], "Is historical data maintained?": [[177, "is-historical-data-maintained"]], "IsItPhishing": [[62, null]], "JSON Web Token Authentication": [[110, "json-web-token-authentication"]], "Jira": [[63, null]], "Joe Sandbox Analysis": [[64, null]], "Kafka": [[65, null]], "Kafka App 1.0.2 Changes": [[65, "kafka-app-1-0-2-changes"]], "Kafka Listener": [[65, "kafka-listener"]], "KafkaFeed Class": [[179, "kafkafeed-class"]], "Key Features": [[7, "key-features"], [9, "key-features"], [10, "key-features"], [12, "key-features"], [14, "key-features"], [15, "key-features"], [16, "key-features"], [17, "key-features"], [18, "key-features"], [19, "key-features"], [20, "key-features"], [21, "key-features"], [23, "key-features"], [24, "key-features"], [27, "key-features"], [30, "key-features"], [31, "key-features"], [34, "key-features"], [38, "key-features"], [40, "key-features"], [41, "key-features"], [42, "key-features"], [45, "key-features"], [46, "key-features"], [48, "key-features"], [50, "key-features"], [54, "key-features"], [57, "key-features"], [58, "key-features"], [59, "key-features"], [62, "key-features"], [63, "key-features"], [64, "key-features"], [65, "key-features"], [66, "key-features"], [71, "key-features"], [73, "key-features"], [74, "key-features"], [75, "key-features"], [76, "key-features"], [77, "key-features"], [78, "key-features"], [79, "key-features"], [80, "key-features"], [81, "key-features"], [83, "key-features"], [84, "key-features"], [85, "key-features"], [86, "key-features"], [87, "key-features"], [88, "key-features"], [89, "key-features"], [90, "key-features"], [91, "key-features"], [92, "key-features"], [93, "key-features"], [95, "key-features"], [96, "key-features"], [97, "key-features"], [98, "key-features"], [101, "key-features"], [102, "key-features"], [103, "key-features"], [105, "key-features"], [106, "key-features"], [107, "key-features"], [108, "key-features"], [109, "key-features"], [110, "key-features"], [112, "key-features"], [115, "key-features"], [116, "key-features"], [117, "key-features"], [121, "key-features"], [123, "key-features"], [124, "key-features"], [125, "key-features"], [128, "key-features"], [129, "key-features"], [130, "key-features"], [131, "key-features"], [135, "key-features"], [138, "key-features"], [142, "key-features"], [144, "key-features"], [145, "key-features"], [146, "key-features"], [148, "key-features"], [149, "key-features"], [150, "key-features"], [151, "key-features"], [152, "key-features"], [153, "key-features"], [155, "key-features"], [188, "key-features"]], "Known Issues": [[37, "known-issues"], [48, "known-issues"]], "LDAP Search": [[158, null]], "Languages Supported:": [[145, "languages-supported"]], "License": [[176, "license"], [177, "license"], [178, "license"], [179, "license"], [180, "license"], [181, "license"], [182, "license"]], "Limitations": [[10, "limitations"], [181, "limitations"]], "Links": [[118, "links"], [119, "links"], [120, "links"]], "List of required permissions": [[131, "list-of-required-permissions"]], "Local Post-processing Script": [[96, "local-post-processing-script"]], "Log Capture": [[67, null]], "MISP": [[80, null]], "MISP Threat Searcher": [[171, null]], "MITRE ATT&CK": [[81, null]], "MSSP Configuration": [[102, "mssp-configuration"]], "MaaS360": [[68, null]], "MaaS360 Action - Get Software Installed": [[68, "maas360-action-get-software-installed"]], "MaaS360 Action - Locate Device": [[68, "maas360-action-locate-device"]], "MaaS360 Action - Lock Device": [[68, "maas360-action-lock-device"]], "MaaS360 Action - Wipe Device": [[68, "maas360-action-wipe-device"]], "MacOS": [[85, "macos"]], "Machine Learning": [[69, null]], "Mandiant Threat Intelligence": [[71, null]], "McAfee ATD": [[72, null]], "McAfee ESM": [[74, null]], "McAfee OpenDXL": [[75, null]], "McAfee TIE": [[76, null]], "McAfee TIE Threat Searcher": [[170, null]], "McAfee ePO": [[73, null]], "Message Destination": [[161, "message-destination"]], "Message Destination Setup": [[29, "message-destination-setup"]], "Message Destinations:": [[111, "message-destinations"]], "Message Signing and Encryption": [[87, "message-signing-and-encryption"]], "Message destination": [[29, "message-destination"]], "Method 1: Using CODE:": [[110, "method-1-using-code"]], "Method 2: Using REFRESH_TOKEN": [[110, "method-2-using-refresh-token"]], "Method 3: Using ACCESS_TOKEN": [[110, "method-3-using-access-token"]], "Microsoft Defender": [[77, null]], "Microsoft Exchange": [[40, null]], "Microsoft Exchange Online": [[41, null]], "Microsoft Outlook 365": [[155, "microsoft-outlook-365"]], "Microsoft Security Graph Integration for SOAR": [[78, null]], "Microsoft Sentinel": [[79, null]], "Microsoft Teams": [[131, null]], "Migrating to v1.0.2": [[44, "migrating-to-v1-0-2"], [113, "migrating-to-v1-0-2"]], "Modifications": [[180, "modifications"]], "Modify data type mapping": [[180, "modify-data-type-mapping"]], "Modify dialect encoding": [[180, "modify-dialect-encoding"]], "Modifying dialect reserved words": [[180, "modifying-dialect-reserved-words"]], "Multi-tenancy": [[63, "multi-tenancy"]], "NLP Search": [[70, null]], "NSRL Whitelist": [[37, "nsrl-whitelist"]], "Network Utilities": [[84, null]], "New and Recently Updated Apps": [[154, null]], "Note on Partial URL Support": [[94, "note-on-partial-url-support"]], "Note:  <!-- omit in toc -->": [[110, "note"]], "Notes": [[63, "notes"], [87, "notes"]], "Notes regarding v2.1.0": [[113, "notes-regarding-v2-1-0"]], "Notes:": [[180, "notes"]], "OAuth 2.0": [[110, "oauth-2-0"]], "OAuth 2.0 Authorization": [[87, "oauth-2-0-authorization"], [87, "id1"]], "OAuth Authentication": [[146, "oauth-authentication"]], "OAuth Utilities": [[155, null]], "ODBC Database Considerations": [[180, "odbc-database-considerations"]], "ODBC Query": [[86, null]], "ODBCFeed Class": [[180, "odbcfeed-class"]], "Older integration applications": [[156, null]], "Operation": [[188, "operation"], [189, "operation"]], "Other notes": [[140, "other-notes"]], "Outbound Email": [[87, null]], "Output :": [[61, "output"]], "Output:": [[32, "output"], [32, "id2"], [32, "id6"]], "Overview": [[3, "overview"], [7, "overview"], [9, "overview"], [10, "overview"], [11, "overview"], [12, "overview"], [14, "overview"], [15, "overview"], [16, "overview"], [17, "overview"], [18, "overview"], [19, "overview"], [20, "overview"], [21, "overview"], [23, "overview"], [24, "overview"], [27, "overview"], [28, "overview"], [30, "overview"], [31, "overview"], [34, "overview"], [35, "overview"], [38, "overview"], [40, "overview"], [41, "overview"], [42, "overview"], [45, "overview"], [46, "overview"], [48, "overview"], [50, "overview"], [51, "overview"], [52, "overview"], [54, "overview"], [57, "overview"], [58, "overview"], [59, "overview"], [60, "overview"], [62, "overview"], [63, "overview"], [64, "overview"], [65, "overview"], [66, "overview"], [67, "overview"], [68, "overview"], [71, "overview"], [73, "overview"], [74, "overview"], [75, "overview"], [76, "overview"], [77, "overview"], [78, "overview"], [79, "overview"], [80, "overview"], [81, "overview"], [83, "overview"], [84, "overview"], [85, "overview"], [86, "overview"], [87, "overview"], [88, "overview"], [89, "overview"], [90, "overview"], [91, "overview"], [92, "overview"], [93, "overview"], [94, "overview"], [95, "overview"], [96, "overview"], [97, "overview"], [98, "overview"], [99, "overview"], [100, "overview"], [101, "overview"], [102, "overview"], [103, "overview"], [105, "overview"], [106, "overview"], [107, "overview"], [108, "overview"], [109, "overview"], [110, "overview"], [112, "overview"], [113, "overview"], [114, "overview"], [115, "overview"], [116, "overview"], [117, "overview"], [118, "overview"], [119, "overview"], [121, "overview"], [122, "overview"], [123, "overview"], [124, "overview"], [125, "overview"], [126, "overview"], [127, "overview"], [128, "overview"], [129, "overview"], [130, "overview"], [131, "overview"], [132, "overview"], [134, "overview"], [135, "overview"], [138, "overview"], [139, "overview"], [141, "overview"], [142, "overview"], [143, "overview"], [144, "overview"], [145, "overview"], [146, "overview"], [148, "overview"], [149, "overview"], [150, "overview"], [151, "overview"], [152, "overview"], [153, "overview"], [155, "overview"], [159, "overview"], [165, "overview"], [171, "overview"]], "P12 Signing and Unencrypting Certificates": [[87, "p12-signing-and-unencrypting-certificates"]], "Package Configuration": [[155, "package-configuration"]], "Package Dependences": [[43, "package-dependences"], [183, "package-dependences"], [184, "package-dependences"], [185, "package-dependences"]], "Package Dependencies": [[69, "package-dependencies"], [70, "package-dependencies"], [186, "package-dependencies"]], "PagerDuty": [[89, null]], "PagerDuty App  1.1.0 Changes": [[89, "pagerduty-app-1-1-0-changes"]], "Palo Alto Panorama": [[88, null]], "Panorama API permissions": [[88, "panorama-api-permissions"]], "Parameters:": [[119, "parameters"], [119, "id1"], [119, "id3"], [119, "id5"], [119, "id6"], [119, "id8"]], "Parent/Child Relationships": [[108, null]], "Parse Utilities": [[90, null]], "PassiveTotal": [[91, null]], "PasteBin Creator": [[92, null]], "Permission": [[42, "permission"], [155, "permission"]], "Permissions": [[23, "permissions"], [41, "permissions"], [87, "permissions"], [115, "permissions"], [129, "permissions"], [135, "permissions"], [144, "permissions"], [150, "permissions"], [153, "permissions"]], "Persistence of Scheduled Playbooks/Rules": [[113, "persistence-of-scheduled-playbooks-rules"]], "Phish.AI": [[93, null]], "PhishTank Lookup": [[94, null]], "Pipl": [[95, null]], "Playbook": [[40, "playbook"], [128, "playbook"]], "Playbook Maker": [[96, null]], "Playbook Utils": [[97, null]], "Playbooks": [[10, "playbooks"], [14, "playbooks"], [17, "playbooks"], [18, "playbooks"], [20, "playbooks"], [23, "playbooks"], [24, "playbooks"], [34, "playbooks"], [35, "playbooks"], [41, "playbooks"], [42, "playbooks"], [45, "playbooks"], [63, "playbooks"], [64, "playbooks"], [65, "playbooks"], [66, "playbooks"], [71, "playbooks"], [73, "playbooks"], [77, "playbooks"], [79, "playbooks"], [80, "playbooks"], [84, "playbooks"], [88, "playbooks"], [89, "playbooks"], [90, "playbooks"], [97, "playbooks"], [98, "playbooks"], [98, "id1"], [102, "playbooks"], [103, "playbooks"], [105, "playbooks"], [106, "playbooks"], [107, "playbooks"], [110, "playbooks"], [112, "playbooks"], [115, "playbooks"], [118, "playbooks"], [124, "playbooks"], [125, "playbooks"], [129, "playbooks"], [131, "playbooks"], [135, "playbooks"], [142, "playbooks"], [144, "playbooks"], [150, "playbooks"], [151, "playbooks"], [165, "playbooks"], [166, "playbooks"], [188, "playbooks"]], "Playbooks API": [[113, "playbooks-api"]], "Playbooks and Rules": [[113, "playbooks-and-rules"]], "Poller - AWS GuardDuty: Escalate Findings": [[14, "poller-aws-guardduty-escalate-findings"]], "Poller - ExtraHop Escalate Detections": [[42, "poller-extrahop-escalate-detections"]], "Poller Considerations": [[34, "poller-considerations"], [63, "poller-considerations"], [105, "poller-considerations"], [106, "poller-considerations"], [107, "poller-considerations"], [112, "poller-considerations"], [144, "poller-considerations"], [150, "poller-considerations"]], "Poller Templates": [[89, "poller-templates"]], "Poller Templates for SOAR Cases": [[34, "poller-templates-for-soar-cases"], [63, "poller-templates-for-soar-cases"], [106, "poller-templates-for-soar-cases"], [112, "poller-templates-for-soar-cases"], [144, "poller-templates-for-soar-cases"], [150, "poller-templates-for-soar-cases"]], "Post-Process Script": [[8, "post-process-script"], [33, "post-process-script"], [136, "post-process-script"], [136, "id4"], [136, "id8"]], "Post-Process Script:": [[32, "post-process-script"], [32, "id4"], [32, "id8"], [36, "post-process-script"], [37, "post-process-script"], [49, "post-process-script"], [53, "post-process-script"], [56, "post-process-script"], [61, "post-process-script"], [137, "post-process-script"], [143, "post-process-script"], [147, "post-process-script"]], "Post-Processing Script": [[140, "post-processing-script"]], "PostgreSQL Database": [[181, "postgresql-database"]], "Pre-Defined ServiceNow Workflows": [[119, "pre-defined-servicenow-workflows"]], "Pre-Process Script": [[8, "pre-process-script"], [33, "pre-process-script"], [136, "pre-process-script"], [136, "id3"], [136, "id7"]], "Pre-Process Script:": [[32, "pre-process-script"], [32, "id3"], [32, "id7"], [36, "pre-process-script"], [37, "pre-process-script"], [49, "pre-process-script"], [53, "pre-process-script"], [61, "pre-process-script"], [137, "pre-process-script"], [143, "pre-process-script"], [147, "pre-process-script"]], "Pre-Process Scripts:": [[56, "pre-process-scripts"]], "Pre-Processing Script": [[140, "pre-processing-script"]], "Pre-Processing Scripts": [[47, "pre-processing-scripts"]], "Pre-Requisite Steps and Info:": [[37, "pre-requisite-steps-and-info"]], "Prerequisite": [[183, "prerequisite"], [185, "prerequisite"], [186, "prerequisite"]], "Prerequisites": [[7, "prerequisites"], [15, "prerequisites"], [17, "prerequisites"], [23, "prerequisites"], [34, "prerequisites"], [41, "prerequisites"], [42, "prerequisites"], [45, "prerequisites"], [48, "prerequisites"], [50, "prerequisites"], [55, "prerequisites"], [65, "prerequisites"], [87, "prerequisites"], [89, "prerequisites"], [91, "prerequisites"], [101, "prerequisites"], [105, "prerequisites"], [106, "prerequisites"], [115, "prerequisites"], [119, "prerequisites"], [120, "prerequisites"], [124, "prerequisites"], [129, "prerequisites"], [135, "prerequisites"], [142, "prerequisites"], [144, "prerequisites"], [150, "prerequisites"], [153, "prerequisites"], [155, "prerequisites"], [170, "prerequisites"], [190, "prerequisites"]], "Prerequisites:": [[8, "prerequisites"], [10, "prerequisites"], [26, "prerequisites"], [33, "prerequisites"], [132, "prerequisites"], [136, "prerequisites"]], "Procedure": [[189, "procedure"]], "Proofpoint TAP": [[98, null]], "Proofpoint TRAP": [[99, null]], "Proxy Server": [[7, "proxy-server"], [10, "proxy-server"], [12, "proxy-server"], [14, "proxy-server"], [15, "proxy-server"], [16, "proxy-server"], [17, "proxy-server"], [18, "proxy-server"], [19, "proxy-server"], [20, "proxy-server"], [21, "proxy-server"], [23, "proxy-server"], [24, "proxy-server"], [27, "proxy-server"], [30, "proxy-server"], [31, "proxy-server"], [34, "proxy-server"], [35, "proxy-server"], [38, "proxy-server"], [40, "proxy-server"], [41, "proxy-server"], [42, "proxy-server"], [45, "proxy-server"], [46, "proxy-server"], [48, "proxy-server"], [50, "proxy-server"], [52, "proxy-server"], [54, "proxy-server"], [58, "proxy-server"], [59, "proxy-server"], [62, "proxy-server"], [63, "proxy-server"], [64, "proxy-server"], [65, "proxy-server"], [66, "proxy-server"], [71, "proxy-server"], [73, "proxy-server"], [76, "proxy-server"], [77, "proxy-server"], [78, "proxy-server"], [79, "proxy-server"], [80, "proxy-server"], [81, "proxy-server"], [83, "proxy-server"], [84, "proxy-server"], [85, "proxy-server"], [86, "proxy-server"], [87, "proxy-server"], [88, "proxy-server"], [89, "proxy-server"], [90, "proxy-server"], [91, "proxy-server"], [92, "proxy-server"], [93, "proxy-server"], [95, "proxy-server"], [96, "proxy-server"], [97, "proxy-server"], [98, "proxy-server"], [101, "proxy-server"], [102, "proxy-server"], [103, "proxy-server"], [105, "proxy-server"], [106, "proxy-server"], [107, "proxy-server"], [109, "proxy-server"], [110, "proxy-server"], [112, "proxy-server"], [113, "proxy-server"], [115, "proxy-server"], [116, "proxy-server"], [121, "proxy-server"], [123, "proxy-server"], [124, "proxy-server"], [125, "proxy-server"], [126, "proxy-server"], [128, "proxy-server"], [129, "proxy-server"], [131, "proxy-server"], [134, "proxy-server"], [135, "proxy-server"], [142, "proxy-server"], [144, "proxy-server"], [145, "proxy-server"], [146, "proxy-server"], [150, "proxy-server"], [151, "proxy-server"], [152, "proxy-server"], [153, "proxy-server"], [165, "proxy-server"]], "Pulling Images": [[37, "pulling-images"]], "Pulsedive": [[100, null]], "Python Environment": [[7, "python-environment"], [10, "python-environment"], [12, "python-environment"], [14, "python-environment"], [15, "python-environment"], [16, "python-environment"], [17, "python-environment"], [18, "python-environment"], [19, "python-environment"], [20, "python-environment"], [23, "python-environment"], [24, "python-environment"], [27, "python-environment"], [31, "python-environment"], [34, "python-environment"], [35, "python-environment"], [38, "python-environment"], [40, "python-environment"], [41, "python-environment"], [42, "python-environment"], [45, "python-environment"], [46, "python-environment"], [48, "python-environment"], [50, "python-environment"], [52, "python-environment"], [54, "python-environment"], [57, "python-environment"], [58, "python-environment"], [59, "python-environment"], [63, "python-environment"], [64, "python-environment"], [65, "python-environment"], [66, "python-environment"], [71, "python-environment"], [73, "python-environment"], [77, "python-environment"], [78, "python-environment"], [79, "python-environment"], [80, "python-environment"], [81, "python-environment"], [83, "python-environment"], [84, "python-environment"], [85, "python-environment"], [86, "python-environment"], [87, "python-environment"], [88, "python-environment"], [89, "python-environment"], [90, "python-environment"], [91, "python-environment"], [95, "python-environment"], [96, "python-environment"], [97, "python-environment"], [98, "python-environment"], [101, "python-environment"], [102, "python-environment"], [103, "python-environment"], [105, "python-environment"], [106, "python-environment"], [107, "python-environment"], [108, "python-environment"], [109, "python-environment"], [110, "python-environment"], [112, "python-environment"], [113, "python-environment"], [115, "python-environment"], [116, "python-environment"], [121, "python-environment"], [123, "python-environment"], [124, "python-environment"], [125, "python-environment"], [126, "python-environment"], [128, "python-environment"], [129, "python-environment"], [131, "python-environment"], [134, "python-environment"], [135, "python-environment"], [142, "python-environment"], [144, "python-environment"], [145, "python-environment"], [146, "python-environment"], [150, "python-environment"], [151, "python-environment"], [152, "python-environment"], [153, "python-environment"], [155, "python-environment"], [165, "python-environment"]], "QRadar API Searches": [[102, "qradar-api-searches"]], "QRadar Advisor Functions": [[101, null]], "QRadar EDR": [[107, null]], "QRadar Enhanced Data Migration": [[102, null]], "QRadar Enhanced Data Refresh Manual Rule": [[102, "qradar-enhanced-data-refresh-manual-rule"]], "QRadar Integration": [[103, null]], "QRadar Requirements": [[102, "qradar-requirements"]], "QRadar SOAR Content Package for QRadar Advisor and MITRE ATT&CK<sup>TM</sup>": [[184, null]], "Query CSV Files From Resilient": [[161, null]], "Query-Runner Component": [[162, null]], "REBUILD_IMAGE_NAMES.txt": [[3, "rebuild-image-names-txt"]], "REQUEST FORMAT": [[110, "request-format"]], "REST API Functions for SOAR": [[110, null]], "RF Example: Get Host Risk": [[160, "rf-example-get-host-risk"]], "RF Example: Get IP Risk": [[160, "rf-example-get-ip-risk"]], "RF Example: Get User Risk": [[160, "rf-example-get-user-risk"]], "RF Example: Mitigate Persistent Insider Threats": [[160, "rf-example-mitigate-persistent-insider-threats"]], "RSA NetWitness": [[111, null]], "Randori": [[105, null]], "Randori Development Version": [[105, "randori-development-version"]], "Rapid7 InsightIDR": [[106, null]], "Rapid7 InsightIDR Development Version": [[106, "rapid7-insightidr-development-version"]], "Rebuild a saved model": [[69, "rebuild-a-saved-model"]], "Rebuild the NLP model": [[70, "rebuild-the-nlp-model"]], "Reference": [[190, "reference"]], "Register a new application using the Azure portal": [[131, "register-a-new-application-using-the-azure-portal"]], "Release History": [[111, "release-history"], [141, "release-history"], [149, "release-history"]], "Release Notes": [[7, "release-notes"], [9, "release-notes"], [10, "release-notes"], [11, "release-notes"], [12, "release-notes"], [14, "release-notes"], [15, "release-notes"], [16, "release-notes"], [17, "release-notes"], [18, "release-notes"], [19, "release-notes"], [20, "release-notes"], [21, "release-notes"], [23, "release-notes"], [24, "release-notes"], [26, "release-notes"], [27, "release-notes"], [28, "release-notes"], [30, "release-notes"], [31, "release-notes"], [34, "release-notes"], [35, "release-notes"], [38, "release-notes"], [40, "release-notes"], [41, "release-notes"], [42, "release-notes"], [45, "release-notes"], [46, "release-notes"], [48, "release-notes"], [50, "release-notes"], [51, "release-notes"], [52, "release-notes"], [54, "release-notes"], [57, "release-notes"], [58, "release-notes"], [59, "release-notes"], [60, "release-notes"], [62, "release-notes"], [63, "release-notes"], [64, "release-notes"], [65, "release-notes"], [66, "release-notes"], [67, "release-notes"], [68, "release-notes"], [71, "release-notes"], [73, "release-notes"], [74, "release-notes"], [75, "release-notes"], [76, "release-notes"], [77, "release-notes"], [78, "release-notes"], [79, "release-notes"], [80, "release-notes"], [81, "release-notes"], [83, "release-notes"], [84, "release-notes"], [85, "release-notes"], [86, "release-notes"], [87, "release-notes"], [88, "release-notes"], [89, "release-notes"], [90, "release-notes"], [91, "release-notes"], [92, "release-notes"], [93, "release-notes"], [94, "release-notes"], [95, "release-notes"], [96, "release-notes"], [97, "release-notes"], [98, "release-notes"], [99, "release-notes"], [100, "release-notes"], [101, "release-notes"], [102, "release-notes"], [103, "release-notes"], [105, "release-notes"], [106, "release-notes"], [107, "release-notes"], [108, "release-notes"], [109, "release-notes"], [110, "release-notes"], [111, "release-notes"], [112, "release-notes"], [113, "release-notes"], [114, "release-notes"], [115, "release-notes"], [116, "release-notes"], [117, "release-notes"], [121, "release-notes"], [122, "release-notes"], [123, "release-notes"], [124, "release-notes"], [125, "release-notes"], [126, "release-notes"], [127, "release-notes"], [128, "release-notes"], [129, "release-notes"], [131, "release-notes"], [132, "release-notes"], [134, "release-notes"], [135, "release-notes"], [138, "release-notes"], [139, "release-notes"], [141, "release-notes"], [142, "release-notes"], [143, "release-notes"], [144, "release-notes"], [145, "release-notes"], [146, "release-notes"], [148, "release-notes"], [149, "release-notes"], [149, "id1"], [150, "release-notes"], [151, "release-notes"], [152, "release-notes"], [153, "release-notes"], [155, "release-notes"], [159, "release-notes"], [165, "release-notes"], [171, "release-notes"], [177, "release-notes"], [180, "release-notes"], [182, "release-notes"]], "Remedy": [[109, null]], "Repository Mirror Scripts": [[1, null]], "Required Changes": [[4, "required-changes"]], "Required Settings": [[155, "required-settings"]], "Requirements": [[7, "requirements"], [9, "requirements"], [10, "requirements"], [11, "requirements"], [12, "requirements"], [14, "requirements"], [15, "requirements"], [16, "requirements"], [17, "requirements"], [18, "requirements"], [19, "requirements"], [20, "requirements"], [21, "requirements"], [23, "requirements"], [24, "requirements"], [27, "requirements"], [28, "requirements"], [29, "requirements"], [30, "requirements"], [31, "requirements"], [34, "requirements"], [35, "requirements"], [38, "requirements"], [40, "requirements"], [41, "requirements"], [42, "requirements"], [45, "requirements"], [46, "requirements"], [48, "requirements"], [50, "requirements"], [51, "requirements"], [52, "requirements"], [54, "requirements"], [57, "requirements"], [58, "requirements"], [59, "requirements"], [60, "requirements"], [62, "requirements"], [63, "requirements"], [64, "requirements"], [65, "requirements"], [66, "requirements"], [67, "requirements"], [68, "requirements"], [71, "requirements"], [73, "requirements"], [74, "requirements"], [75, "requirements"], [76, "requirements"], [77, "requirements"], [78, "requirements"], [79, "requirements"], [80, "requirements"], [81, "requirements"], [83, "requirements"], [84, "requirements"], [85, "requirements"], [86, "requirements"], [87, "requirements"], [88, "requirements"], [89, "requirements"], [91, "requirements"], [92, "requirements"], [93, "requirements"], [94, "requirements"], [95, "requirements"], [96, "requirements"], [97, "requirements"], [98, "requirements"], [99, "requirements"], [100, "requirements"], [101, "requirements"], [102, "requirements"], [103, "requirements"], [105, "requirements"], [106, "requirements"], [107, "requirements"], [108, "requirements"], [109, "requirements"], [110, "requirements"], [112, "requirements"], [113, "requirements"], [114, "requirements"], [115, "requirements"], [116, "requirements"], [117, "requirements"], [121, "requirements"], [122, "requirements"], [123, "requirements"], [124, "requirements"], [125, "requirements"], [127, "requirements"], [128, "requirements"], [129, "requirements"], [130, "requirements"], [131, "requirements"], [135, "requirements"], [138, "requirements"], [139, "requirements"], [141, "requirements"], [142, "requirements"], [143, "requirements"], [144, "requirements"], [145, "requirements"], [146, "requirements"], [148, "requirements"], [149, "requirements"], [150, "requirements"], [151, "requirements"], [152, "requirements"], [153, "requirements"], [155, "requirements"], [159, "requirements"], [165, "requirements"], [175, "requirements"], [181, "requirements"], [188, "requirements"]], "Requirements:": [[111, "requirements"]], "Resilient Action Status": [[9, "resilient-action-status"], [11, "resilient-action-status"], [28, "resilient-action-status"], [51, "resilient-action-status"], [60, "resilient-action-status"], [67, "resilient-action-status"], [94, "resilient-action-status"], [99, "resilient-action-status"], [100, "resilient-action-status"], [114, "resilient-action-status"], [122, "resilient-action-status"], [127, "resilient-action-status"], [130, "resilient-action-status"], [139, "resilient-action-status"], [148, "resilient-action-status"], [159, "resilient-action-status"]], "Resilient Circuits configurations are maintained in the app.config file": [[190, "resilient-circuits-configurations-are-maintained-in-the-app-config-file"]], "Resilient Configuration": [[13, "resilient-configuration"], [82, "resilient-configuration"], [104, "resilient-configuration"]], "Resilient Configurations": [[55, "resilient-configurations"]], "Resilient Functions for CbProtection": [[22, "resilient-functions-for-cbprotection"]], "Resilient Logs": [[9, "resilient-logs"], [11, "resilient-logs"], [28, "resilient-logs"], [51, "resilient-logs"], [60, "resilient-logs"], [67, "resilient-logs"], [94, "resilient-logs"], [99, "resilient-logs"], [100, "resilient-logs"], [114, "resilient-logs"], [122, "resilient-logs"], [127, "resilient-logs"], [130, "resilient-logs"], [139, "resilient-logs"], [148, "resilient-logs"], [159, "resilient-logs"]], "Resilient Scripting Log": [[9, "resilient-scripting-log"], [11, "resilient-scripting-log"], [28, "resilient-scripting-log"], [51, "resilient-scripting-log"], [60, "resilient-scripting-log"], [67, "resilient-scripting-log"], [94, "resilient-scripting-log"], [99, "resilient-scripting-log"], [100, "resilient-scripting-log"], [114, "resilient-scripting-log"], [122, "resilient-scripting-log"], [127, "resilient-scripting-log"], [130, "resilient-scripting-log"], [139, "resilient-scripting-log"], [148, "resilient-scripting-log"], [159, "resilient-scripting-log"]], "Resilient platform": [[16, "resilient-platform"], [27, "resilient-platform"], [30, "resilient-platform"], [46, "resilient-platform"], [52, "resilient-platform"], [54, "resilient-platform"], [57, "resilient-platform"], [62, "resilient-platform"], [76, "resilient-platform"], [77, "resilient-platform"], [83, "resilient-platform"], [92, "resilient-platform"], [93, "resilient-platform"], [145, "resilient-platform"]], "Resilient server setup": [[161, "resilient-server-setup"]], "Resilient-Circuits": [[9, "resilient-circuits"], [11, "resilient-circuits"], [15, "resilient-circuits"], [28, "resilient-circuits"], [51, "resilient-circuits"], [60, "resilient-circuits"], [67, "resilient-circuits"], [94, "resilient-circuits"], [99, "resilient-circuits"], [100, "resilient-circuits"], [114, "resilient-circuits"], [122, "resilient-circuits"], [127, "resilient-circuits"], [130, "resilient-circuits"], [139, "resilient-circuits"], [141, "resilient-circuits"], [148, "resilient-circuits"], [159, "resilient-circuits"]], "ResilientFeed Class": [[181, "resilientfeed-class"]], "ResilientHelper API": [[119, "resilienthelper-api"]], "Result": [[187, "result"], [189, "result"]], "Results": [[157, "results"]], "Retry Mechanism": [[110, "retry-mechanism"]], "Return:": [[119, "return"], [119, "id2"], [119, "id4"]], "Returns:": [[119, "returns"], [119, "id7"], [119, "id9"]], "Revision History": [[29, "revision-history"], [167, "revision-history"]], "Risk Fabric": [[160, null]], "Risk Fabric Example Workflows": [[160, "risk-fabric-example-workflows"]], "RiskIQ PassiveTotal": [[172, null]], "Rules": [[7, "rules"], [8, "rules"], [9, "rules"], [12, "rules"], [15, "rules"], [16, "rules"], [19, "rules"], [21, "rules"], [23, "rules"], [27, "rules"], [30, "rules"], [31, "rules"], [32, "rules"], [33, "rules"], [36, "rules"], [38, "rules"], [46, "rules"], [47, "rules"], [48, "rules"], [49, "rules"], [50, "rules"], [52, "rules"], [53, "rules"], [54, "rules"], [55, "rules"], [56, "rules"], [57, "rules"], [58, "rules"], [59, "rules"], [61, "rules"], [62, "rules"], [68, "rules"], [75, "rules"], [76, "rules"], [78, "rules"], [81, "rules"], [83, "rules"], [85, "rules"], [86, "rules"], [87, "rules"], [91, "rules"], [92, "rules"], [93, "rules"], [95, "rules"], [96, "rules"], [101, "rules"], [108, "rules"], [109, "rules"], [116, "rules"], [121, "rules"], [123, "rules"], [126, "rules"], [129, "rules"], [132, "rules"], [134, "rules"], [135, "rules"], [136, "rules"], [137, "rules"], [138, "rules"], [143, "rules"], [145, "rules"], [147, "rules"], [149, "rules"], [152, "rules"], [153, "rules"], [161, "rules"]], "Rules and Workflows": [[132, "rules-and-workflows"]], "Rules and workflows have been provided:": [[22, "rules-and-workflows-have-been-provided"]], "Rules:": [[37, "rules"], [111, "rules"]], "Run Application": [[55, "run-application"]], "Running Powershell Scripts Remotely:": [[84, "running-powershell-scripts-remotely"]], "SNOW Helper: Update Data Table": [[118, "snow-helper-update-data-table"]], "SNOW: Add Attachment to Record": [[118, "snow-add-attachment-to-record"]], "SNOW: Add Note to Record": [[118, "snow-add-note-to-record"]], "SNOW: Close Record": [[118, "snow-close-record"]], "SNOW: Create Record": [[118, "snow-create-record"]], "SNOW: Lookup sys_id": [[118, "snow-lookup-sys-id"]], "SNOW: Update Record": [[118, "snow-update-record"]], "SOAR Action Status": [[15, "soar-action-status"], [141, "soar-action-status"]], "SOAR Content Package for Have I Been Pwned": [[183, null]], "SOAR Content Package for URLScan.io": [[185, null]], "SOAR Content Package for VirusTotal v1.1": [[186, null]], "SOAR Customization Guide": [[118, null]], "SOAR Logs": [[15, "soar-logs"], [141, "soar-logs"]], "SOAR Scripting Log": [[15, "soar-scripting-log"], [141, "soar-scripting-log"]], "SOAR Utilities": [[126, null]], "SOAR Wiki": [[149, null]], "SOAR functions taken from fn_utilities to simplify development of integrations by wrapping each external activity into an individual workflow/playbook component. The SOAR Platform sends data from artifacts, attachments, incident data, etc. to the function component and returns results to the workflow/playbook. The results can be acted upon by scripts, rules, and workflow/playbook decision points to dynamically orchestrate the security incident response activities.": [[126, "soar-functions-taken-from-fn-utilities-to-simplify-development-of-integrations-by-wrapping-each-external-activity-into-an-individual-workflow-playbook-component-the-soar-platform-sends-data-from-artifacts-attachments-incident-data-etc-to-the-function-component-and-returns-results-to-the-workflow-playbook-the-results-can-be-acted-upon-by-scripts-rules-and-workflow-playbook-decision-points-to-dynamically-orchestrate-the-security-incident-response-activities"]], "SOAR platform": [[7, "soar-platform"], [10, "soar-platform"], [12, "soar-platform"], [14, "soar-platform"], [15, "soar-platform"], [17, "soar-platform"], [18, "soar-platform"], [19, "soar-platform"], [20, "soar-platform"], [21, "soar-platform"], [23, "soar-platform"], [24, "soar-platform"], [31, "soar-platform"], [34, "soar-platform"], [35, "soar-platform"], [38, "soar-platform"], [40, "soar-platform"], [41, "soar-platform"], [42, "soar-platform"], [45, "soar-platform"], [48, "soar-platform"], [50, "soar-platform"], [58, "soar-platform"], [63, "soar-platform"], [64, "soar-platform"], [65, "soar-platform"], [66, "soar-platform"], [71, "soar-platform"], [73, "soar-platform"], [78, "soar-platform"], [79, "soar-platform"], [80, "soar-platform"], [81, "soar-platform"], [84, "soar-platform"], [85, "soar-platform"], [86, "soar-platform"], [87, "soar-platform"], [88, "soar-platform"], [89, "soar-platform"], [90, "soar-platform"], [91, "soar-platform"], [95, "soar-platform"], [96, "soar-platform"], [98, "soar-platform"], [101, "soar-platform"], [102, "soar-platform"], [103, "soar-platform"], [105, "soar-platform"], [106, "soar-platform"], [107, "soar-platform"], [108, "soar-platform"], [109, "soar-platform"], [110, "soar-platform"], [112, "soar-platform"], [113, "soar-platform"], [115, "soar-platform"], [116, "soar-platform"], [121, "soar-platform"], [123, "soar-platform"], [124, "soar-platform"], [125, "soar-platform"], [126, "soar-platform"], [128, "soar-platform"], [129, "soar-platform"], [131, "soar-platform"], [134, "soar-platform"], [135, "soar-platform"], [142, "soar-platform"], [144, "soar-platform"], [146, "soar-platform"], [150, "soar-platform"], [151, "soar-platform"], [152, "soar-platform"], [153, "soar-platform"], [165, "soar-platform"]], "SOAR to ICD": [[159, null]], "SQLServer": [[86, "sqlserver"]], "SQLite Database": [[181, "sqlite-database"]], "SQLiteFeed Class": [[180, "sqlitefeed-class"]], "SSH Connection Setup": [[37, "ssh-connection-setup"]], "Salesforce": [[112, null]], "Salesforce Case Record Types": [[112, "salesforce-case-record-types"]], "Salesforce Case Type Picklist": [[112, "salesforce-case-type-picklist"]], "Salesforce Configuration": [[112, "salesforce-configuration"]], "Salesforce Development Version": [[112, "salesforce-development-version"]], "Sample Function layout:": [[8, "sample-function-layout"]], "Sample Output Displayed on Incident Notes Section": [[8, "sample-output-displayed-on-incident-notes-section"]], "Sample Post-Process Script": [[8, "sample-post-process-script"]], "Sample Pre-Process Script": [[8, "sample-pre-process-script"]], "Sample results": [[157, "sample-results"]], "Sample workflows have been provided:": [[26, "sample-workflows-have-been-provided"]], "Scheduler": [[113, null]], "Script - Axonius: Populate Devices Data Table": [[17, "script-axonius-populate-devices-data-table"]], "Script - Cisco ASA: Write Artifact to Network Object data table": [[24, "script-cisco-asa-write-artifact-to-network-object-data-table"]], "Script - Convert JSON information to HITS": [[165, "script-convert-json-information-to-hits"]], "Script - Convert JSON to rich text v1.1": [[129, "script-convert-json-to-rich-text-v1-1"]], "Script - Convert JSON to rich text v1.3": [[12, "script-convert-json-to-rich-text-v1-3"], [17, "script-convert-json-to-rich-text-v1-3"], [24, "script-convert-json-to-rich-text-v1-3"], [45, "script-convert-json-to-rich-text-v1-3"], [90, "script-convert-json-to-rich-text-v1-3"], [115, "script-convert-json-to-rich-text-v1-3"], [144, "script-convert-json-to-rich-text-v1-3"], [166, "script-convert-json-to-rich-text-v1-3"]], "Script - Convert json to rich text": [[78, "script-convert-json-to-rich-text"]], "Script - Create Artifact for QRadar Advisor Analysis Observable": [[101, "script-create-artifact-for-qradar-advisor-analysis-observable"]], "Script - Create Artifact for Watson Search with Local Context": [[101, "script-create-artifact-for-watson-search-with-local-context"]], "Script - Create Artifact from Indicator": [[77, "script-create-artifact-from-indicator"]], "Script - Create Artifact from Pipl Data": [[95, "script-create-artifact-from-pipl-data"]], "Script - Example: Create Artifact for App ID": [[68, "script-example-create-artifact-for-app-id"]], "Script - Example: Create Artifact for Device ID": [[68, "script-example-create-artifact-for-device-id"]], "Script - Example: Proofpoint TAP - Create Artifact for Campaign Object Name or Threat": [[98, "script-example-proofpoint-tap-create-artifact-for-campaign-object-name-or-threat"]], "Script - Exchange Online Create Artifacts from Message": [[41, "script-exchange-online-create-artifacts-from-message"]], "Script - ExtraHop script: add artifact from device": [[42, "script-extrahop-script-add-artifact-from-device"]], "Script - ExtraHop script: detection property helper": [[42, "script-extrahop-script-detection-property-helper"]], "Script - No search results": [[66, "script-no-search-results"]], "Script - PB: Display playbook data": [[97, "script-pb-display-playbook-data"]], "Script - PB: Display workflow data": [[97, "script-pb-display-workflow-data"]], "Script - Parse Darktrace Details to Incident Properties": [[34, "script-parse-darktrace-details-to-incident-properties"]], "Script - Parse Darktrace Device Details to Artifacts": [[34, "script-parse-darktrace-device-details-to-artifacts"]], "Script - Parse Darktrace Device Details to Data Table": [[34, "script-parse-darktrace-device-details-to-data-table"]], "Script - Parse Darktrace Incident Events Details to Data Table": [[34, "script-parse-darktrace-incident-events-details-to-data-table"]], "Script - Parse Darktrace Model Breaches Details to Data Table": [[34, "script-parse-darktrace-model-breaches-details-to-data-table"]], "Script - Save Outbound Email Results": [[87, "script-save-outbound-email-results"]], "Script - Set Incident Last Updated Time": [[102, "script-set-incident-last-updated-time"]], "Script - Trusteer PPD: Create Artifacts": [[135, "script-trusteer-ppd-create-artifacts"]], "Script - Trusteer PPD: Create Case from Email v1.0.0": [[135, "script-trusteer-ppd-create-case-from-email-v1-0-0"]], "Script - VMware CBC: Populate CBC Device Row from Alert": [[144, "script-vmware-cbc-populate-cbc-device-row-from-alert"]], "Script - VMware CBC: Populate CBC Device Row from Device": [[144, "script-vmware-cbc-populate-cbc-device-row-from-device"]], "Script - VMware CBC: Populate Observations Data Table": [[144, "script-vmware-cbc-populate-observations-data-table"]], "Script - scr_amp_add_artifact_from_activity": [[23, "script-scr-amp-add-artifact-from-activity"]], "Script - scr_amp_add_artifact_from_event": [[23, "script-scr-amp-add-artifact-from-event"]], "Script - scr_amp_add_artifact_from_trajectory": [[23, "script-scr-amp-add-artifact-from-trajectory"]], "Script - scr_sep_add_artifact_from_scan_results": [[116, "script-scr-sep-add-artifact-from-scan-results"]], "Script - scr_sep_parse_email_notification": [[116, "script-scr-sep-parse-email-notification"]], "Secureworks CTP": [[114, null]], "Secureworks CTP Layout Tab": [[114, "secureworks-ctp-layout-tab"]], "See section App Configuration for the new app.config setting: alert_filters. This setting must be manually added to your app.config file in order to use it with the poller to filter incident creation.": [[77, "see-section-app-configuration-for-the-new-app-config-setting-alert-filters-this-setting-must-be-manually-added-to-your-app-config-file-in-order-to-use-it-with-the-poller-to-filter-incident-creation"]], "Select an execution user for Client Credential Flow": [[112, "select-an-execution-user-for-client-credential-flow"]], "Sending SOAR artifacts to SNOW": [[118, "sending-soar-artifacts-to-snow"]], "Sensitive information using App Secrets": [[110, "sensitive-information-using-app-secrets"]], "Sentinel Configuration": [[79, "sentinel-configuration"]], "SentinelOne": [[115, null]], "ServiceNow": [[117, null]], "ServiceNow Customization Guide": [[119, null]], "ServiceNow Installation Guide": [[120, null]], "ServiceNow Records": [[118, "servicenow-records"]], "Setting timer_epoch programmatically": [[134, "setting-timer-epoch-programmatically"]], "Setting up API Permissions (Both Permissions)": [[131, "setting-up-api-permissions-both-permissions"]], "Setting up Delegated permissions (Delegated permissions)": [[131, "setting-up-delegated-permissions-delegated-permissions"]], "Setting up Incoming Webhooks (Both Permissions)": [[131, "setting-up-incoming-webhooks-both-permissions"]], "Setup": [[0, null], [35, "setup"], [43, "setup"], [69, "setup"], [70, "setup"], [167, "setup"], [175, "setup"]], "Setup Steps": [[181, "setup-steps"]], "ShadowServer Threat Service": [[173, null]], "Shadowserver": [[121, null]], "Shell-Runner": [[163, null]], "Shodan": [[122, null]], "Siemplify": [[123, null]], "Similar to alert search \u201ccriteria\u201d, a search alert \u201cexclusions\u201d filter can be specified for each polling_filter_criteria_(1,2,3).": [[144, "similar-to-alert-search-criteria-a-search-alert-exclusions-filter-can-be-specified-for-each-polling-filter-criteria-1-2-3"]], "Slack": [[124, null]], "Snapshot URL": [[125, null]], "Spamhaus Lookup": [[127, null]], "Splunk": [[128, null]], "Splunk Configuration": [[182, "splunk-configuration"]], "SplunkHECFeed Class": [[182, "splunkhecfeed-class"]], "Start": [[43, "start"], [69, "start"], [70, "start"]], "Step 10: Create new Custom Rule that runs our Workflow": [[190, "step-10-create-new-custom-rule-that-runs-our-workflow"]], "Step 11: Run our Custom Workflow": [[190, "step-11-run-our-custom-workflow"]], "Step 12: Start Docker": [[190, "step-12-start-docker"]], "Step 13: Ensure OpenLDAP is Configured and Running": [[190, "step-13-ensure-openldap-is-configured-and-running"]], "Step 14: Install the LDAP Utilities Function": [[190, "step-14-install-the-ldap-utilities-function"]], "Step 15: Configure LDAP Utilities": [[190, "step-15-configure-ldap-utilities"]], "Step 16: Run LDAP Search Function": [[190, "step-16-run-ldap-search-function"]], "Step 17: View LDAP Search Results in Resilient UI": [[190, "step-17-view-ldap-search-results-in-resilient-ui"]], "Step 18: Install & Configure the CMDB Function": [[190, "step-18-install-configure-the-cmdb-function"]], "Step 19: Setup GRR": [[190, "step-19-setup-grr"]], "Step 1: Check which Python Version is installed": [[190, "step-1-check-which-python-version-is-installed"]], "Step 1: Install ServiceNow IBM SOAR App": [[120, "step-1-install-servicenow-ibm-soar-app"]], "Step 1: Use Correct Application Scope": [[119, "step-1-use-correct-application-scope"]], "Step 20: Add GRR Message Destination in Resilient UI": [[190, "step-20-add-grr-message-destination-in-resilient-ui"]], "Step 20: Add New GRR Function in Resilient UI": [[190, "step-20-add-new-grr-function-in-resilient-ui"]], "Step 21: Add New GRR Workflow in Resilient UI": [[190, "step-21-add-new-grr-workflow-in-resilient-ui"]], "Step 22: Add New GRR Rule in Resilient UI": [[190, "step-22-add-new-grr-rule-in-resilient-ui"]], "Step 23: Add Python Code for GRR Function": [[190, "step-23-add-python-code-for-grr-function"]], "Step 24: Develop GRR Script": [[190, "step-24-develop-grr-script"]], "Step 25: Convert the Test Script into a Resilient Function": [[190, "step-25-convert-the-test-script-into-a-resilient-function"]], "Step 26: Run our new Custom Workflow": [[190, "step-26-run-our-new-custom-workflow"]], "Step 27: Store Credentials in app.config file": [[190, "step-27-store-credentials-in-app-config-file"]], "Step 28: Package your Message Destination, Function, Workflow and Rule": [[190, "step-28-package-your-message-destination-function-workflow-and-rule"]], "Step 2: Create a Copy of Existing RES Workflow": [[119, "step-2-create-a-copy-of-existing-res-workflow"]], "Step 2: Create a User in ServiceNow and assign it the correct Role": [[120, "step-2-create-a-user-in-servicenow-and-assign-it-the-correct-role"]], "Step 2: Make sure Resilient License is Valid": [[190, "step-2-make-sure-resilient-license-is-valid"]], "Step 3: Create an API Key on the SOAR Platform": [[120, "step-3-create-an-api-key-on-the-soar-platform"]], "Step 3: Install Resilient Circuits": [[190, "step-3-install-resilient-circuits"]], "Step 3: Modify the Run Script": [[119, "step-3-modify-the-run-script"]], "Step 4: Configure Resilient Circuits": [[190, "step-4-configure-resilient-circuits"]], "Step 4: Enter IBM SOAR Configurations": [[120, "step-4-enter-ibm-soar-configurations"]], "Step 5: Create User Accounts": [[190, "step-5-create-user-accounts"]], "Step 5: Download & Install fn_service_now App": [[120, "step-5-download-install-fn-service-now-app"]], "Step 6: Install and Configure ServiceNow MID Server (if needed)": [[120, "step-6-install-and-configure-servicenow-mid-server-if-needed"]], "Step 6: Run Resilient Circuits": [[190, "step-6-run-resilient-circuits"]], "Step 7: Give your ServiceNow users the correct Role": [[120, "step-7-give-your-servicenow-users-the-correct-role"]], "Step 7: Install FN Utilities": [[190, "step-7-install-fn-utilities"]], "Step 8: Security Incident Response (SIR) Configurations": [[120, "step-8-security-incident-response-sir-configurations"]], "Step 8: Testing FN Utilities": [[190, "step-8-testing-fn-utilities"]], "Step 9: Create new Custom Workflow that uses our Shell Command Function": [[190, "step-9-create-new-custom-workflow-that-uses-our-shell-command-function"]], "Step 9: Test": [[120, "step-9-test"]], "Steps": [[166, "steps"], [187, "steps"]], "Steps to rebuild apps using the app refreshment utility scripts": [[3, "steps-to-rebuild-apps-using-the-app-refreshment-utility-scripts"]], "Support": [[9, "support"], [11, "support"], [28, "support"], [51, "support"], [60, "support"], [67, "support"], [94, "support"], [99, "support"], [100, "support"], [114, "support"], [122, "support"], [127, "support"], [130, "support"], [139, "support"], [141, "support"], [148, "support"], [159, "support"]], "Support for External Reputations": [[76, "support-for-external-reputations"]], "Supported Artifacts": [[71, "supported-artifacts"]], "Supported Resilient Functions for Cisco Umbrella Investigate": [[26, "supported-resilient-functions-for-cisco-umbrella-investigate"]], "Supported Scheduled Rules/Playbooks": [[113, "supported-scheduled-rules-playbooks"]], "Supported artifact types": [[171, "supported-artifact-types"]], "Supporting Outlook .msg files": [[90, "supporting-outlook-msg-files"], [90, "id1"]], "Symantec DLP": [[129, null]], "Symantec Endpoint Protection": [[116, null]], "Symantec ICDx": [[58, null]], "Sync to SOAR automatically on group assignment (SIR only)": [[120, "sync-to-soar-automatically-on-group-assignment-sir-only"]], "Synchronization Methods": [[181, "synchronization-methods"]], "System Requirements": [[69, "system-requirements"], [70, "system-requirements"]], "TOR": [[104, null]], "Table of Contents": [[1, "table-of-contents"], [7, "table-of-contents"], [8, "table-of-contents"], [9, "table-of-contents"], [10, "table-of-contents"], [12, "table-of-contents"], [14, "table-of-contents"], [15, "table-of-contents"], [16, "table-of-contents"], [17, "table-of-contents"], [18, "table-of-contents"], [19, "table-of-contents"], [20, "table-of-contents"], [23, "table-of-contents"], [24, "table-of-contents"], [27, "table-of-contents"], [29, "table-of-contents"], [30, "table-of-contents"], [31, "table-of-contents"], [32, "table-of-contents"], [33, "table-of-contents"], [35, "table-of-contents"], [36, "table-of-contents"], [37, "table-of-contents"], [38, "table-of-contents"], [40, "table-of-contents"], [41, "table-of-contents"], [42, "table-of-contents"], [45, "table-of-contents"], [50, "table-of-contents"], [54, "table-of-contents"], [57, "table-of-contents"], [58, "table-of-contents"], [59, "table-of-contents"], [62, "table-of-contents"], [63, "table-of-contents"], [64, "table-of-contents"], [65, "table-of-contents"], [66, "table-of-contents"], [68, "table-of-contents"], [73, "table-of-contents"], [75, "table-of-contents"], [76, "table-of-contents"], [77, "table-of-contents"], [78, "table-of-contents"], [79, "table-of-contents"], [80, "table-of-contents"], [81, "table-of-contents"], [83, "table-of-contents"], [84, "table-of-contents"], [85, "table-of-contents"], [86, "table-of-contents"], [87, "table-of-contents"], [88, "table-of-contents"], [89, "table-of-contents"], [90, "table-of-contents"], [91, "table-of-contents"], [92, "table-of-contents"], [93, "table-of-contents"], [95, "table-of-contents"], [96, "table-of-contents"], [97, "table-of-contents"], [98, "table-of-contents"], [101, "table-of-contents"], [102, "table-of-contents"], [103, "table-of-contents"], [106, "table-of-contents"], [107, "table-of-contents"], [108, "table-of-contents"], [109, "table-of-contents"], [110, "table-of-contents"], [112, "table-of-contents"], [113, "table-of-contents"], [115, "table-of-contents"], [116, "table-of-contents"], [121, "table-of-contents"], [123, "table-of-contents"], [124, "table-of-contents"], [125, "table-of-contents"], [126, "table-of-contents"], [128, "table-of-contents"], [129, "table-of-contents"], [131, "table-of-contents"], [134, "table-of-contents"], [135, "table-of-contents"], [136, "table-of-contents"], [138, "table-of-contents"], [142, "table-of-contents"], [143, "table-of-contents"], [144, "table-of-contents"], [145, "table-of-contents"], [146, "table-of-contents"], [147, "table-of-contents"], [149, "table-of-contents"], [150, "table-of-contents"], [151, "table-of-contents"], [152, "table-of-contents"], [153, "table-of-contents"], [155, "table-of-contents"]], "Table of Contents -": [[55, "table-of-contents"]], "Table of Contents <!-- omit in toc -->": [[21, "table-of-contents"], [34, "table-of-contents"], [46, "table-of-contents"], [48, "table-of-contents"], [52, "table-of-contents"], [71, "table-of-contents"], [105, "table-of-contents"]], "Target Filtering": [[105, "target-filtering"]], "Task Links": [[87, "task-links"]], "Task Process": [[188, "task-process"]], "Task Utilities": [[130, null]], "Technical Workshop Guide: resilient-circuits": [[190, null]], "Template Appendix": [[77, "template-appendix"], [129, "template-appendix"]], "Template files": [[77, "template-files"]], "Templates": [[65, "templates"]], "Templates for SOAR Cases": [[42, "templates-for-soar-cases"], [48, "templates-for-soar-cases"], [105, "templates-for-soar-cases"], [106, "templates-for-soar-cases"], [112, "templates-for-soar-cases"], [144, "templates-for-soar-cases"]], "Tests": [[161, "tests"]], "The Case/incident Owner": [[135, "the-case-incident-owner"]], "The incident owner": [[189, "the-incident-owner"]], "The integration contains the following functions:\nscreenshot: functions\nscreenshot: functions_2": [[15, "the-integration-contains-the-following-functions"]], "The resulting .tar.gz file can be installed using:": [[133, "the-resulting-tar-gz-file-can-be-installed-using"]], "This is useful for developing and testing your Workflows in one org/instance, then transferring it to another/production instance": [[190, "this-is-useful-for-developing-and-testing-your-workflows-in-one-org-instance-then-transferring-it-to-another-production-instance"]], "ThreatMiner": [[132, null]], "Thug": [[133, null]], "Timeouts": [[100, "timeouts"]], "Timer Function": [[134, null]], "Timezones": [[40, "timezones"]], "To install in development mode:": [[39, "to-install-in-development-mode"], [133, "to-install-in-development-mode"]], "To package for distribution:": [[39, "to-package-for-distribution"], [133, "to-package-for-distribution"]], "To uninstall:": [[39, "to-uninstall"], [133, "to-uninstall"]], "Troubleshooting": [[9, "troubleshooting"], [11, "troubleshooting"], [28, "troubleshooting"], [51, "troubleshooting"], [60, "troubleshooting"], [67, "troubleshooting"], [70, "troubleshooting"], [94, "troubleshooting"], [99, "troubleshooting"], [100, "troubleshooting"], [114, "troubleshooting"], [122, "troubleshooting"], [127, "troubleshooting"], [130, "troubleshooting"], [139, "troubleshooting"], [141, "troubleshooting"], [148, "troubleshooting"], [159, "troubleshooting"], [166, "troubleshooting"], [188, "troubleshooting"]], "Troubleshooting & Support": [[7, "troubleshooting-support"], [10, "troubleshooting-support"], [12, "troubleshooting-support"], [14, "troubleshooting-support"], [15, "troubleshooting-support"], [16, "troubleshooting-support"], [17, "troubleshooting-support"], [18, "troubleshooting-support"], [19, "troubleshooting-support"], [20, "troubleshooting-support"], [21, "troubleshooting-support"], [23, "troubleshooting-support"], [24, "troubleshooting-support"], [27, "troubleshooting-support"], [30, "troubleshooting-support"], [31, "troubleshooting-support"], [35, "troubleshooting-support"], [38, "troubleshooting-support"], [40, "troubleshooting-support"], [41, "troubleshooting-support"], [42, "troubleshooting-support"], [45, "troubleshooting-support"], [46, "troubleshooting-support"], [48, "troubleshooting-support"], [50, "troubleshooting-support"], [52, "troubleshooting-support"], [54, "troubleshooting-support"], [57, "troubleshooting-support"], [58, "troubleshooting-support"], [59, "troubleshooting-support"], [62, "troubleshooting-support"], [63, "troubleshooting-support"], [64, "troubleshooting-support"], [65, "troubleshooting-support"], [66, "troubleshooting-support"], [68, "troubleshooting-support"], [71, "troubleshooting-support"], [73, "troubleshooting-support"], [74, "troubleshooting-support"], [75, "troubleshooting-support"], [76, "troubleshooting-support"], [77, "troubleshooting-support"], [78, "troubleshooting-support"], [79, "troubleshooting-support"], [80, "troubleshooting-support"], [81, "troubleshooting-support"], [83, "troubleshooting-support"], [84, "troubleshooting-support"], [85, "troubleshooting-support"], [86, "troubleshooting-support"], [87, "troubleshooting-support"], [88, "troubleshooting-support"], [89, "troubleshooting-support"], [90, "troubleshooting-support"], [91, "troubleshooting-support"], [92, "troubleshooting-support"], [93, "troubleshooting-support"], [95, "troubleshooting-support"], [96, "troubleshooting-support"], [97, "troubleshooting-support"], [98, "troubleshooting-support"], [101, "troubleshooting-support"], [102, "troubleshooting-support"], [103, "troubleshooting-support"], [105, "troubleshooting-support"], [106, "troubleshooting-support"], [107, "troubleshooting-support"], [108, "troubleshooting-support"], [109, "troubleshooting-support"], [110, "troubleshooting-support"], [112, "troubleshooting-support"], [113, "troubleshooting-support"], [115, "troubleshooting-support"], [116, "troubleshooting-support"], [121, "troubleshooting-support"], [123, "troubleshooting-support"], [124, "troubleshooting-support"], [125, "troubleshooting-support"], [126, "troubleshooting-support"], [128, "troubleshooting-support"], [129, "troubleshooting-support"], [131, "troubleshooting-support"], [134, "troubleshooting-support"], [135, "troubleshooting-support"], [138, "troubleshooting-support"], [142, "troubleshooting-support"], [144, "troubleshooting-support"], [145, "troubleshooting-support"], [146, "troubleshooting-support"], [149, "troubleshooting-support"], [150, "troubleshooting-support"], [151, "troubleshooting-support"], [152, "troubleshooting-support"], [153, "troubleshooting-support"], [155, "troubleshooting-support"]], "Troubleshooting SQLite DB": [[181, "troubleshooting-sqlite-db"]], "Troubleshooting Tips": [[181, "troubleshooting-tips"]], "Trusteer Pinpoint Detect": [[135, null]], "Twilio SMS": [[136, null]], "Twilio: Get Responses": [[136, "twilio-get-responses"]], "Twitter Search API": [[137, null]], "URL domain allowlists": [[189, "url-domain-allowlists"]], "URL to DNS": [[138, null]], "URLScan IO Threat Searcher": [[174, null]], "URLScan.io": [[140, null]], "URLhaus": [[139, null]], "Ubuntu and Debian": [[85, "ubuntu-and-debian"]], "Uninstall": [[9, "uninstall"], [11, "uninstall"], [28, "uninstall"], [43, "uninstall"], [44, "uninstall"], [51, "uninstall"], [60, "uninstall"], [67, "uninstall"], [69, "uninstall"], [70, "uninstall"], [74, "uninstall"], [94, "uninstall"], [99, "uninstall"], [100, "uninstall"], [114, "uninstall"], [122, "uninstall"], [127, "uninstall"], [130, "uninstall"], [141, "uninstall"], [159, "uninstall"], [171, "uninstall"], [183, "uninstall"], [184, "uninstall"], [186, "uninstall"]], "Uninstall (Integration Server)": [[139, "uninstall-integration-server"]], "Upgrade Instructions": [[167, "upgrade-instructions"]], "Upgrades to v1.0.1": [[9, "upgrades-to-v1-0-1"]], "Usage": [[0, "usage"], [1, "usage"], [1, "id1"], [2, "usage"], [67, "usage"], [155, "usage"], [166, "usage"], [183, "usage"], [184, "usage"], [185, "usage"], [186, "usage"], [187, "usage"]], "Use": [[72, "use"]], "Use Cases": [[55, "use-cases"]], "Useful Tools": [[177, "useful-tools"]], "User specified SIEM endpoints": [[98, "user-specified-siem-endpoints"]], "Using App Host:": [[46, "using-app-host"]], "Using Global Scripts": [[96, "using-global-scripts"]], "Using MxToolBox Function": [[82, "using-mxtoolbox-function"]], "Using TOR Function": [[104, "using-tor-function"]], "Using an Integration Server:": [[46, "using-an-integration-server"]], "Using oauth-utils package": [[87, "using-oauth-utils-package"]], "Using the Ability.IO Function": [[13, "using-the-ability-io-function"]], "Using the Alien Vault OTX Function": [[8, "using-the-alien-vault-otx-function"]], "Using the example functions": [[66, "using-the-example-functions"]], "Utilities (Deprecated)": [[141, null]], "Utility scripts for automatic app refreshment": [[3, null]], "Utility: oauth2_generate_refresh_token": [[155, "utility-oauth2-generate-refresh-token"], [155, "id1"]], "V1.1 Considerations": [[77, "v1-1-considerations"]], "V2.0 Changes": [[181, "v2-0-changes"]], "VMRay Sandbox Analyzer": [[143, null]], "VMware Carbon Black Cloud": [[144, null]], "VMware Carbon Black Cloud Development Version": [[144, "vmware-carbon-black-cloud-development-version"]], "Version 1.0.5 changes": [[180, "version-1-0-5-changes"]], "Version 1.1.0 changes": [[180, "version-1-1-0-changes"]], "Version 2.0.0 Changes": [[102, "version-2-0-0-changes"]], "Version 3.1.0 Changes": [[63, "version-3-1-0-changes"]], "View a saved model": [[69, "view-a-saved-model"]], "VirusTotal": [[142, null]], "VirusTotal Development Version": [[142, "virustotal-development-version"]], "VirusTotal: Scan for Hits Automatic (PB) Playbook": [[186, "virustotal-scan-for-hits-automatic-pb-playbook"]], "Volatility": [[37, "volatility"]], "Watson Translate": [[145, null]], "Webex Configuration": [[146, "webex-configuration"]], "What\u2019s Included": [[188, "what-s-included"]], "Whois": [[147, null]], "Whois RDAP": [[148, null]], "Why isn\u2019t \u201cX\u201d supported as a \u201cfeed destination\u201d?": [[177, "why-isn-t-x-supported-as-a-feed-destination"]], "Windows": [[85, "windows"]], "Wiz": [[150, null]], "Workflows": [[37, "workflows"], [132, "workflows"]], "Workflows:": [[111, "workflows"]], "Wrapping Up": [[4, "wrapping-up"]], "YETI Threat Service": [[175, null]], "Yeti": [[152, null]], "You can continue to use the rules/workflows. But migrating to playbooks provides greater functionality along with future app enhancements and bug fixes.": [[107, "you-can-continue-to-use-the-rules-workflows-but-migrating-to-playbooks-provides-greater-functionality-along-with-future-app-enhancements-and-bug-fixes"]], "You support PostgreSQL, can I create a new database on my IBM QRadar SOAR appliance and connect to that?": [[177, "you-support-postgresql-can-i-create-a-new-database-on-my-ibm-qradar-soar-appliance-and-connect-to-that"]], "Zoom": [[31, null]], "Zscaler Internet Access Functions for IBM SOAR": [[153, null]], "[Optional] Step 29: Share Packages amongst Organizations/Resilient Instances": [[190, "optional-step-29-share-packages-amongst-organizations-resilient-instances"]], "[Optional] Step 30: Setup VS Code to Debug Resilient Functions": [[190, "optional-step-30-setup-vs-code-to-debug-resilient-functions"]], "[fn_reaqta:hive_label] <!-- omit in toc -->": [[107, "fn-reaqta-hive-label"]], "[fn_reaqta] <!-- omit in toc -->": [[107, "fn-reaqta"]], "[resilient] Section Configurations": [[134, "resilient-section-configurations"]], "addNote(String res_reference_id, String noteText, String noteFormat)": [[119, "addnote-string-res-reference-id-string-notetext-string-noteformat"]], "apikey_permissions.txt": [[4, "apikey-permissions-txt"]], "app.config Settings:": [[53, "app-config-settings"]], "app.config examples:": [[84, "app-config-examples"], [84, "id1"]], "app.config file": [[182, "app-config-file"]], "app.config settings": [[136, "app-config-settings"], [140, "app-config-settings"]], "app.config settings:": [[32, "app-config-settings"], [36, "app-config-settings"], [37, "app-config-settings"], [47, "app-config-settings"], [49, "app-config-settings"], [56, "app-config-settings"], [61, "app-config-settings"], [137, "app-config-settings"], [147, "app-config-settings"]], "create(GlideRecord record, String snRecordId, String caseName, Object options)": [[119, "create-gliderecord-record-string-snrecordid-string-casename-object-options"]], "customize_and_reload.sh": [[3, "customize-and-reload-sh"]], "entrypoint.sh": [[4, "entrypoint-sh"]], "fn_aws_guardduty": [[14, null]], "fn_cisco_umbrella_inv Example": [[26, "fn-cisco-umbrella-inv-example"]], "fn_kafka": [[65, "fn-kafka"]], "fn_kafka:broker label": [[65, "fn-kafka-broker-label"]], "fn_qradar_enhanced_data 2.5.0 Changes": [[102, "fn-qradar-enhanced-data-2-5-0-changes"]], "fn_slack 2.0.0 Considerations": [[124, "fn-slack-2-0-0-considerations"]], "fn_slack 2.1.0 Changes": [[124, "fn-slack-2-1-0-changes"]], "gRPC Interface": [[52, null]], "getResilientReferenceId(GlideRecord record)": [[119, "getresilientreferenceid-gliderecord-record"]], "getResilientReferenceLink(GlideRecord record)": [[119, "getresilientreferencelink-gliderecord-record"]], "getResilientType(GlideRecord record)": [[119, "getresilienttype-gliderecord-record"]], "icons": [[4, "icons"]], "incident_close_template.jinja": [[79, "incident-close-template-jinja"]], "incident_create_template.jinja": [[79, "incident-create-template-jinja"]], "incident_update_template.jinja": [[79, "incident-update-template-jinja"]], "inventory_apps_server_version.py": [[3, "inventory-apps-server-version-py"]], "ldap_search Example": [[158, "ldap-search-example"]], "matching_incident_fields": [[181, "matching-incident-fields"]], "mirror-all-images.sh": [[1, "mirror-all-images-sh"]], "mirror-images.sh": [[1, "mirror-images-sh"]], "netMiko": [[83, null]], "on AppHost": [[15, "on-apphost"]], "on Integration Server": [[15, "on-integration-server"]], "poller_filters_template.jinja": [[79, "poller-filters-template-jinja"]], "resilient-sdk": [[4, "resilient-sdk"]], "screenshot: URL-to-DNS-rule": [[138, "id1"]], "screenshot: fn-kafka-send ": [[65, "id1"]], "screenshot: fn-make-playbook ": [[96, "id1"]], "screenshot: fn-vmware-cbc-api-key-5 ": [[144, "id1"]], "screenshot: main": [[30, "id1"], [35, "id1"]], "sentinel_close_incident_template.jinja": [[79, "sentinel-close-incident-template-jinja"]], "sentinel_update_incident_template.jinja": [[79, "sentinel-update-incident-template-jinja"]], "soar-python2-search.py": [[2, "soar-python2-search-py"]], "soar_close_case.jinja": [[105, "soar-close-case-jinja"], [106, "soar-close-case-jinja"], [112, "soar-close-case-jinja"], [144, "soar-close-case-jinja"]], "soar_close_incident.jinja": [[42, "soar-close-incident-jinja"]], "soar_create_case.jinja": [[105, "soar-create-case-jinja"], [106, "soar-create-case-jinja"], [112, "soar-create-case-jinja"], [144, "soar-create-case-jinja"]], "soar_create_case_with_artifacts.jinja": [[112, "soar-create-case-with-artifacts-jinja"]], "soar_create_incident.jinja": [[42, "soar-create-incident-jinja"]], "soar_ticketid_incident.jinja": [[42, "soar-ticketid-incident-jinja"]], "soar_update_case.jinja": [[105, "soar-update-case-jinja"], [106, "soar-update-case-jinja"], [112, "soar-update-case-jinja"], [144, "soar-update-case-jinja"]], "soar_update_incident.jinja": [[42, "soar-update-incident-jinja"]], "twilio_send_sms": [[136, "twilio-send-sms"]], "updateStateInResilient(String res_reference_id, String snTicketState, String snTicketStateColor)": [[119, "updatestateinresilient-string-res-reference-id-string-snticketstate-string-snticketstatecolor"]], "v1.0.0": [[9, "v1-0-0"], [28, "v1-0-0"], [41, "v1-0-0"], [51, "v1-0-0"], [62, "v1-0-0"], [67, "v1-0-0"], [68, "v1-0-0"], [74, "v1-0-0"], [75, "v1-0-0"], [94, "v1-0-0"], [99, "v1-0-0"], [100, "v1-0-0"], [114, "v1-0-0"], [122, "v1-0-0"], [127, "v1-0-0"], [132, "v1-0-0"], [138, "v1-0-0"], [139, "v1-0-0"], [143, "v1-0-0"], [159, "v1-0-0"]], "v1.0.0 <!-- omit in toc -->": [[117, "v1-0-0"]], "v1.0.1": [[9, "v1-0-1"], [28, "v1-0-1"], [51, "v1-0-1"], [68, "v1-0-1"], [74, "v1-0-1"], [94, "v1-0-1"], [99, "v1-0-1"], [100, "v1-0-1"], [127, "v1-0-1"], [132, "v1-0-1"], [139, "v1-0-1"], [143, "v1-0-1"]], "v1.0.1 <!-- omit in toc -->": [[117, "v1-0-1"]], "v1.0.2": [[51, "v1-0-2"], [68, "v1-0-2"], [74, "v1-0-2"], [99, "v1-0-2"], [139, "v1-0-2"]], "v1.0.2 <!-- omit in toc -->": [[117, "v1-0-2"]], "v1.0.3": [[99, "v1-0-3"]], "v1.0.3 <!-- omit in toc -->": [[117, "v1-0-3"]], "v1.0.4 <!-- omit in toc -->": [[117, "v1-0-4"]], "v1.0.5 <!-- omit in toc -->": [[117, "v1-0-5"]], "v1.1.0": [[41, "v1-1-0"], [62, "v1-1-0"], [75, "v1-1-0"], [138, "v1-1-0"]], "v1.1.1": [[171, "v1-1-1"]], "v1.2.0": [[41, "v1-2-0"], [75, "v1-2-0"]], "v1.3.0": [[41, "v1-3-0"]], "v2.0 Changes": [[87, "v2-0-changes"]], "v2.0.0": [[122, "v2-0-0"]], "v2.0.9": [[117, "v2-0-9"]], "v2.1.0": [[79, "v2-1-0"], [117, "v2-1-0"]], "v2.1.1": [[79, "v2-1-1"]], "v2.2.0": [[117, "v2-2-0"]], "v2.2.1": [[117, "v2-2-1"]], "v2.3.0": [[117, "v2-3-0"]]}, "docnames": [".environments/README", ".helper-scripts/mirror-containers/README", ".helper-scripts/soar-python-search-utility/README", ".scripts/refresh_all_apps/README", "app_host_files/README", "base_input_types/README", "docs/python_api", "fn_abuseipdb/README", "fn_alienvault_otx/README", "fn_anomali_staxx/README", "fn_ansible/README", "fn_ansible_tower/README", "fn_api_void/README", "fn_apility/README", "fn_aws_guardduty/README", "fn_aws_iam/README", "fn_aws_utilities/README", "fn_axonius/README", "fn_azure_automation_utilities/README", "fn_bigfix/README", "fn_bmc_helix/README", "fn_calendar_invite/README", "fn_cb_protection/README", "fn_cisco_amp4ep/README", "fn_cisco_asa/README", "fn_cisco_enforcement/README", "fn_cisco_umbrella_inv/README", "fn_clamav/README", "fn_cloud_foundry/README", "fn_components/README", "fn_create_webex_meeting/README", "fn_create_zoom_meeting/README", "fn_crowdstrike_falcon/README", "fn_cve_search/README", "fn_darktrace/README", "fn_datatable_utils/README", "fn_digital_shadows_search/README", "fn_docker/README", "fn_elasticsearch/README", "fn_email_header_validation/README", "fn_exchange/README", "fn_exchange_online/README", "fn_extrahop/README", "fn_floss/README", "fn_geocoding/README", "fn_github/README", "fn_google_cloud_dlp/README", "fn_google_cloud_functions/README", "fn_google_cloud_scc/README", "fn_google_maps_directions/README", "fn_googlesafebrowsing/README", "fn_greynoise/README", "fn_grpc_interface/README", "fn_grr_search/README", "fn_guardium_insights_integration/README", "fn_guardium_integration/README", "fn_hibp/README", "fn_html2pdf/README", "fn_icdx/README", "fn_incident_utils/README", "fn_ioc_parser_v2/README", "fn_ipinfo/README", "fn_isitphishing/README", "fn_jira/README", "fn_joe_sandbox_analysis/README", "fn_kafka/README", "fn_ldap_utilities/README", "fn_log_capture/README", "fn_maas360/README", "fn_machine_learning/README", "fn_machine_learning_nlp/README", "fn_mandiant/README", "fn_mcafee_atd/README", "fn_mcafee_epo/README", "fn_mcafee_esm/README", "fn_mcafee_opendxl/README", "fn_mcafee_tie/README", "fn_microsoft_defender/README", "fn_microsoft_security_graph/README", "fn_microsoft_sentinel/README", "fn_misp/README", "fn_mitre_integration/README", "fn_mxtoolbox/README", "fn_netdevice/README", "fn_network_utilities/README", "fn_ocr/README", "fn_odbc_query/README", "fn_outbound_email/README", "fn_pa_panorama/README", "fn_pagerduty/README", "fn_parse_utilities/README", "fn_passivetotal/README", "fn_pastebin/README", "fn_phish_ai/README", "fn_phish_tank/README", "fn_pipl/README", "fn_playbook_maker/README", "fn_playbook_utils/README", "fn_proofpoint_tap/README", "fn_proofpoint_trap/README", "fn_pulsedive/README", "fn_qradar_advisor/README", "fn_qradar_enhanced_data/README", "fn_qradar_integration/README", "fn_query_tor_network/README", "fn_randori/README", "fn_rapid7_insight_idr/README", "fn_reaqta/README", "fn_relations/README", "fn_remedy/README", "fn_rest_api/README", "fn_rsa_netwitness/README", "fn_salesforce/README", "fn_scheduler/README", "fn_secureworks_ctp/README", "fn_sentinelone/README", "fn_sep/README", "fn_service_now/README", "fn_service_now/docs/customize_resilient_guide/README", "fn_service_now/docs/customize_snow_guide/README", "fn_service_now/docs/install_guide/README", "fn_shadowserver/README", "fn_shodan/README", "fn_siemplify/README", "fn_slack/README", "fn_snapshot_url/README", "fn_soar_utils/README", "fn_spamhaus_query/README", "fn_splunk_integration/README", "fn_symantec_dlp/README", "fn_task_utils/README", "fn_teams/README", "fn_threatminer/README", "fn_thug/README", "fn_timer/README", "fn_trusteer_ppd/README", "fn_twilio/README", "fn_twitter_most_popular/README", "fn_url_to_dns/README", "fn_urlhaus/README", "fn_urlscanio/README", "fn_utilities/README", "fn_virustotal/README", "fn_vmray_analyzer/README", "fn_vmware_cbc/README", "fn_watson_translate/README", "fn_webex/README", "fn_whois/README", "fn_whois_rdap/README", "fn_wiki/README", "fn_wiz/README", "fn_xforce/README", "fn_yeti/README", "fn_zia/README", "index", "oauth-utils/README", "older/README", "older/fn_bluecoat_site_review/README", "older/fn_ldap_search/README", "older/fn_res_to_icd/README", "older/fn_risk_fabric/README", "older/rc-query-csv/README", "older/rc-query-runner/README", "older/rc-shell-runner/README", "older/rc-splunk-search/README", "pb_sans_isc_scan_ip/README", "pl_criminalip/README", "rc-cts-abuseipdb/README", "rc-cts-googlesafebrowsing/README", "rc-cts-haveibeenpwned/README", "rc-cts-mcafeetie/README", "rc-cts-misp/README", "rc-cts-passivetotal/README", "rc-cts-shadowserver/README", "rc-cts-urlscanio/README", "rc-cts-yeti/README", "rc-data-feed-plugin-filefeed/README", "rc_data_feed/README", "rc_data_feed_plugin_elasticfeed/README", "rc_data_feed_plugin_kafkafeed/README", "rc_data_feed_plugin_odbcfeed/README", "rc_data_feed_plugin_resilientfeed/README", "rc_data_feed_plugin_splunkfeed/README", "res_hibp/README", "res_qraw_mitre/README", "res_urlscanio/README", "res_virustotal/README", "sc_convert_json_to_rich_text/README", "sc_email_approval/README", "sc_email_parser/README", "workshop-guide/README"], "envversion": {"sphinx": 63, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1}, "filenames": [".environments/README.md", ".helper-scripts/mirror-containers/README.md", ".helper-scripts/soar-python-search-utility/README.md", ".scripts/refresh_all_apps/README.md", "app_host_files/README.md", "base_input_types/README.md", "docs/python_api.md", "fn_abuseipdb/README.md", "fn_alienvault_otx/README.md", "fn_anomali_staxx/README.md", "fn_ansible/README.md", "fn_ansible_tower/README.md", "fn_api_void/README.md", "fn_apility/README.md", "fn_aws_guardduty/README.md", "fn_aws_iam/README.md", "fn_aws_utilities/README.md", "fn_axonius/README.md", "fn_azure_automation_utilities/README.md", "fn_bigfix/README.md", "fn_bmc_helix/README.md", "fn_calendar_invite/README.md", "fn_cb_protection/README.md", "fn_cisco_amp4ep/README.md", "fn_cisco_asa/README.md", "fn_cisco_enforcement/README.md", "fn_cisco_umbrella_inv/README.md", "fn_clamav/README.md", "fn_cloud_foundry/README.md", "fn_components/README.md", "fn_create_webex_meeting/README.md", "fn_create_zoom_meeting/README.md", "fn_crowdstrike_falcon/README.md", "fn_cve_search/README.md", "fn_darktrace/README.md", "fn_datatable_utils/README.md", "fn_digital_shadows_search/README.md", "fn_docker/README.md", "fn_elasticsearch/README.md", "fn_email_header_validation/README.md", "fn_exchange/README.md", "fn_exchange_online/README.md", "fn_extrahop/README.md", "fn_floss/README.md", "fn_geocoding/README.md", "fn_github/README.md", "fn_google_cloud_dlp/README.md", "fn_google_cloud_functions/README.md", "fn_google_cloud_scc/README.md", "fn_google_maps_directions/README.md", "fn_googlesafebrowsing/README.md", "fn_greynoise/README.md", "fn_grpc_interface/README.md", "fn_grr_search/README.md", "fn_guardium_insights_integration/README.md", "fn_guardium_integration/README.md", "fn_hibp/README.md", "fn_html2pdf/README.md", "fn_icdx/README.md", "fn_incident_utils/README.md", "fn_ioc_parser_v2/README.md", "fn_ipinfo/README.md", "fn_isitphishing/README.md", "fn_jira/README.md", "fn_joe_sandbox_analysis/README.md", "fn_kafka/README.md", "fn_ldap_utilities/README.md", "fn_log_capture/README.md", "fn_maas360/README.md", "fn_machine_learning/README.md", "fn_machine_learning_nlp/README.md", "fn_mandiant/README.md", "fn_mcafee_atd/README.md", "fn_mcafee_epo/README.md", "fn_mcafee_esm/README.md", "fn_mcafee_opendxl/README.md", "fn_mcafee_tie/README.md", "fn_microsoft_defender/README.md", "fn_microsoft_security_graph/README.md", "fn_microsoft_sentinel/README.md", "fn_misp/README.md", "fn_mitre_integration/README.md", "fn_mxtoolbox/README.md", "fn_netdevice/README.md", "fn_network_utilities/README.md", "fn_ocr/README.md", "fn_odbc_query/README.md", "fn_outbound_email/README.md", "fn_pa_panorama/README.md", "fn_pagerduty/README.md", "fn_parse_utilities/README.md", "fn_passivetotal/README.md", "fn_pastebin/README.md", "fn_phish_ai/README.md", "fn_phish_tank/README.md", "fn_pipl/README.md", "fn_playbook_maker/README.md", "fn_playbook_utils/README.md", "fn_proofpoint_tap/README.md", "fn_proofpoint_trap/README.md", "fn_pulsedive/README.md", "fn_qradar_advisor/README.md", "fn_qradar_enhanced_data/README.md", "fn_qradar_integration/README.md", "fn_query_tor_network/README.md", "fn_randori/README.md", "fn_rapid7_insight_idr/README.md", "fn_reaqta/README.md", "fn_relations/README.md", "fn_remedy/README.md", "fn_rest_api/README.md", "fn_rsa_netwitness/README.md", "fn_salesforce/README.md", "fn_scheduler/README.md", "fn_secureworks_ctp/README.md", "fn_sentinelone/README.md", "fn_sep/README.md", "fn_service_now/README.md", "fn_service_now/docs/customize_resilient_guide/README.md", "fn_service_now/docs/customize_snow_guide/README.md", "fn_service_now/docs/install_guide/README.md", "fn_shadowserver/README.md", "fn_shodan/README.md", "fn_siemplify/README.md", "fn_slack/README.md", "fn_snapshot_url/README.md", "fn_soar_utils/README.md", "fn_spamhaus_query/README.md", "fn_splunk_integration/README.md", "fn_symantec_dlp/README.md", "fn_task_utils/README.md", "fn_teams/README.md", "fn_threatminer/README.md", "fn_thug/README.md", "fn_timer/README.md", "fn_trusteer_ppd/README.md", "fn_twilio/README.md", "fn_twitter_most_popular/README.md", "fn_url_to_dns/README.md", "fn_urlhaus/README.md", "fn_urlscanio/README.md", "fn_utilities/README.md", "fn_virustotal/README.md", "fn_vmray_analyzer/README.md", "fn_vmware_cbc/README.md", "fn_watson_translate/README.md", "fn_webex/README.md", "fn_whois/README.md", "fn_whois_rdap/README.md", "fn_wiki/README.md", "fn_wiz/README.md", "fn_xforce/README.md", "fn_yeti/README.md", "fn_zia/README.md", "index.rst", "oauth-utils/README.md", "older/README.md", "older/fn_bluecoat_site_review/README.md", "older/fn_ldap_search/README.md", "older/fn_res_to_icd/README.md", "older/fn_risk_fabric/README.md", "older/rc-query-csv/README.md", "older/rc-query-runner/README.md", "older/rc-shell-runner/README.md", "older/rc-splunk-search/README.md", "pb_sans_isc_scan_ip/README.md", "pl_criminalip/README.md", "rc-cts-abuseipdb/README.md", "rc-cts-googlesafebrowsing/README.md", "rc-cts-haveibeenpwned/README.md", "rc-cts-mcafeetie/README.md", "rc-cts-misp/README.md", "rc-cts-passivetotal/README.md", "rc-cts-shadowserver/README.md", "rc-cts-urlscanio/README.md", "rc-cts-yeti/README.md", "rc-data-feed-plugin-filefeed/README.md", "rc_data_feed/README.md", "rc_data_feed_plugin_elasticfeed/README.md", "rc_data_feed_plugin_kafkafeed/README.md", "rc_data_feed_plugin_odbcfeed/README.md", "rc_data_feed_plugin_resilientfeed/README.md", "rc_data_feed_plugin_splunkfeed/README.md", "res_hibp/README.md", "res_qraw_mitre/README.md", "res_urlscanio/README.md", "res_virustotal/README.md", "sc_convert_json_to_rich_text/README.md", "sc_email_approval/README.md", "sc_email_parser/README.md", "workshop-guide/README.md"], "indexentries": {}, "objects": {}, "objnames": {}, "objtypes": {}, "terms": {"": [0, 1, 4, 7, 10, 12, 13, 14, 15, 17, 20, 21, 24, 25, 28, 29, 31, 32, 33, 34, 35, 37, 40, 41, 42, 43, 44, 45, 48, 49, 51, 52, 53, 54, 55, 56, 57, 59, 61, 63, 65, 68, 71, 72, 73, 75, 76, 77, 78, 79, 80, 84, 86, 87, 88, 89, 90, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 110, 112, 113, 114, 115, 116, 117, 118, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 137, 139, 141, 142, 144, 145, 146, 148, 149, 150, 151, 153, 155, 157, 161, 165, 166, 174, 176, 177, 178, 179, 180, 181, 182, 184, 185, 186, 187, 189, 190], "0": [1, 3, 4, 7, 8, 11, 12, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25, 26, 27, 29, 30, 31, 32, 33, 34, 36, 37, 38, 40, 42, 43, 45, 46, 47, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 69, 70, 71, 72, 76, 78, 81, 83, 84, 85, 91, 92, 93, 95, 96, 97, 98, 101, 104, 105, 106, 108, 109, 111, 112, 115, 116, 118, 119, 120, 121, 123, 125, 126, 129, 130, 134, 136, 137, 140, 141, 144, 145, 146, 147, 148, 149, 150, 152, 153, 157, 165, 166, 167, 170, 171, 177, 179, 183, 184, 185, 186, 188, 190], "00": [7, 10, 18, 23, 30, 31, 34, 36, 37, 40, 41, 42, 48, 53, 54, 58, 66, 71, 73, 77, 78, 79, 89, 90, 98, 101, 103, 105, 107, 113, 115, 116, 118, 126, 129, 135, 136, 142, 146, 148, 180, 185], "000": [20, 29, 63, 90, 112, 116, 146, 183], "0000": [20, 23, 34, 71, 79, 90, 105, 112, 116, 140, 146], "000000": 40, "0000000": [41, 90], "00000000": [105, 144], "00000000000": 23, "000000000000": [23, 58, 105], "000000000001": 58, "000000000002": 58, "000001": 38, "00000318": 144, "00000344": 144, "00000460": 144, "000008e8": 144, "00000a0b67eb": 144, "00001": 155, "00001064": 112, "0001": [37, 41, 116], "00086": 19, "000d3a5680fc": 77, "000webhost": [56, 183], "000z": [14, 36, 71, 98, 101, 106, 184], "001": 77, "001hr00001kfbihiag": 112, "00224830591e": 77, "0028": 105, "003hr00002rewc8iad": 112, "0047": 123, "004d554e1": 121, "005": 112, "005056b41000": 73, "005056b43418": 73, "005112": 68, "005hr00000coneziat": 112, "005hr00000conusi": 112, "006": 115, "007": 29, "008": 29, "009": 29, "00af08": 53, "00da1a57": 23, "00ehr000001gfgwiaa": 112, "00ehr000002mwzlma4": 112, "00fc4aba3a120ba1f6c3453ea8faa4ca7167fabd30ac297eb59905d7a879e352": 23, "00thr00008eynbkmak": 112, "00z": [37, 41, 77, 78, 142, 146, 183], "01": [14, 15, 17, 18, 21, 31, 33, 36, 37, 38, 40, 41, 42, 56, 63, 66, 69, 77, 79, 84, 87, 88, 90, 92, 95, 98, 102, 103, 105, 106, 107, 112, 115, 116, 118, 125, 129, 135, 136, 141, 142, 144, 145, 146, 151, 178, 179, 182, 183], "0100": [79, 116], "012063": 10, "0123": 98, "013z": 106, "0145": 95, "015": [116, 185], "01526": 42, "015z": 144, "0166667z": 77, "0186152z": 77, "0188": 116, "0193": 42, "01c5": 116, "01c53575ac1f211b53e6515d65fc81cd": 116, "01f490cbdc7f84ccd0fc6ade0a645910152e8053d67a49402fd789c9146ca2a2": 185, "01t00": [37, 41, 77, 98], "01t01": 98, "01t06": 98, "01t07": 107, "01t10": 98, "01t16": 98, "01t21": 77, "01t22": 106, "01z": [23, 186], "02": [7, 9, 14, 15, 18, 23, 26, 30, 32, 36, 40, 42, 45, 48, 50, 56, 58, 65, 68, 71, 73, 76, 77, 79, 84, 86, 88, 95, 101, 102, 105, 106, 107, 110, 112, 115, 116, 121, 123, 129, 131, 135, 141, 142, 145, 148, 151, 165, 183], "0205630385a7": 75, "021z": 144, "0228e00": 126, "0232": 105, "02625": 105, "027437b63df40000": 42, "0280b143": 23, "029485": 105, "02a1d541ff800000": 42, "02c4": 97, "02c9fc00ec23": 9, "02f6b87341f00000": 42, "02t05": [58, 98], "02t12": 101, "02t13": 98, "02t14": 98, "02t17": 105, "02t18": 45, "02t20": 45, "02t22": 45, "02z": 183, "03": [7, 9, 10, 14, 15, 17, 18, 23, 26, 31, 33, 36, 37, 40, 45, 46, 48, 50, 56, 63, 65, 66, 68, 71, 76, 78, 79, 84, 87, 90, 91, 97, 102, 105, 107, 108, 110, 113, 116, 121, 123, 128, 129, 135, 141, 144, 147, 151, 157, 183, 185, 186], "030397ea7fc1": 18, "0305": 34, "0313": 151, "0343": 97, "03655adcf941": 77, "039": 116, "03t01": 36, "03t16": 45, "03t22": 129, "04": [0, 10, 14, 15, 18, 23, 24, 34, 35, 41, 42, 45, 48, 52, 54, 58, 62, 63, 65, 66, 68, 73, 77, 78, 79, 81, 84, 88, 89, 95, 97, 98, 102, 103, 105, 106, 107, 108, 109, 111, 112, 113, 115, 116, 121, 128, 129, 131, 141, 144, 148, 150, 151, 152, 165, 180, 181, 182, 183, 185, 186], "040000008200e00074c5b7101a82e008000000000c57e88c809fd90100000000000000001000000079e26061bc861948905c74b45c5736e5": 41, "046258": 185, "046452": 185, "046557": 185, "046564": 185, "0466667z": 77, "046912103": 32, "047135": 185, "047342": 185, "047cf2ed": 105, "0482fb724eca2f19": 58, "048b88c0f3aa": 77, "0490": 58, "04c99d46599f078f1c3da3783cf5b95f01ac61bb": 77, "04t15": 129, "04t16": 129, "04t17": [101, 184], "04t18": 152, "04t19": 185, "05": [9, 10, 15, 18, 19, 23, 26, 30, 34, 35, 36, 37, 41, 42, 45, 48, 50, 53, 59, 63, 65, 66, 68, 73, 76, 77, 78, 84, 86, 87, 89, 95, 98, 101, 102, 105, 107, 108, 110, 116, 123, 128, 131, 136, 141, 144, 145, 146, 148, 150, 151, 185, 186], "0500": 63, "052": 185, "0543": 42, "058255z": 79, "05ab": 79, "05t01": 78, "05t15": 89, "05z": [45, 186], "06": [15, 17, 18, 19, 20, 23, 24, 34, 36, 38, 41, 42, 45, 46, 48, 53, 56, 58, 59, 64, 66, 73, 77, 79, 80, 83, 85, 86, 95, 96, 97, 98, 101, 102, 106, 107, 110, 112, 116, 128, 129, 131, 144, 153, 165, 183], "0601": 42, "0604": 42, "0618": 2, "062": 116, "062326": 10, "06478fa19ee4": 23, "065625": 105, "067226z": 115, "069": 185, "06ahr00000r0rl0maf": 112, "06b86c3c9232": 102, "06d879c43dad": 131, "06t01": 77, "06t03": 77, "06t09": 116, "06t10": 18, "06t12": 112, "06t13": 18, "06t17": 78, "06t19": [7, 93], "06t22": 93, "06z": 41, "07": [15, 18, 19, 20, 23, 29, 45, 46, 48, 58, 64, 65, 66, 68, 71, 73, 77, 78, 79, 80, 85, 86, 88, 89, 95, 96, 97, 102, 105, 106, 107, 108, 109, 112, 116, 123, 129, 141, 146, 148, 151, 153, 155, 165, 178, 180, 183, 186], "0700": 90, "0708": 42, "072": 84, "0730b7bc": 144, "074e": 116, "0766667z": 77, "0778cc3cd812": 155, "0785140991211": 12, "0796": 42, "07jewfj_7knbwcgyiaraagacsnwf": 155, "07t00": 36, "07t01": 36, "07t02": 105, "07t06": 107, "07t07": [36, 105], "07t12": 78, "07t14": 32, "07t16": 129, "07t20": 105, "07t21": 112, "07z": 77, "08": [9, 14, 18, 19, 21, 23, 34, 40, 45, 46, 48, 52, 54, 59, 63, 66, 69, 73, 77, 78, 79, 80, 85, 87, 88, 89, 95, 97, 101, 102, 103, 105, 106, 107, 108, 110, 112, 113, 115, 116, 121, 128, 129, 134, 142, 146, 148, 150, 178, 179, 183, 184, 186], "081111111": 66, "082222222": 66, "083": 97, "0840": 61, "084375": 105, "087091": 10, "087z": 107, "08a90512": 105, "08daaaf93b34": 90, "08s01": 181, "08t00": [45, 148], "08t02": 45, "08t07": 41, "08t08": 129, "08t12": 68, "08t14": 32, "08t17": [7, 106, 151], "08t22": 89, "09": [14, 15, 16, 18, 20, 23, 24, 27, 31, 32, 34, 36, 37, 46, 52, 53, 54, 56, 57, 63, 66, 73, 76, 77, 78, 81, 86, 87, 89, 95, 96, 97, 101, 103, 105, 106, 107, 108, 112, 115, 116, 123, 126, 128, 129, 131, 134, 136, 141, 144, 145, 146, 147, 148, 151, 165, 183, 184], "0960914z": 79, "097z": 48, "098f6bcd": 97, "09c4": 73, "09t07": 73, "09t17": [36, 112], "09t21": 45, "09z": [45, 116], "0_20221202_152441": 45, "0_20221202_153917": 45, "0_20221202_171442": 45, "0a": [63, 115, 116], "0a58c4f4ceb1": 116, "0ab7": 123, "0ade7c2c": 34, "0adqt8qjmgtnoh42tskjrafz_unmjivolsantp9nuoj1ydbrr7ow94nqxaddhd1bie6bz6g": 155, "0b": 116, "0b04": 79, "0b26e313ed4a7ca6904b0e9369e5b957": 116, "0c": [107, 115], "0c480537": 144, "0c6a": 79, "0ca8ce74": 144, "0caabe31": 105, "0de1ff00569723b2d11ec84665c4bd06": 17, "0de6791a": 128, "0e": 107, "0e50": 97, "0f0cbdd7edff4634b23fa11f5ab81ffc": 116, "0m": 10, "0r2gb0qdlt1q3fqxshn0equ": 84, "0rie": 97, "0x3e7": 107, "0xsi_f33d": [142, 186], "1": [1, 2, 3, 4, 7, 8, 11, 12, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25, 26, 27, 29, 30, 31, 32, 33, 34, 36, 38, 40, 43, 44, 45, 46, 47, 48, 49, 50, 52, 53, 54, 56, 57, 58, 59, 60, 61, 64, 67, 69, 70, 71, 72, 76, 78, 80, 81, 83, 84, 85, 91, 92, 93, 95, 96, 97, 101, 103, 104, 105, 106, 108, 109, 111, 112, 114, 115, 116, 118, 121, 122, 123, 125, 126, 130, 134, 135, 136, 137, 140, 141, 145, 146, 147, 148, 149, 150, 152, 153, 155, 157, 158, 159, 165, 166, 167, 168, 170, 177, 179, 181, 183, 184, 185, 187, 188, 189], "10": [7, 9, 10, 12, 14, 15, 17, 18, 19, 22, 23, 24, 26, 27, 29, 30, 31, 32, 34, 36, 38, 40, 41, 42, 43, 45, 48, 52, 53, 55, 56, 58, 59, 63, 64, 65, 66, 68, 69, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 86, 87, 88, 89, 90, 91, 95, 97, 98, 101, 103, 105, 106, 107, 108, 109, 110, 113, 114, 115, 116, 117, 120, 123, 125, 126, 128, 129, 131, 135, 137, 140, 141, 142, 144, 148, 150, 151, 153, 158, 160, 165, 166, 168, 179, 180, 182, 183, 185, 187, 188, 189], "100": [7, 9, 14, 17, 23, 32, 34, 36, 38, 41, 58, 68, 77, 87, 97, 116, 118, 123, 128, 184, 185], "1000": [17, 18, 20, 38, 42, 63, 67, 77, 87, 95, 105, 107, 123, 126, 128, 134, 135], "10000": [23, 38, 69, 116], "1000000005": 20, "100001": [119, 146], "10001": [63, 142, 186], "10003": 63, "10007": 63, "1001": [48, 118, 143], "1002": 35, "1003": 123, "10038": 108, "1004": 59, "100462": 103, "1004f7eee7cb": 108, "1005": 23, "10055": 63, "10058": 63, "10072": 105, "1008": 107, "100x100px": 4, "101": [37, 42, 157, 185], "1010": 73, "1011": 73, "10124": 105, "10149": 42, "101541": 126, "10161": 116, "10162": 116, "1017": 73, "10189": 42, "1019": 9, "102": [12, 97, 146, 157], "1020": 107, "1020293408461160452": 107, "1020293408461164549": 107, "1020293408461168646": 107, "1021190593": 131, "10212": 77, "1022070249601636353": 107, "1022070249672935426": 107, "1022070806768779266": 107, "1022070807062380545": 107, "1024257396198866946": 107, "1025": 97, "102549": 102, "102599": 102, "102649": 102, "1026728858289700868": 107, "1026728858289704965": 107, "1026728858289709062": 107, "102699": 102, "102749": 102, "102799": 102, "1029": 116, "1029755084809961474": 107, "103": [14, 42, 118, 157], "1031": 116, "10315": 63, "1032": [77, 116], "1033": 116, "10350": 63, "10353": 34, "10386": 40, "104": [77, 93, 101, 107], "1040": 108, "10419": 63, "1043": [41, 108], "1044": 79, "10443": 116, "10452": 77, "104720": 183, "1048576": 190, "105": [59, 116], "106": 106, "1063": 42, "10685": 23, "1069": 73, "107": 103, "1070258": 185, "1070259": 185, "10739": 14, "1075": 38, "10756": 66, "1077": 97, "10780": 126, "108": 151, "1080": 116, "1081": 66, "1081633343": 131, "1084": [18, 42, 107], "108e": 84, "109": [42, 58, 59, 185], "1090": [36, 66], "1090519054": 23, "1093": 66, "10968": 77, "1098": 131, "10m": [113, 136], "10t02": 115, "10t07": 105, "10t10": 36, "10t12": 151, "10t13": [106, 151], "10t15": [79, 106], "10t16": 144, "10t17": [18, 144], "10t18": [36, 79], "10t19": [36, 90], "10t20": 129, "10t21": [56, 115, 183], "10z": 79, "11": [0, 3, 7, 10, 12, 14, 15, 17, 18, 23, 26, 30, 31, 32, 34, 35, 36, 37, 42, 45, 46, 48, 52, 56, 58, 59, 62, 63, 66, 68, 73, 76, 77, 78, 79, 80, 81, 84, 87, 88, 89, 90, 95, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 121, 123, 125, 126, 128, 129, 134, 135, 142, 144, 146, 148, 149, 150, 151, 153, 180, 181, 185], "110": [7, 77], "1101": 101, "1102": 116, "1104": [18, 107], "1107": 86, "111": [17, 23, 68], "1111": [23, 42, 116], "11111": [18, 23], "11111111": 18, "111111111111": 23, "11111112222222": 146, "111233344": 131, "11129": [142, 186], "1115": 128, "11151": 54, "1119": 20, "112": [2, 34], "1120": [107, 144], "11231": 95, "11234567890": 16, "1125": 105, "113": [34, 88, 106, 107], "1130": 105, "1131": 116, "11353": 68, "1139323": 66, "114": 87, "1140024784343285701": 115, "114275": 184, "11480": 142, "11502": 108, "1150808": 45, "11510": 42, "1152": 107, "11523": 23, "1153": 116, "11545": 142, "11580": 42, "116": [34, 87, 93, 101], "1160": 115, "1161": 85, "11651": 42, "117": [23, 97], "1170504": 45, "1170516": 45, "1170561": 45, "1170764": 45, "11712294571846742175": 48, "118": 107, "11817": 10, "1188": 185, "1189": 105, "119": [26, 80], "11901": 42, "11913": 46, "11915": 10, "11954": 83, "119774": 66, "11_refresh_app": 3, "11e9": 58, "11eb": [58, 73], "11ed": 73, "11ee": 79, "11t04": 36, "11t05": 14, "11t11": 89, "11t13": [32, 77, 146], "11t14": 146, "11t15": [36, 106], "11t18": [36, 112], "11t22": 115, "12": [0, 1, 3, 7, 9, 11, 12, 14, 15, 16, 17, 23, 24, 27, 31, 34, 35, 36, 40, 41, 42, 45, 48, 56, 59, 62, 63, 64, 66, 68, 70, 71, 73, 76, 77, 78, 80, 81, 83, 84, 86, 87, 88, 89, 90, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 123, 125, 126, 129, 131, 134, 144, 146, 148, 150, 151, 153, 165, 166, 178, 179, 180, 183, 184, 187, 189], "120": [23, 32, 34, 42, 48, 64, 77, 79, 107, 112, 115, 123, 125, 136, 150], "1200": [101, 105, 106], "12000": 129, "12002": [56, 183], "1208": 115, "1209": 41, "1209600": 142, "121": [68, 107, 125], "12121212121212121": 115, "121212121212121212": 115, "1212121212121212121": 115, "122": [12, 61], "1220": 107, "122136": 105, "122480": 77, "1225": 116, "1226": 116, "12271": 14, "123": [34, 41, 87, 88, 107, 116, 123, 137], "1230": 66, "12315195": 19, "1234": [18, 106, 119, 123, 131, 136], "12345": [19, 150], "123456": [63, 87, 90], "1234567": [90, 136, 150, 153], "12345678": 98, "1234567890": [48, 136], "123456789012345678": 115, "123456789123": 15, "123456789abcd": [87, 155], "123456789abcd123456789a_awx4": [87, 155], "12345678c": 18, "1234567a": [87, 155], "1234567b1234567890abcde064d5db1acec55cb79db4cd13a12345678abcdefg": 142, "123456abcd": 87, "123456abcdef": [26, 99], "12349": 116, "1234a123ab1234567a328c54d8b72db620ea38e0521ab12345678903854d3ab1": 186, "1234ryksruyfminzcvic0oz7dpgskibty5w12345qbkwlsyt0bgp6qzfwz12345678vuh28cqrmoxdd39iut7w": 18, "123a": [26, 99], "123asb": 61, "123f9ec5a53214cc6e35b1e4700b0806": 102, "1244": 18, "125": 87, "1256": 116, "126": [105, 131], "12635": 42, "1266": 116, "12695": 42, "127": [10, 42, 53, 65, 72, 77, 94, 116, 122, 171, 180, 181, 190], "1275282318251495460": 115, "1275282318259884069": 115, "1275282318268272678": 115, "12759": 21, "128": [116, 144], "1280": 105, "128294549": 68, "128294800": 68, "12850": 112, "1287": 23, "12875": 142, "1288": 77, "129": [14, 38, 115, 148], "1292": 144, "1293": 40, "12a586cd0bb23200ecfd818393673a30": 118, "12b230f33702": 102, "12c": [86, 180], "12h": [134, 166], "12pt": 40, "12t05": 146, "12t09": 129, "12t14": 144, "12t15": [36, 106], "12t18": 77, "13": [7, 12, 15, 17, 18, 19, 20, 23, 29, 31, 32, 34, 35, 36, 40, 41, 42, 48, 68, 71, 73, 77, 80, 83, 86, 90, 91, 95, 97, 102, 105, 106, 107, 112, 115, 116, 123, 126, 129, 131, 136, 142, 144, 146, 151, 165, 185, 189], "130": [34, 42, 97], "1301": 42, "13019": 68, "1306": 103, "1308905355630511064": 115, "131": [58, 108], "1310": 14, "131313131313131313": 115, "1317": 107, "131z": 151, "132": [68, 97, 116], "1320": 97, "132188z": 115, "1322": 123, "1327fb9b4858": 9, "133": 107, "1330": 63, "133011": 45, "13321": 112, "1332575900": 131, "13335": [93, 165], "13379": 42, "1347": 90, "13474": 83, "13477": 126, "1348": 77, "135": [105, 116], "1350": 42, "135249z": 115, "13547310": 58, "1356": 107, "136": [7, 116], "13623": 146, "1365": 103, "1367408": 45, "1367e54d71eb": 97, "1368": 116, "136z": 48, "137": 116, "13707": 84, "1373": 42, "138": [12, 108, 116], "13804": 107, "1383": 150, "1388": 42, "138z": 151, "139": [116, 123, 157], "1392": 103, "1393": 18, "1396": 107, "13b87c68047b": [18, 77, 78, 131], "13d5exwpmvlwmfznwx6p": 185, "13f7fe84": 101, "13t00": 77, "13t04": 142, "13t07": 144, "13t11": 20, "13t16": 115, "14": [1, 7, 9, 10, 12, 14, 15, 17, 18, 19, 23, 24, 26, 34, 35, 40, 42, 45, 48, 50, 53, 54, 55, 58, 66, 71, 73, 75, 76, 79, 84, 85, 87, 88, 90, 95, 103, 105, 106, 107, 112, 115, 116, 123, 126, 129, 131, 135, 136, 141, 150, 151, 185], "140": [93, 142, 159, 186], "1403": 97, "1407": 134, "14094": 126, "141": [97, 116], "1416": 107, "1417": 116, "1420": 103, "1423": 41, "1426": 41, "1428": 144, "142faa4598ba": 146, "143": 116, "1433": [18, 180], "1437": 41, "14374209": 144, "144": 3, "1440": 146, "14400": 89, "1440703724417": 103, "1440703735265": 103, "1442": 103, "1443": [42, 180], "1446": 14, "145": 23, "1450": 185, "1458": 184, "146": [77, 91], "14618": 14, "1462407300": 101, "1463072400": 101, "1463566500": 101, "1466": 23, "147": 107, "1472": 42, "1479": 77, "148": [88, 97, 116], "1482542": 90, "1485": 118, "149": [105, 116], "1492": 107, "1492648105": 126, "14936670": [56, 183], "149417": 10, "1497": [42, 79, 84], "1498": 42, "1498685280": 101, "1499798851420": 102, "14fefa89": 79, "14t04": 142, "14t07": 142, "14t10": 151, "14t11": 106, "14t14": 18, "14z": [41, 89], "15": [7, 10, 14, 15, 17, 18, 20, 21, 23, 26, 29, 34, 36, 38, 40, 41, 42, 48, 54, 56, 59, 63, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 81, 84, 87, 88, 90, 96, 97, 101, 102, 103, 105, 106, 107, 109, 110, 112, 113, 115, 116, 117, 120, 123, 126, 129, 131, 141, 144, 148, 150, 153, 165, 183, 185], "1501": 84, "15025407": 183, "1502989426": 23, "1502989429": 23, "1503024774": 23, "1506": 18, "15068": 108, "151": 116, "1510": 186, "1513402560": 101, "15169": [185, 186], "1519233563": 76, "151z": 144, "1521": 180, "1524258360": 101, "1529421998": 101, "152c883836f1f3eec207395ac6f8e0c6": 151, "153": 116, "1530": 14, "15313": 19, "1535": 97, "1536": 97, "1537273619880": 102, "1537351480070": 102, "1538": 97, "1538139961670": 102, "1538497879090708": 53, "1538996573000000": 53, "1538997200410715": 53, "1539": 97, "1539009155388036": 53, "1539009155394278": 53, "154": [88, 97], "1541013307490": 102, "1541014365790": 102, "1542157044": 77, "1543": 97, "15438583123": 136, "1548": 107, "1548481072007": 116, "1548489611062": 116, "1549548472000": 32, "1549629133338": 68, "1549629133378": 68, "1549859544549": 32, "1549891334000": 32, "1549891335000": 32, "15502": 14, "15505": 42, "1550585043812": 116, "1550585147000": 116, "1551786034614": 37, "15519": 129, "1552994627000": 116, "1556035883843": 68, "1557250160405": 103, "1558": 42, "1558356063096": 116, "1558613245000": 116, "1558622386922": 116, "1558632769514": 116, "155931927": 23, "156": 186, "1560": 131, "1564": 107, "157": 185, "1570": 18, "158": [42, 129], "15846": 42, "1586": 18, "15881": 144, "159": 42, "15961": 42, "1599": 144, "15bc38a7492befe831966adb477cf76f": 23, "15c2ad940931": 107, "15c5a0d4": 77, "15d7435d": 105, "15m": 183, "15px": [101, 184], "15t07": [41, 48], "15t10": 150, "15t11": [41, 150], "15t12": 36, "15t14": 48, "15t15": [48, 89], "15t17": 131, "15t18": [131, 186], "15t19": 89, "15t23": 101, "15z": 32, "16": [3, 7, 9, 14, 15, 17, 18, 23, 26, 32, 34, 36, 41, 42, 45, 59, 62, 68, 69, 77, 84, 87, 90, 91, 93, 95, 101, 103, 105, 107, 112, 115, 116, 123, 126, 129, 135, 144, 146, 148, 150, 151, 152, 165, 183, 184, 189], "1601": 66, "1601630433109": 58, "1601631906772": 58, "1604073642000": 181, "1606975": 18, "1607452116847": 103, "1607533205000": [59, 126], "1607611408002": [101, 184], "1608": 107, "1608652058": 76, "1608652105": 76, "1608669082": 76, "1609": 113, "161": 116, "1611291600000": 21, "1613797200000": 30, "1613797620000": 30, "1616": 107, "16175000000": 68, "1617904": 115, "1619": 32, "1619242z": 77, "162": 116, "1620135639049": 97, "1620135756543": 97, "1620136029037": 97, "1620136030991": 97, "1621": 77, "1621110044": [59, 126], "1621110044000": 126, "1621110762055": 59, "1621111014529": [59, 126], "1621111014796": 59, "1621111014807": 59, "1621111014823": 59, "1624": 107, "1627118z": 77, "1627504677387": 97, "1628088276589": 97, "1628088276613": 97, "1628089162522": 97, "1628689003000": 77, "16299": 23, "163": 24, "1630434600000": 54, "1632940200000": 54, "1635284430000": 77, "1635298055000": 77, "1635305029000": 77, "1638585706": 87, "1638827701814": 123, "164": [77, 103], "1640": 107, "16402": 68, "1641490099338": 123, "1641507308926": 123, "1641511563361": 123, "1641515897058": 123, "1641516046817": 123, "1641516166266": 123, "1641572735756": 123, "1641584158260": 123, "1641df58c1027a00f670d41491a2eecff931604c": 115, "16421859": 144, "1642522089472": 118, "1642522493078": 118, "1643922138662": 126, "1643922148213": 126, "1644": 84, "1644418320000": 42, "1644418537403": 42, "1644418590000": 42, "1644514002331": 42, "1644540480000": 42, "1644556530000": 42, "1644642690000": 42, "1645039833651": 126, "1645039847583": 126, "1646045416014": 42, "1646046972271": 42, "1646057145000": 34, "1646064909025": 42, "1646067593000": 34, "1646081506000": 34, "1646103998739": 126, "1646142354974": 126, "1646559540000": 42, "1646741073": 42, "1646741073962": 42, "1647051270000": 42, "1647052200000": 42, "1647052260000": 42, "1647052291076": 42, "1647461667230": 126, "1647529122634": 126, "1647656040000": 42, "1647974941312": 126, "1647975098216": 126, "1647975111873": 126, "1648": 84, "16482": 129, "1648766753651": 123, "1648766815969": 123, "1648766937000": 123, "1648766970800": 123, "1648766970821": 123, "1648766971173": 123, "1648766971394": 123, "1648766971895": 123, "1648766978004": 123, "1648839797719": 126, "1648839806477": 126, "1649664993": 185, "1649700668706": 126, "1649858935196": 126, "1649858943997": 126, "1649866540057": 42, "165": 91, "16509": [14, 36], "1651000728764": 126, "1651000737927": 126, "1651092229697": 126, "1651264262077": 126, "1651264273600": 126, "1651691640": 185, "1651691640500": 185, "1651691640526": 185, "1651691640529": 185, "1651691640536": 185, "1652310000000": 42, "1652711350410": 42, "1652814527143": 126, "1653": 73, "1653512178112": 126, "1653580063528": 126, "1654018496000": 35, "1654018816842": 35, "1654019072126": 35, "1654019149216": 35, "16543836": 105, "1654449209109": 97, "1654449307735": 97, "1654784513368": 97, "1654784551755": 97, "1655401056967": 87, "1655912228120": 126, "1655912245009": 126, "1655924984252": 126, "1655938800000": 40, "1656025200000": 40, "1656527528505": 126, "1656527541659": 126, "1656922592": 185, "16570": 142, "165799618": 129, "1659": 103, "1659629011957": [101, 184], "1659636230480": [101, 184], "1660155959409": 126, "1660155971260": 126, "1660245674318": 126, "1660245680733": 126, "1660460491": 142, "1660857629": 101, "1661269393325": 126, "1661280682539": 126, "1661281207911": 126, "1661346194202": 126, "1661346206429": 126, "1661447571753": 126, "1661452332000": 126, "1661800148708": 126, "1661800169751": 126, "1661960193764": 134, "1661960247501": 134, "1661986800000": 134, "1662747629777": 126, "1663093285999": 126, "1663093296645": 126, "1663093337313": 126, "1663177933110": 126, "1663188001122": 126, "1663207315000": 34, "1663207316000": 34, "1663207327000": 34, "1663207328000": 34, "1663207329000": 34, "1663207439360": 34, "1663297952673": 126, "1663297953098": 126, "1663610449718": 126, "1663610451616": 126, "1663613729686": 126, "1663640024209": 126, "1663699613661": 126, "1663772427768": 126, "1663775473530": 126, "1663775473887": 126, "1663775473899": 126, "1664985063447": 102, "1664985074580": 102, "1664985082192": 102, "1664985084816": 102, "1664985084945": 102, "1664985085853": 102, "1665475200000": 34, "1665475311000": 34, "1665511200000": 34, "1665514495000": 34, "1665514547000": 34, "1666275945000": 102, "1666597836648": 107, "1666598992258": 107, "1668": 115, "1668114000000": 34, "1668115594000": 34, "1668116335000": 34, "1668701555901": 107, "1669939200000": 45, "167": [103, 105, 123], "1670358847912": 97, "1670358848570": 97, "1670525357163": 97, "1670525394754": 97, "1670525432909": 97, "1670525439544": 97, "1670526072229": 97, "1670526109555": 97, "1670527039368": 97, "1670527044772": 97, "1670531754434": 97, "1670531755495": 97, "1670532061516": 97, "1670774894004": 116, "1670774894035": 116, "1670774922777": 116, "1670774922808": 116, "1670774922824": 116, "1670774922840": 116, "1670774922855": 116, "1670853895754": 116, "1670855079127": 116, "1670855103022": 116, "1670855163000": 116, "1671002049331": 116, "1671002675007": 116, "1671003318142": 116, "1671003711900": 116, "1671003757070": 116, "1672237824853": 116, "1672980342000": 116, "1672986455971": 116, "1673001224119": 116, "1673003005980": 116, "1673003220": 116, "1675879964337": 102, "1677": 115, "1677188203275": 84, "1677188204773": 84, "1677189332024": 84, "1677189333668": 84, "1677190301863": 84, "1677190302277": 84, "1679659237000": 40, "1679662837000": 40, "168": [1, 8, 23, 24, 32, 34, 36, 37, 42, 84, 99, 101, 103, 113, 123, 184], "1680": 107, "16807": 148, "1682950996": 142, "1684083481": 142, "1684169881": 142, "1684173210301": 131, "1684173230796": 131, "1684173756348": 131, "1684173785": 186, "1684855729": 142, "1684856030": 142, "1684861081": 142, "1684861082": 142, "1684875206": 142, "1685641888": 186, "1685642188": 186, "1685653164": 186, "1687881600000": 41, "1687885200000": 41, "16898": 42, "1689857454562": 107, "1689857459354": 107, "1689857459360": 107, "1689857462103": 107, "1689857462246": 107, "1689857462248": 107, "1689857462267": 107, "1689857462392": 107, "1689857462441": 107, "1689857463992": 107, "1689857464035": 107, "1689857464115": 107, "1689857464133": 107, "1689857464195": 107, "1689857464228": 107, "1689857464259": 107, "1689857464267": 107, "1689857464268": 107, "1689857464271": 107, "1689857464280": 107, "1689857464309": 107, "1689857464312": 107, "1689857464343": 107, "1689857464376": 107, "1689857464379": 107, "1689857464387": 107, "1689857464388": 107, "1689857464398": 107, "1689857464411": 107, "1689857464425": 107, "1689857464449": 107, "1689857464451": 107, "1689857464523": 107, "1689857464552": 107, "1689857464579": 107, "1689857464599": 107, "1689857464610": 107, "1689857464635": 107, "1689857466649": 107, "1689857473991": 107, "1689857485108": 107, "1689857485129": 107, "1689857485156": 107, "1689857485158": 107, "1689857485164": 107, "1689857485165": 107, "1689857485166": 107, "1689857485168": 107, "1689857485170": 107, "1689857485175": 107, "1689857485176": 107, "1689857485181": 107, "1689857485184": 107, "1689857485250": 107, "1689857485278": 107, "1689857485381": 107, "1689857485735": 107, "1689857485768": 107, "1689857485773": 107, "1689857486284": 107, "1689857486681": 107, "1689857486795": 107, "1689857489492": 107, "1689857491007": 107, "1689857606087": 107, "1689857606810": 107, "1689857606921": 107, "1689857606989": 107, "1689857611856": 107, "1689857612336": 107, "1689859046435": 107, "16899": 42, "1689943866540": 107, "169": [90, 107, 123], "1690280518291": 107, "1690280536000": 107, "1690280536643": 107, "1690339871083": 107, "1691389665926": 107, "1691389806319": 107, "1691389806467": 107, "1691389806476": 107, "1691389806491": 107, "1691389806500": 107, "1691389806514": 107, "1691389806738": 107, "1691389806743": 107, "1691389806757": 107, "1692024049238": 18, "1692967200000": 18, "1693316401": 128, "1693316423": 128, "1693442727342": 108, "1693442727362": 108, "1693454400000": 108, "1693550078786": 103, "1694498079793": 103, "1694502585199": 103, "1694502641647": 103, "1698294000000": 73, "1698308400000": 73, "16b0": 107, "16bd57d07f5f": 97, "16c0e5842d7d": 78, "16t07": [56, 183], "16t11": 23, "16t14": 48, "16t17": 48, "16t18": 112, "16t22": 186, "16t23": 36, "16x16": 63, "16z": 45, "17": [7, 10, 12, 15, 18, 23, 31, 38, 42, 45, 46, 48, 50, 59, 62, 66, 68, 73, 75, 76, 77, 84, 89, 95, 101, 106, 107, 112, 113, 115, 116, 123, 126, 129, 144, 146, 150, 184, 185], "170": 144, "1701": 116, "1701370203": 80, "1701876293": 80, "1701876329": 80, "1701876675": 80, "1701876712": 80, "1701877013": 80, "1705": 126, "17051": 42, "1708": 19, "1708705700642": 65, "171": 123, "1711492873000": 103, "1711492873201": 103, "1712762989000": 79, "1713464714559": 103, "1713465658000": 103, "1716": 107, "1717004932": 23, "1717004932523748810": 23, "1717014382": 23, "1717014382449028169": 23, "1717014714": 23, "1717014714006451188": 23, "1717078699748": 102, "1717078700653": 102, "1717078701655": 102, "1717078704658": 102, "1717078705660": 102, "17171717171717171717": 23, "1718202925831": 144, "1719237689000": 102, "172": [12, 107, 116], "1723": 116, "1725": 18, "173": [12, 35, 146], "17384": 107, "17390": 14, "173pje0": 51, "1744": 116, "1748": 63, "175": [42, 68, 185], "17558": 42, "1756": 107, "176": [23, 97], "177": [134, 151], "1771d79454e53469df4b290c06c104c9": 116, "17763": 116, "177z": 144, "1781": 126, "1782": 116, "1784": 144, "1786": 107, "179": [42, 123], "1790000": 140, "17979961": 183, "17c2b65f73ba0d975e9d24d446a9e91c": 106, "17t01": 36, "17t15": 112, "17t17": 23, "17t18": 112, "17t19": 112, "17t20": 107, "17t22": 71, "18": [7, 12, 14, 15, 23, 29, 32, 34, 37, 42, 45, 46, 56, 58, 68, 71, 77, 90, 95, 98, 103, 105, 106, 107, 110, 112, 115, 116, 117, 120, 123, 126, 129, 136, 144, 146, 147, 153, 155, 157, 183, 186], "1800": [64, 107, 116], "180022": 77, "180520": 126, "1806": 77, "182": 34, "1820": 107, "18231": 116, "18234": 116, "1824": 112, "182z": 106, "184": [26, 84, 101, 142, 184], "185": [41, 42, 71], "1851": [37, 58], "186": [1, 34, 42, 84], "187": 97, "1870": 142, "1874": 58, "188": [23, 77], "1889": [58, 107], "189": 107, "1893": [116, 142], "18d10049": 131, "18f24955d1f242a59f550f52c7bc09d08e423552774674058511cefc": 126, "18m": 183, "18t00": [68, 78], "18t02": 23, "18t08": 41, "18t13": 36, "18t15": 36, "18t17": 144, "18t18": 77, "18t19": 180, "18t20": 112, "18t21": 101, "18z": 41, "19": [7, 10, 14, 15, 18, 23, 26, 29, 40, 41, 42, 45, 46, 48, 52, 53, 64, 66, 70, 71, 73, 77, 79, 80, 84, 85, 86, 88, 90, 103, 107, 108, 115, 116, 118, 123, 126, 131, 142, 144, 146, 147, 151, 157, 180, 183, 185], "190": [23, 101, 144], "1900": [32, 107, 116], "190199": 40, "19041": 77, "19042": 77, "19044": [23, 77], "190522063": 116, "19076": 106, "1908": 107, "191": [42, 185], "191e13df": 9, "192": [1, 8, 23, 24, 32, 35, 36, 37, 42, 84, 99, 101, 103, 113, 116, 123, 184], "192512": 77, "1927197486": 66, "193": [101, 184], "1932": 107, "1938": [42, 105], "194": [12, 42, 58, 116, 123], "194345": 12, "19449": 20, "1944968518": 77, "1946": 142, "195": 42, "1950": 77, "195b0d8736e2af4": 23, "196": [87, 97, 123], "1963": 73, "1966": 116, "1967": 90, "197": [77, 123], "1970": 116, "1971": [31, 118], "1977": 87, "19781": 42, "19788354530": 136, "19794": 144, "197ea851916f": 80, "198": [14, 101, 123], "1982": 150, "1986": [95, 147], "1987": [95, 148], "19876543211": 16, "1988j": 151, "199": [2, 34], "1991": 116, "1992": [142, 148], "1995": 142, "1996": 115, "1997": 148, "19972": 116, "1999": 95, "19b3": 23, "19cfd1c7": 38, "19t03": 77, "1_x": 135, "1a0aaaa": 116, "1ab2ef34gh56ijklm012n3abc4": 42, "1ab_2abcdefghij3abababcd": 155, "1ac55df2": 38, "1b5e": [77, 78], "1b769c6a": 97, "1b8a0bf3b456": 97, "1bc9748133eb": 123, "1bfd8c9b3fd74ff4a2490ffe63314e7a": 116, "1bm": 84, "1c22e8d1": 155, "1c3": [185, 186], "1c943a98887754f364fafaa1da3ac56e0e0875a9": 45, "1cae": 79, "1d": [107, 113, 136], "1d00d8d6d9ac": 63, "1d8a5928": 131, "1da8f6c97aa305d": 144, "1da8f6c9a23e47a": 144, "1daac4e9610e992": 144, "1daac5135bc76a4": 144, "1dai": 71, "1dcc300ae441": 102, "1e": 23, "1e100": 12, "1e6": 110, "1e7af7f99e15": 80, "1ea9": 84, "1eaa9dac99144c61b699d7f3aed52106": 41, "1f016d66": 79, "1f017068": 79, "1f01df97": 79, "1f21": 58, "1fd9269d": 125, "1fnn": 151, "1gb": 180, "1h": [92, 136], "1px": 57, "1pyltptmw7f8v": 84, "1q0": 110, "1qlozag": 97, "1rc0": 41, "1saab4evveaab48pliaab4mtliaab5ez1iaab7yg1iaab5snfiaab5uq1iaab50tfiaab4ovliaab743liaab5m5viaab5it1maab5ot1maab6it1maab6ot1maab7it1maab7ot1maab4iufmaab4oufmaab6ouvmaab4yflkaab6mh1kaab6sh1kaab40kvkaab5ckvkaab6snkeaab4im0uaab70muuaab6imkuaab4ws0eaab7qgeaaab7ggeaaab7wgeaaab5greeaab4knkeaab60skeaab4cseeaab7oveeaab6kskeaab5wv2aaab709vaaab6": 116, "1ser13eglydjvpkxruufqner1mn6": 97, "1st": [106, 116], "1ze5k0aqbyamceg8z2f3oqe159taephbmeft6qd3nctdywi2jw3migctfiq7rdy3qwvx9pikhn3yxheyuxmru": 97, "2": [1, 2, 3, 7, 9, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 26, 27, 28, 30, 31, 32, 33, 34, 36, 38, 40, 42, 43, 45, 46, 47, 48, 49, 50, 52, 53, 54, 56, 57, 58, 59, 60, 61, 63, 64, 69, 70, 71, 76, 78, 79, 81, 83, 84, 85, 86, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 105, 106, 108, 109, 111, 112, 115, 116, 118, 121, 122, 123, 125, 126, 128, 129, 134, 135, 136, 140, 141, 142, 145, 146, 147, 148, 150, 151, 152, 153, 158, 161, 165, 166, 170, 177, 178, 180, 181, 183, 184, 185, 186, 188, 189], "20": [1, 7, 15, 18, 29, 36, 40, 41, 54, 58, 63, 66, 69, 71, 73, 75, 77, 78, 84, 87, 88, 93, 95, 98, 102, 105, 106, 107, 108, 112, 113, 115, 116, 120, 125, 126, 129, 144, 147, 148, 150, 151, 179, 181, 185, 186], "200": [18, 19, 22, 23, 26, 34, 41, 42, 68, 87, 103, 107, 110, 112, 116, 131, 135, 185], "2000": [41, 56, 95, 101, 123, 180, 185], "20000002": 118, "20001": 58, "2001": [95, 97, 186], "2003": [42, 95], "2004": 95, "2005": 95, "2007": 107, "2008": [33, 42, 95], "2009": [115, 123], "200x72px": 4, "201": [29, 59, 68, 87, 97, 110, 126, 131, 135], "2010": [12, 17, 24, 45, 55, 77, 78, 90, 95, 115, 129, 135, 144], "20100524": 97, "2011": [47, 95, 107, 144], "2012": [95, 116], "2014": [95, 185], "2015": [16, 18, 56, 95, 101, 148, 151, 165, 183], "2016": [40, 73, 121, 190], "2017": [15, 23, 36, 42, 53, 56, 77, 148, 151, 183], "20170525": 43, "2018": [16, 19, 21, 23, 26, 27, 30, 31, 36, 37, 40, 42, 44, 53, 56, 57, 63, 64, 66, 69, 73, 76, 78, 86, 89, 92, 93, 95, 101, 103, 128, 145, 146, 147, 151, 183, 186], "2019": [0, 10, 15, 19, 23, 26, 32, 33, 35, 37, 41, 42, 46, 52, 56, 63, 66, 68, 73, 77, 81, 83, 84, 86, 88, 95, 98, 101, 103, 105, 107, 113, 116, 128, 129, 131, 145, 147, 148, 151, 157, 178, 179, 180, 183, 189], "202": [12, 68, 97, 110, 115], "2020": [9, 11, 12, 14, 15, 19, 23, 26, 29, 33, 35, 40, 41, 42, 44, 54, 55, 56, 58, 59, 62, 63, 64, 66, 71, 73, 75, 76, 77, 78, 81, 84, 86, 87, 88, 89, 98, 101, 102, 103, 105, 108, 111, 113, 116, 128, 129, 136, 141, 142, 148, 149, 151, 178, 179, 182, 189], "20200812163012": 9, "2021": [10, 11, 12, 14, 16, 21, 24, 27, 30, 31, 35, 40, 41, 42, 46, 52, 54, 57, 59, 65, 66, 76, 77, 78, 79, 83, 84, 87, 88, 92, 93, 95, 97, 102, 103, 105, 108, 109, 111, 113, 115, 129, 141, 145, 146, 148, 149, 151, 153, 165, 189], "2022": [7, 18, 19, 23, 24, 34, 35, 38, 40, 42, 45, 46, 48, 50, 52, 56, 58, 63, 64, 66, 71, 73, 77, 78, 79, 84, 85, 86, 87, 88, 89, 90, 91, 95, 96, 97, 101, 102, 103, 105, 107, 109, 113, 115, 116, 121, 123, 126, 128, 129, 131, 134, 141, 142, 144, 146, 152, 153, 155, 165, 178, 182, 183, 184, 185, 187, 188, 189], "20220808": 19, "2022091285": 142, "2023": [2, 7, 12, 17, 18, 19, 20, 21, 23, 24, 31, 35, 40, 41, 42, 46, 48, 52, 59, 63, 65, 66, 71, 73, 77, 79, 80, 84, 87, 88, 89, 90, 95, 97, 98, 102, 103, 106, 107, 108, 110, 111, 112, 113, 115, 116, 125, 126, 128, 131, 135, 141, 142, 144, 150, 151, 165, 186, 188, 189], "20231219": 106, "2024": [10, 14, 15, 17, 23, 41, 63, 65, 66, 73, 77, 78, 79, 86, 87, 88, 89, 90, 101, 102, 103, 106, 109, 110, 111, 112, 123, 125, 129, 134, 142, 144, 150, 153, 165, 166, 177, 178, 179, 181, 182, 186], "2028": 107, "203": [55, 68, 76, 97], "2030": 131, "2032": [116, 131], "2034": 150, "2038": [116, 131], "20395": 42, "204": [18, 58, 88, 131, 146], "2041": 116, "2048": [142, 186], "205": [68, 76], "2051": 75, "2058": 14, "2059": 0, "206": [41, 42, 101, 147, 184], "2060": 116, "206046519": 144, "20693": 142, "20761": 185, "208": 88, "2081b9f668d8": 97, "2083895740": 186, "2086": 91, "2087": 116, "20888": 185, "209": [12, 14], "2090": 116, "2092": 116, "2094": 41, "20946": 23, "2095": [27, 97, 110, 126, 180], "2096": [126, 136, 146], "2097": [37, 107, 126], "2098": [85, 126], "2098277": 76, "2099": [41, 126], "2099055": 79, "2099068": 79, "20and": 78, "20eeee16345e0c1283f7b500126350cb938b8570": 23, "20eq": 78, "20ge": 78, "20h2": 77, "20le": 78, "20px": [101, 184], "20t10": 186, "20t12": 151, "20t16": 148, "20t19": 144, "20user": 78, "21": [7, 12, 15, 17, 18, 23, 32, 34, 36, 38, 40, 41, 42, 66, 68, 73, 76, 77, 78, 87, 98, 102, 103, 105, 107, 108, 113, 115, 116, 123, 124, 129, 131, 136, 144, 166, 186], "2100": [89, 97, 126, 181], "2101": [97, 126], "2101652": 76, "2102": [41, 126], "2102165": 76, "2103": [125, 126], "2104": [87, 126, 157], "210476652": 144, "2105": [37, 102, 118], "2106": [59, 116], "2107": [59, 64, 126], "2108": [112, 116, 126], "2108222": 36, "210z": 93, "211": [42, 97, 107, 115], "2110": 126, "2111": [19, 97, 102, 126], "2111893": 76, "2112": 126, "2113": 126, "2114": [14, 46, 126], "2114965": 76, "2115": 41, "2116": 107, "2117": 118, "2118": 41, "2119": 34, "212": 42, "2120": 131, "2120340": 76, "21204": 107, "2121": [79, 131], "2122": 131, "2123156": 76, "212389492": 144, "2124": 107, "2125": 90, "2129121": 79, "213": [118, 144], "2134902792": 76, "2139": 87, "2139285": 76, "214": [23, 42, 63, 101, 103, 116, 184], "2140": 97, "2144": 17, "2147": 62, "2147483648": 18, "2148": 116, "214866": 107, "2148_abc": 123, "215": [97, 113], "2151": [21, 107], "2152": 45, "2154": 107, "21556": 142, "2156": 116, "216": [12, 26, 42, 142], "21600": 142, "216150104097": 48, "216172786408751223": 76, "2168": 14, "21684382": 53, "217": 12, "2174808": 79, "2175008768": 126, "2176": 97, "218": [12, 42], "21848": 106, "2186": 144, "2188": 107, "219": 106, "2190": 48, "21907": 42, "2195": [106, 148], "21972": 42, "21974": 42, "21985": 42, "2199": 112, "21h2": 77, "21t17": 36, "21t18": [18, 183], "21z": [38, 41, 89, 183], "22": [7, 12, 15, 18, 20, 23, 31, 32, 34, 36, 42, 46, 48, 59, 64, 66, 73, 76, 77, 83, 88, 97, 101, 103, 105, 107, 112, 115, 116, 123, 125, 142, 144, 151, 185, 186], "220": [12, 42, 142], "22005": 42, "22006": 42, "22022": 96, "2203": 18, "2209": 79, "221": [23, 116], "2211": 106, "22139496": 77, "2219": [108, 113], "222": [23, 128], "2220": 106, "22205": 42, "2222": [18, 23, 181], "22231234": 146, "2225": 113, "2228": 106, "223": [71, 101, 144, 184], "2230": 63, "2231": 63, "224": 171, "2247": 45, "2248": [48, 107], "224z": [38, 151], "225": [23, 112, 144, 185], "22507": 107, "2251251": 27, "2251401": 118, "2253": 97, "225331": 116, "226": [7, 23, 29, 115], "2262": 116, "2264": 144, "226874z": 77, "2269": 35, "226955z": 150, "227": 73, "2270": 116, "2271": 45, "2280": 144, "2281": 116, "2281512608": 131, "228481z": 150, "22878": 116, "2288": 107, "22893": 42, "228b22": 40, "229": [106, 107, 116], "22947": 42, "22963": 42, "22965": 42, "22986": 42, "22991": 42, "22t04": [41, 101], "22t07": 73, "22t09": 107, "22t12": 18, "22t14": 144, "22t16": 23, "22t17": 151, "22t19": 144, "22t20": [77, 105], "22t23": 106, "22z": [41, 45, 89], "23": [7, 14, 15, 18, 23, 24, 32, 38, 41, 42, 48, 54, 55, 58, 62, 66, 68, 70, 73, 77, 83, 84, 85, 87, 90, 105, 107, 108, 110, 112, 113, 115, 116, 123, 126, 128, 129, 131, 135, 142, 144, 152, 186, 189], "2300": 116, "230105023": 116, "230105073": 116, "230400": 144, "23050": 107, "231": 107, "2312": 112, "232": [73, 97, 103], "2322": 116, "233": 12, "2334": 115, "2336799_domain_com": 142, "2338": 115, "234": [77, 123], "2344": 107, "234z": 106, "235": 123, "2357": 112, "23596a1e546d7c2aaa48e72c615bb1d72690da5559454acda41c4eb7ab07b2cf": 107, "235e": [101, 102, 184], "236": [73, 77, 84], "2360": 45, "2362": 148, "237": [3, 42, 88, 185], "238": 23, "2386": 14, "2387": 63, "239": [12, 34, 63], "2390": 116, "23908": 14, "2391": 73, "2394": 116, "239z": 38, "23db6760": 2, "23pm": 129, "23t07": 77, "23t11": 151, "23t14": 38, "23t16": 68, "23t17": 48, "23z": [41, 45], "24": [0, 12, 15, 17, 18, 19, 20, 23, 24, 32, 34, 36, 40, 42, 45, 48, 54, 69, 73, 77, 80, 90, 93, 97, 102, 103, 106, 107, 113, 116, 123, 128, 135, 144, 146, 148, 165, 186], "240": 23, "2400": 123, "24093702": 53, "241": 42, "242": [45, 115], "242a": 97, "2438340": 121, "243c35935ecc9829f30b30c45839cbf6": 121, "244ad4": 77, "245": [20, 23, 34], "245007": 64, "246": 103, "247": 45, "248": [103, 142], "249": [23, 45], "24906": 17, "24939717": 18, "24t06": 89, "24t07": 89, "24t14": 89, "24t15": 18, "24t16": 48, "24x24": 63, "25": [9, 15, 18, 20, 23, 27, 41, 48, 54, 58, 63, 68, 77, 78, 82, 87, 88, 89, 90, 98, 101, 102, 103, 105, 107, 112, 115, 116, 121, 123, 136, 144, 157, 181, 185, 186, 189], "250": [68, 97], "2500608": 165, "250429": 66, "251": [68, 77, 90], "2516895378499999999_c01aa88b": 79, "2517531803999999999_eb4f270a": 78, "2522": 112, "252244": 116, "252331": 116, "2525": 87, "25265": 126, "2529": 42, "25291d90954c476d86c6fb2db38d7d72": 32, "252f": 105, "253": 45, "253125": 105, "2533333": 18, "2534": 75, "2535": 102, "254": 40, "2544267": 116, "2545799": 116, "255": [23, 103, 116, 148], "25577": 42, "25583": 42, "256": [23, 32, 76, 77, 80, 101, 107, 112, 116, 126, 128, 142, 144, 171, 181, 186], "25623": 73, "25675937z": 32, "256b2b130946c25d40c83823aa2e5d4c": 116, "2578565a": 77, "2588b11a": 115, "258z": 106, "259": 62, "2592000": [12, 185], "25923177804": 146, "259357470209": 48, "25967357926": 146, "25c8": 142, "25e4": 97, "25mb": 180, "25t08": [18, 183], "25t09": 107, "25t10": 107, "25t12": 18, "25t13": 14, "25t14": 87, "25t20": 77, "26": [12, 14, 15, 17, 19, 23, 34, 54, 73, 77, 78, 79, 101, 105, 107, 108, 112, 115, 116, 123, 131, 144, 148, 184], "260": [45, 97, 115], "2606": 142, "26084": 42, "2610ee49440fe757e3cc4e46e5b40819": 95, "2616713216": 116, "262": [105, 112], "2624755629": 126, "263": 106, "2638443927": 66, "264": [116, 123], "2640": 105, "26432": 42, "2649763z": 78, "265": [77, 112], "2652": 107, "2653": 45, "2655451366": 131, "2666667": 18, "2668": 107, "267": [34, 45], "2671": 54, "2675": 105, "2677204": 87, "2680": 107, "26877": 42, "26897": 42, "26c1297f39175f4b401ebf74e3e5ce49775ba7720f5cce375cabff28cd3b18511a8d9463c1c9f8c85a0cd6d9133b1e5d6486d1054946b2379e4dcafa1d91cc27": 126, "26d58032ae40": 128, "26t03": 41, "26t04": 41, "26t10": 183, "26t11": 116, "26t13": 115, "26t15": 14, "26t20": [77, 144], "26t21": 77, "26t23": [56, 183], "26z": 41, "27": [7, 9, 12, 15, 18, 21, 23, 29, 31, 34, 45, 56, 68, 76, 77, 85, 95, 97, 107, 108, 113, 115, 116, 123, 135, 183, 185], "271": 123, "2714598076": 66, "272": 107, "273f9600ddee78a52891b2e4bbd0b7e6929459a3": 45, "2740086": 46, "2755b843": 105, "275ab471": 107, "276": 126, "27684": 185, "277": 115, "27709": 148, "278": 97, "2788": 79, "279": 123, "27945a7fd8c": 105, "2795": 108, "2796": 108, "2797": 108, "2798": 108, "2799": 108, "27bf": 79, "27dc3b5f9bf2": 105, "27t00": 107, "27t01": 77, "27t03": 77, "27t12": [41, 77, 129], "27t13": 41, "27t17": 77, "27t18": 77, "27t20": 77, "27z": [23, 116, 183], "28": [14, 15, 23, 40, 42, 46, 48, 53, 77, 79, 85, 86, 96, 97, 103, 105, 106, 107, 110, 112, 113, 115, 116, 118, 123, 125, 126, 129, 135, 148, 151, 157], "2800": [62, 108, 142], "2801": 108, "2802": 108, "2808": 107, "28131": 17, "282": [101, 184], "282100": [101, 184], "2825": 107, "2828": 107, "28324": 42, "2834": 41, "2839": 126, "2844": [37, 183], "2844breach": 183, "2848": 97, "285": 123, "2853": 123, "286": 123, "2862": 98, "2865": 34, "2868": 14, "2869": 116, "2875365": 64, "288": [107, 185], "288z": 36, "28965": 87, "28f65659": 63, "28t14": 65, "28t20": [106, 107], "28t23": 148, "28z": [45, 89], "29": [9, 15, 17, 18, 23, 34, 42, 45, 62, 77, 79, 83, 88, 90, 97, 102, 105, 106, 107, 108, 112, 116, 118, 128, 129, 136, 144, 146, 148, 151, 165, 185], "2906506361": 131, "291": 34, "2912": 107, "29154": 105, "291z": 107, "292": 186, "2929171z": 77, "2936799z": 41, "2943": 107, "295": 32, "2952": 107, "296c": 23, "298": [7, 123], "2984": 107, "299": 45, "29ajsiap1141965": 90, "29d0": 144, "29d29d15d29d29d21c42d42d0000003014e6e1a0bc19438ed392b132659e77": 142, "29d3fd00029d29d00042d43d00041d598ac0c1012db967bb1ad0ff2491b3a": 186, "29d61af7163": 84, "29es1": 151, "29ok1bwgtwnrp1xwvxfyiol9rwlafmjf75": 185, "29raeyox0gswv": 84, "29t00": 23, "29t15": 144, "29t17": 23, "29t19": 123, "29t20": [23, 105], "29z": [89, 186], "2_amd64": 190, "2_i386": 190, "2a00": 185, "2a02fe6a5840": [101, 184], "2a58b28a880eab0ddc23d856e4871a69": 151, "2a59908315b3": 77, "2a5aff984283": 105, "2a75e6631e25ac1c998747ba1fd7dfac679ddc85": 45, "2a94aaf80aa31094790ce40da6fdfc03a9a145c5": 77, "2af5": 97, "2b6699ac8a3976b67dfbddee26dbe3a5": 190, "2b9b9b9b9b9": 106, "2bba": 73, "2bjaaa": 41, "2bkaaa": 41, "2blaaa": 41, "2bmaaa": 41, "2bnaaa": 41, "2boaaa": 41, "2brsxw54": 110, "2c": 107, "2c47": 126, "2c7e70b08": 186, "2cfc976767db44422e9281fb012845a2": 63, "2d05": 77, "2dforc": 42, "2e": 115, "2e1760254114": 98, "2e3760ce9fe8aaafbf41ce0eac49d0a9bf9b030d8840192ce053ff0b52d04b39": 37, "2ed7": 79, "2efa3": [87, 155], "2f": [34, 48, 63, 87, 155], "2f0aa046d48c": 71, "2f4ac158": [101, 184], "2f7qz33ra88bxme3gtzpelp": 97, "2fa": 87, "2fa86473c517": 101, "2favatar": 63, "2fc9": 101, "2fcallback": [87, 155], "2fe8aaa0ucmsaaa": 41, "2fe8aaa0uetzaaa": 41, "2fe8aaa0ugb5aaa": 41, "2fe8aaaaaaejaadi5xky9khuq48uewaxv": 41, "2fe8aaaaaaekaadi5xky9khuq48uewaxv": 41, "2fe8aaaaaaemaadi5xky9khuq48uewaxv": 41, "2fe8aaaaaaenaadi5xky9khuq48uewaxv": 41, "2fe8aaaaaaetaadi5xky9khuq48uewaxv": 41, "2fe8aaab6qy8aaa": 41, "2fe8aaapggugaaa": 41, "2fe8aaapgk": 41, "2fe8aaapgmcoaaa": 41, "2fe8aaapgmcpaaa": 41, "2fe8aaapgmcqaaa": 41, "2fe8aaapgmcraaa": 41, "2fe8aaapgtroaaa": 41, "2fe8aaavnld2aaa": 41, "2fe8aaavnld3aaa": 41, "2fe8aaavnld4aaa": 41, "2fe8aaavnld5aaa": 41, "2fe8aaavnld6aaa": 41, "2fe8aaavnlomaaa": 41, "2fe8aaavnlonaaa": 41, "2fe8aaavnlooaaa": 41, "2fe8aaavnlopaaa": 41, "2fe8aaavnloqaaa": 41, "2ffind": 48, "2finiti": 63, "2flocalhost": [87, 155], "2fmail": [87, 155], "2fr": 63, "2fsourc": 48, "2gb": 180, "2hbv": 110, "2lotuxhdmcntlgup8skhm0iip6akubl5pifbbu3snxt1roxrywjcwyp364aacaasurbvhja7j3ttxplhsejjdng5cobkhw4yixuapcqs1hwfuybmgkicdg": 185, "2m": 113, "2nd": 97, "3": [2, 3, 7, 9, 10, 11, 13, 14, 15, 16, 18, 19, 20, 23, 26, 27, 28, 29, 31, 32, 34, 35, 36, 37, 38, 40, 42, 43, 46, 47, 48, 50, 52, 53, 54, 56, 57, 58, 59, 61, 62, 64, 65, 66, 68, 69, 70, 71, 73, 76, 77, 78, 79, 81, 83, 84, 85, 86, 87, 89, 91, 95, 96, 97, 98, 101, 105, 106, 108, 109, 111, 112, 113, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 140, 141, 142, 145, 146, 148, 149, 150, 151, 152, 153, 155, 158, 161, 165, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187], "30": [2, 3, 7, 9, 10, 11, 14, 15, 16, 18, 19, 20, 21, 22, 24, 26, 27, 30, 33, 34, 35, 38, 41, 42, 43, 45, 52, 54, 56, 57, 59, 60, 63, 64, 66, 67, 68, 69, 72, 73, 74, 75, 76, 77, 79, 80, 83, 86, 87, 92, 93, 94, 97, 98, 100, 105, 106, 107, 108, 109, 113, 114, 115, 116, 118, 121, 125, 129, 131, 132, 134, 136, 138, 141, 143, 144, 149, 153, 155, 159, 178, 185], "300": [22, 34, 50, 89, 101, 102, 110, 112, 140, 184], "3000": [34, 116, 122], "30000001": 68, "30000001_qs1uuu5": 68, "30025": 106, "3004": 116, "301": 12, "302": [75, 183, 185], "30201": 23, "3023": 15, "302456832": 116, "302fbea868fdefa5c8c1da79b3f98e32": 185, "30347ecb": 71, "3039": 148, "305": [75, 77, 110], "3055": 42, "306": 97, "30624": 18, "307": 9, "3072ad5a": 97, "308": [12, 112], "3080": 42, "30909": 77, "3092": 107, "30d": [134, 141], "30t04": 41, "30t07": [41, 151], "30t13": 18, "30t14": 148, "30z": [38, 89, 183], "31": [3, 10, 12, 14, 15, 18, 23, 34, 35, 41, 42, 45, 48, 59, 62, 63, 66, 73, 76, 77, 80, 83, 84, 87, 88, 89, 103, 106, 107, 108, 112, 116, 119, 123, 129, 134, 144, 146, 186, 189], "3100": 107, "3108": 107, "3116": 107, "31166": 42, "3117060096": 116, "3118": 66, "31181": 42, "312": [77, 123], "3124": 107, "3128": [21, 28, 63, 88, 147], "313": 107, "3136": 107, "314": 107, "3145654620": 126, "3148": 107, "315": 107, "3156": 107, "316": 107, "3164": 107, "3172": 131, "3176": 107, "3176713z": 77, "3184": 107, "3187": 76, "3191": 97, "319z": 77, "31ab03c62b67b4d4162d9c5d92212cd732cc664ec65926c938c71c30d731f53f": 107, "31t00": 71, "31t09": 63, "31t11": 105, "31t12": 63, "31t16": 144, "31t18": 105, "31t20": 123, "31t21": 123, "31t22": [77, 123], "31t23": 77, "31z": [41, 45, 142], "32": [3, 7, 9, 12, 14, 23, 32, 34, 40, 42, 45, 48, 60, 65, 66, 68, 70, 73, 77, 80, 81, 87, 88, 89, 101, 105, 106, 107, 112, 116, 129, 136, 144, 148, 151, 159, 184], "3200": 107, "32000": 180, "3208": 146, "3210": 73, "32120969ccb74e5382fd587417e23e1c": 144, "3213": 105, "3217": 90, "3220": 18, "3229314z": 77, "322d20bf": 131, "3232": 53, "32322": 77, "3233": 40, "3235": 42, "323a": 97, "325": 45, "3265": 185, "3268": 116, "3282": 93, "3283": 116, "328934907913": 116, "328935": 116, "329": 35, "329397z": 106, "3294cbfa1b4d09103351ca2b234bcbfa": 118, "3296": 107, "329a6ff4": 105, "32b7017d2019dfe922abc4e07c3fd": 14, "32b7017d2019dfe922abc4e07c3fdfff": 14, "32c3": 116, "32c5d847e3c0": 105, "32k": 180, "32x32": 63, "32z": [41, 115], "33": [3, 9, 12, 15, 18, 35, 45, 58, 62, 77, 84, 88, 99, 103, 107, 115, 116, 122, 123, 125, 126, 127, 128, 129, 136, 139, 144, 146, 151], "3306": 180, "331": 77, "3310": 27, "332": 36, "332449fe0771": 77, "3326": [129, 135], "33266442240": 116, "333": [123, 142], "3331741957707965158": 48, "3333": [18, 23], "3340": 185, "3363": 87, "337": 148, "337895628616": 155, "3383": 146, "33851": 126, "3389": 42, "3390": 42, "33939ed01882": 144, "3396": 107, "33f98db5bdb6a7013d52f0120248df35": 121, "33z": [45, 144], "34": [3, 9, 10, 12, 14, 15, 18, 23, 28, 34, 37, 45, 46, 68, 75, 78, 88, 93, 95, 105, 106, 107, 108, 113, 116, 121, 123, 126, 132, 142, 144, 150, 151], "340": 144, "340546z": 144, "3416": 23, "3426": 115, "342z": 107, "3439": 3, "34467": 42, "34473": 42, "3449": 129, "344b": 105, "34525": 116, "34527": 42, "3456": 129, "3462": [14, 77], "3469": 105, "34703": 7, "3471": 3, "3476": 3, "34893488883972": 116, "348z": 131, "3490": 107, "3492": 107, "349319": 66, "34958": 116, "3496": 40, "349764c9": 32, "34b3f509": 98, "34z": 41, "35": [3, 10, 12, 15, 23, 29, 34, 36, 41, 42, 55, 56, 66, 68, 71, 73, 77, 84, 92, 97, 103, 121, 126, 144, 148, 151, 181, 183], "3500": 107, "35081d68": 144, "35118": 116, "351623070066166": 68, "3517": 135, "352": 68, "3523470783": 66, "352z": 36, "353": 97, "353834463164": 136, "353861234567": 136, "35394": 42, "35395": 42, "3544": 116, "355": 95, "3552": 131, "356": 107, "3564fc4": 77, "356ba4b7bc9fda6ad64ed936f0d47e7b19022adfcfc236753182f13a82613c87e3b2dc206fb523952d1841837f785dd8bf137d74919253249327dec36a7b4f180a61cd29e2f2db53febac95deee3300519d4dd28ba08af297f29a5862653a314324e78e41fe2696ab25fb42aa80c63556eeb119d961157c0fb573d93953b7adc485e4cee5c3ecc5561acc5d45c2b1ccb5575a28763a877859d11c9f520d311a750314aebbd71e2459caa4d35a799aeee9f285934086f302d94f368ace46def566f6aac8884b5701914ff26f304b072931bbaeb697aa9d11a71d21767924c96ffe5793848aee50cf40d02dfe4f70f6d329cb83d380397f5f4081c1dcb39034458": 126, "358": 97, "358becb2c9cc": 126, "358z": 144, "3595": 129, "3599": 87, "35b9b7988223": 23, "35eb": 97, "35m": 10, "35mthe": 10, "35pm": 113, "36": [3, 12, 21, 30, 34, 42, 45, 48, 54, 58, 59, 71, 73, 76, 77, 78, 80, 84, 93, 97, 98, 105, 106, 107, 108, 115, 116, 123, 131, 135, 144, 157, 185], "360": [42, 97], "3600": [34, 78, 142], "360017746394": 183, "362": 97, "3624": 115, "3624306361": 131, "363": 181, "36351": 14, "3635326852": 77, "364": 181, "3646436z": 77, "365": [7, 41, 77, 87, 95, 131], "3650": 87, "3661": 129, "366c": 23, "3670": [56, 183], "3672": 107, "367z": 185, "3680c6ba": 144, "3684210526315789": 26, "3686931z": 77, "36c7d0f9": 102, "37": [4, 12, 14, 15, 36, 40, 42, 45, 48, 54, 61, 62, 66, 73, 77, 78, 87, 91, 105, 106, 108, 112, 116, 126, 129, 134, 144, 152], "3702": 116, "3707": 131, "3713": 150, "3714": 66, "373": 126, "3731": 107, "373z": 123, "3749861717224121": 78, "375": 105, "376": 142, "377707z": 144, "377z": 106, "3789": 115, "3790": 128, "3792e397": 23, "37a9": 90, "37da": 97, "38": [12, 15, 18, 35, 42, 45, 46, 48, 59, 66, 77, 97, 106, 107, 112, 113, 116, 129, 148], "380": 45, "3805": [54, 108], "3810": 54, "38199c68": 77, "382": 185, "3828": 108, "3834_64215769": 123, "383879eab7c4e0c5d38c1c2e9709ffe9": 151, "384": 115, "3842_48c9cb33": 123, "3844edb09b68": 105, "386": 121, "3860": 61, "3860_7f3e3ad8": 123, "3861": 123, "3861_eb6723b9": 123, "38647": 42, "388": 73, "3888db45d29e": 105, "389": [66, 116, 158, 190], "389000": 87, "3892": [56, 183], "38e6b909da46": 2, "38z": 131, "39": [3, 18, 36, 42, 45, 59, 66, 73, 77, 84, 90, 93, 103, 105, 109, 112, 113, 118, 121, 123, 129, 131, 145, 151, 153, 155, 165], "390": 97, "3912bbf391299d495109636a0ea47bcb": 77, "3920": 32, "3941": 41, "3949": 33, "3952": 42, "3976": 144, "3978861743009": 157, "398": 90, "398z": 144, "399": 115, "39z": [41, 45], "3a": [63, 87, 107, 155], "3a47": 80, "3a8080": [87, 155], "3a8d27c47a9c": 105, "3aa62cab990d8648b6a9047787e030fa7": 131, "3aaaaaaaaaa": 106, "3ac3qsgekplbzv": 110, "3ac875f7333fb843aeacb01d1cbfa52ae5": 131, "3b": 102, "3b40ace9067c": 80, "3b89": 97, "3bc1732ca0fb": 105, "3bopen": 102, "3c1e": 73, "3c30bxzpajnj4bbcvle0laar8bvjtyfideezhxuxe4wzcuekxiwans3i8sl1cdgvgnssgefphbjq": 97, "3c47f0b6": 18, "3c7b5bd0": 58, "3cb04764ac1f211b2a79e12fedea41b1": 116, "3cdd": 79, "3cde21c1": 131, "3d": [41, 42, 84, 102], "3d16493b0814a18d6806ed30f4efac31": 64, "3d2e": 97, "3de": 42, "3e45": 34, "3f85cd99c850": 115, "3ge65": 151, "3lo": 63, "3qe_9ipdjkamvup3xolfkaufb": 155, "3rd": [112, 155], "3vaaanemjta": 41, "3xaaxaaxaaxaa": 106, "3y6cpx27gaqacfnp4ec3z2": 97, "4": [3, 7, 9, 10, 14, 15, 16, 18, 20, 21, 23, 24, 27, 30, 32, 34, 35, 36, 38, 40, 42, 48, 53, 54, 56, 57, 58, 59, 62, 63, 64, 65, 66, 69, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 85, 86, 87, 89, 90, 92, 93, 97, 98, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 119, 121, 123, 124, 126, 129, 134, 140, 142, 144, 145, 146, 148, 150, 151, 153, 155, 158, 159, 161, 170, 178, 180, 181, 185, 186, 189], "40": [3, 7, 18, 23, 24, 29, 37, 41, 42, 53, 57, 68, 73, 77, 78, 79, 83, 84, 97, 101, 103, 105, 106, 108, 112, 115, 116, 118, 123, 128, 129, 131, 134, 141, 144, 146, 150, 151], "400": [42, 110, 116], "4000": [155, 180], "4001": 185, "4008551z": 77, "400f72f8": 97, "4035": [20, 62], "4036": 107, "404": [63, 97, 101, 110], "4040": 123, "4041": 131, "40542465": 121, "40542507008": 116, "4057": 73, "4059": 18, "40599060058594": 12, "4078": 131, "4079": 79, "407e": 155, "4080": 107, "40888": 144, "4089": 123, "408e": 131, "409": [42, 108], "4096": 53, "40a9": 73, "40c2": 97, "40df": 23, "40e2": 77, "40e5d872": 80, "40ec": 105, "40ed": 80, "40ghz": 107, "40m": [134, 141], "40reshydradev": 41, "40thread": 131, "41": [3, 14, 15, 16, 17, 18, 24, 27, 31, 34, 35, 38, 40, 41, 42, 73, 77, 78, 79, 97, 106, 108, 112, 115, 116, 126, 129, 134, 185], "410": 116, "4104": 107, "4108": 115, "411": 50, "4116": 107, "411b": 125, "412": 19, "413": [84, 108], "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462": 77, "4144": 97, "415": 34, "415z": 36, "416": [84, 107], "416000": 87, "41660": 18, "416c": [101, 102, 184], "4175": 23, "4175720882": 131, "418": 36, "419": 12, "419372797012": 93, "419z": 144, "41ad": 108, "41b42b9c2dc99253ea8de9509413cc634de748bae8e5b2ad3080db58991d0971": 185, "41bf": 23, "41c1": 105, "41cgnz": 97, "41d3": 116, "41d9": 97, "41f0": 95, "41f9": 77, "41z": 41, "42": [3, 15, 18, 23, 31, 32, 34, 36, 42, 45, 50, 63, 73, 77, 78, 79, 84, 105, 106, 116, 123, 126, 144, 148, 180, 189], "4200": 9, "42000": 86, "4205": 105, "421": 34, "4216409aca4c": 185, "422": [42, 101, 123], "4220": 112, "4224": 108, "4231": 105, "4231735z": 77, "42321": 42, "4235": [3, 130], "4242": 108, "4254": [3, 74, 94, 159], "4259984z": 77, "4260": 79, "427": 24, "427c": 106, "428": 107, "428ffee0df26012a5a2c95b65af0025c": 95, "429": 41, "4294557696": 116, "4294967305": 42, "429a": 18, "429f": 79, "42a6370354e": 77, "42acd50c": 79, "42d4": 23, "42dc": 128, "42de": [101, 184], "42e3": 23, "42ef": 102, "42f7": 23, "42fb": 105, "43": [3, 7, 15, 18, 19, 32, 35, 36, 38, 41, 45, 48, 50, 68, 77, 85, 86, 91, 97, 103, 107, 108, 112, 121, 123, 124, 129, 134, 144, 146, 151, 152, 157, 166, 183, 185, 188], "4300": 15, "4303": 15, "4305": 42, "430512z": 77, "4307": 42, "431": 129, "4313a3fc6fe92d6fddf3ce95bf171a033c09bfcf": 45, "432": [97, 107], "432b": 77, "433241117337583618": 115, "4333": 131, "4340": 116, "434343434343434343": 115, "43434343434343434343434343": 115, "4346": 9, "434d": [18, 77, 78, 131], "436": 20, "4362": 146, "43798": 42, "4382": 126, "4388": 105, "4388963aaa83afe2042a46a3c017ad50bdcdafb3": 77, "43a7": 79, "43ad": 63, "43ba": 23, "43bc4149": 102, "43c9": 105, "43dd7b73": [79, 131], "43e6": 126, "43f7": 75, "43z": [23, 41], "44": [3, 18, 34, 35, 36, 41, 45, 52, 56, 62, 64, 73, 84, 86, 88, 89, 96, 97, 103, 105, 106, 107, 108, 116, 121, 123, 125, 152, 157, 165, 183, 184], "440": 80, "4408": 79, "44096166": 105, "441000": 87, "4416c3a8": 77, "442": 45, "44228": 105, "4423": 98, "443": [14, 18, 42, 63, 69, 70, 84, 87, 89, 105, 107, 110, 116, 120, 128, 129, 153, 181, 185, 190], "4435": 126, "443631z": 150, "444": 112, "4444": [18, 112], "4445": 102, "445": 116, "445f0ac1a020": 23, "445z": 185, "4461": 131, "446181058884": 93, "4466": 23, "446b23e1": 77, "447": 123, "4470": 42, "447393z": 48, "447689": 185, "448": 116, "448000": 107, "44832": 105, "4487": 23, "448b": 66, "448e": 102, "449c": 77, "44b7ed9daadb3ac89ead8977d04a0537fa3125a": 126, "44c7": 77, "44e0": 78, "44z": 48, "45": [3, 14, 18, 20, 31, 34, 35, 36, 41, 42, 45, 46, 48, 56, 58, 63, 65, 66, 68, 73, 77, 85, 88, 91, 96, 97, 98, 105, 107, 108, 116, 123, 124, 126, 131, 134, 135, 144, 146, 151, 166, 182, 187], "4500": 116, "4502": [3, 67], "45046": 105, "450e": 131, "450f": 105, "45105": 105, "4510a89f4588": 23, "451528": 105, "4520": 79, "45214": 42, "4525": 41, "4543": 126, "45486": 129, "454d": 23, "455795fabfd3c2c246b4b9e37782db8dbac8c9957210d782331861b56010bb12": 77, "456": [41, 87], "4574": 105, "45756395": 36, "4577150344848633": 78, "457e": 105, "4585": 165, "4593": 131, "4593785z": 77, "4598": 35, "459f": 116, "459f58a0ac1f211b0743e90d2f0c32a1": 116, "45a5": 97, "45bc27": [27, 66, 90], "45c4": 23, "45m": [134, 166], "45z": 183, "46": [3, 12, 14, 20, 23, 24, 29, 34, 35, 38, 40, 41, 45, 46, 48, 52, 65, 73, 77, 84, 95, 97, 101, 103, 107, 108, 112, 113, 115, 116, 123, 126, 134, 148, 166, 185], "460272187173695": 68, "4608": 106, "4609": 79, "460b": 23, "461314z": 150, "461397z": 115, "4614": 105, "461b": 38, "461z": 144, "4621": 97, "46232z": 150, "462a": 23, "463": 103, "464": 63, "4642241z": 77, "465": 87, "4652": [84, 131], "4655": 101, "4657": 121, "4659": 105, "465905z": 77, "46679a50632d05b99683a14b91a69ce908de1673fbb71e9cd325e5685fcd7e49": 23, "4673": 97, "467954c2": 90, "468": 129, "4680": [56, 183], "469": 155, "46a8": 126, "46ad": 23, "46ae4286c54b": 105, "46c1": 76, "46d2": 97, "46d6": 131, "46z": 45, "47": [12, 14, 15, 20, 23, 32, 34, 41, 58, 63, 64, 66, 73, 89, 103, 105, 106, 107, 108, 110, 112, 116, 123, 126, 129, 131, 135, 136, 141, 144, 151], "472z": [107, 144], "47314d20": 41, "473476": 126, "474": 185, "4748": 77, "4749": 123, "474e": 77, "474z": 144, "4751": 77, "4756": 38, "4759": 23, "475e": [79, 131], "4766": [14, 105], "4780": 107, "4784": 102, "478710": 157, "479": [80, 146], "48": [3, 14, 15, 18, 19, 23, 24, 34, 40, 42, 54, 58, 68, 71, 77, 84, 87, 89, 90, 97, 105, 108, 115, 116, 123, 125, 126, 128, 129, 135, 144, 148, 166, 183, 185], "480": 116, "4801": 77, "481": 129, "482f9b6e0cc4c1dbbd772aaaf088cb3a": 116, "4830": 107, "484648z": 150, "4848": 126, "484a": 2, "486": [110, 166], "4860": 186, "4861": 105, "4868": 107, "486z": 36, "488b": 23, "48ac": 105, "48b0": 77, "48b2": [77, 78], "48bbf98612290af2215c7a02b7ccbc82": 14, "48c9": 155, "48cd89827939b3a8976d9bb0993bc338": 144, "48e3": 34, "48x48": 63, "48z": 41, "49": [3, 14, 15, 19, 23, 36, 41, 50, 63, 71, 73, 76, 77, 79, 80, 85, 88, 89, 91, 98, 105, 106, 107, 108, 112, 113, 115, 116, 121, 123, 124, 129, 134, 152, 165, 166], "490": 185, "491": [73, 102], "491356741607": 97, "491f": 90, "491z": 107, "4925": 77, "4932": 105, "493371": 144, "494d": 97, "4951": 185, "4953": 106, "496b": 79, "49769": 125, "4988": 18, "49881": 7, "499": [103, 135], "4991": 105, "49a2a269271a": 97, "49ac": 182, "49ba": 105, "49ee": 105, "49f7": 102, "49x1": 97, "4a": 154, "4a15": 102, "4a2b": 23, "4a56": 23, "4a5b440a8c62": 105, "4a5db6fc6c11fd49b2836a4e77ed2284dc656222f73dbb8e59c8990a99edf8a9": 98, "4a80266952462523e3e5ac3b816032a": 116, "4a90": 32, "4ab4e3b7bde4": 103, "4ad4": [101, 184], "4b": 154, "4b04": 135, "4b45p": 77, "4b7e": 185, "4ba0": 32, "4ba7": 23, "4bbf": 105, "4bcf": 77, "4bd9": 97, "4bde1db6579b": 79, "4be17e67": 105, "4be4": 9, "4be6f56fdd37c9d3aa054a15cdfcb091bb16fa4d": 45, "4bea": 18, "4c10": 123, "4c1e": 107, "4c27": 131, "4c2c": 103, "4c47": 97, "4c4831e9": 79, "4c4c": 106, "4c53": 98, "4c62": 79, "4c74": 23, "4c93": 23, "4c96": 18, "4c9b": 146, "4ca0": 18, "4ca2": 105, "4cbd": 116, "4cbd63ee0946c25d1011db1872a1736a": 116, "4ccc": 106, "4d": 53, "4d12": 105, "4d136b0589a27ef": 23, "4d33": 98, "4d54": 23, "4d80": 105, "4d84": [77, 78], "4d96": 32, "4dd3": 97, "4dd9": 131, "4dfde5a": 131, "4e24": 105, "4e28": 105, "4e2a": 105, "4e5b": 77, "4e5d": 77, "4e65": 34, "4e6c": 77, "4e6d": 123, "4e832627b4f6": 97, "4e9b": 79, "4eabcdefg": 150, "4eac5ba86b27414098820732fe7876f6": 32, "4eb1": 150, "4eced01ba15f": 150, "4ede": 105, "4ee8": 23, "4f": 107, "4f6d": 131, "4f7b": 105, "4f7f": 150, "4f8e": 101, "4f8f": 77, "4fac": 107, "4fbb": 97, "4fc4": 77, "4fd7": 123, "4fd97d44f069": 79, "4fe4": 144, "4ff3": 108, "4gb": 180, "4mo8bxwyxnmq0fd4xcb8ygnmwnypjgafaqaq": 97, "4oa0gkjn830": 116, "4py0d": 97, "4r85": 97, "4ur": 98, "4uv5mvsh7kopfhsgsb": 41, "4zohxoaq": 84, "5": [3, 7, 14, 17, 22, 23, 24, 31, 32, 34, 35, 36, 38, 40, 41, 42, 43, 53, 54, 56, 58, 63, 64, 65, 66, 69, 71, 73, 77, 80, 84, 85, 87, 88, 89, 90, 93, 95, 97, 98, 101, 103, 105, 107, 113, 116, 121, 123, 124, 126, 128, 129, 134, 135, 140, 142, 143, 150, 151, 153, 165, 177, 181, 182, 184, 185, 186, 189], "50": [3, 7, 10, 15, 17, 23, 33, 35, 42, 59, 63, 65, 66, 68, 69, 70, 76, 77, 79, 80, 85, 87, 88, 89, 90, 91, 97, 98, 102, 103, 105, 106, 112, 116, 123, 126, 128, 129, 142, 143, 144, 150, 152, 153, 181, 183, 185, 189], "500": [23, 27, 54, 77, 80, 102, 110, 116, 123, 150], "5000": [1, 80, 116, 179], "50000000": 23, "5001828": 102, "50051": 52, "500hr00001vhyiciab": 112, "500hr00001wthb4iab": 112, "500hr00001wu3etiaj": 112, "500hr00001x8wykiaf": 112, "500hr00001x906jiab": 112, "500hr00001x98nniaj": 112, "50102": 111, "50104": 111, "50136": 185, "501548362894b9a08f071b1565d8aa14": 95, "50246": 185, "502z": 185, "503": [41, 80], "504": 88, "5048": 76, "50594": 131, "5059b918": 23, "506": 185, "508": 63, "5084032z": 41, "5087": [3, 51], "5088": 107, "5098": 18, "50ad7d3": [18, 77, 78, 131], "50adc897": 105, "50b0": 23, "50c323c1": 144, "50ca7e01766a": 131, "50ce": 105, "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c": 151, "50ghfd9jcw": 151, "50skqtffs2": 151, "50z": [41, 45], "51": [3, 14, 15, 17, 23, 40, 65, 68, 77, 78, 98, 101, 102, 105, 106, 109, 110, 112, 116, 123, 125, 129, 136, 144, 150, 151, 153, 165], "51197": 116, "512": 24, "5123526f5b08": 102, "513": 66, "514": [73, 78, 88], "5140": 107, "51417677b5e7b17542d383f5b25e2b43": 101, "51450374": 23, "515z": 144, "516": 186, "516z": 107, "517z": 185, "518149": 185, "518317": 185, "5184": 107, "51843": 185, "519": 73, "51948": 38, "51966": 116, "51a2": 38, "51c0": 97, "52": [9, 10, 15, 18, 23, 32, 34, 35, 36, 63, 68, 77, 84, 89, 97, 101, 102, 105, 106, 107, 112, 116, 126, 144, 148, 152, 183, 184, 185], "5215": 115, "521z": [144, 185], "522": 88, "5223": 116, "524": 107, "5259227z": 77, "5261": [3, 55], "5263157894736842": 26, "526691595z": 32, "528": 107, "528b8e59": 102, "52a5f23ccdf1": 77, "52adef79fe80b4958050c700a8b0da15": 151, "52b41acc": 97, "52b5c0daeb16": 105, "52c2ba8d": 97, "52e6b38b": 80, "52fc": 150, "53": [7, 14, 15, 18, 23, 41, 42, 57, 66, 76, 77, 80, 89, 102, 103, 105, 107, 112, 115, 116, 123, 129, 144], "5306946": 18, "5307443z": 77, "531cb865bb4a8c87090440414dfce5c16dec06e314797576ba4bac500f602bb5": 98, "532": 107, "5321": 108, "533": 18, "533077z": 115, "5343": [3, 100], "5353": 116, "535479z": 144, "5355": 116, "5357": 116, "5358": 116, "5365": 15, "537": [93, 185], "539": 97, "5394": 62, "539z": 185, "54": [14, 15, 23, 32, 35, 41, 42, 48, 66, 73, 77, 90, 103, 105, 107, 115, 126, 146], "540": 107, "541535": 68, "541548fc738f": 79, "54232": 23, "54233": 23, "543": [35, 73], "5432": [86, 113, 180, 181], "54336": 106, "5438": 97, "5445": [3, 114], "5448": 146, "545": 66, "54545": 144, "546": 35, "5468": 148, "546z": 106, "547": [73, 126], "54708cb41d08344e2a8af58b": 110, "5471": 35, "548": 116, "54fc": 90, "55": [7, 15, 18, 36, 40, 41, 45, 48, 59, 73, 76, 77, 79, 84, 87, 89, 90, 95, 97, 98, 103, 106, 107, 112, 115, 116, 123, 126, 128, 150, 152, 165], "55000126pg": 151, "550001h8bt": 151, "550002yae9": 151, "5500038yxj": 151, "550004jmxn": 151, "55000aj8rt": 151, "550f104c94ea": 126, "551": 24, "5522": 97, "5528": 150, "553648130": 23, "553648202": 23, "553648204": 23, "5540333z": 79, "554696714": 23, "554696715": 23, "555": [73, 95], "5555": 190, "55555555": 18, "5558": 125, "556": 151, "5565": 48, "5568": 107, "5574": 108, "558": [68, 80], "5580c55feaeaeb35e8a9f88dd9dac69d70acaacfabb39012c7ae9c26b4c2a239": 107, "5586762z": 78, "559": 65, "5590": 115, "55b865fcb6": 150, "55de7a4c": 77, "55eb": 79, "56": [14, 15, 23, 34, 35, 36, 41, 42, 45, 53, 64, 73, 77, 78, 90, 103, 106, 108, 110, 115, 116, 144, 184, 185], "560569": 185, "561976be4b6e992478c13ea230e0f6a4e708e3b7befc61642dcd281bcacec975": 126, "561z": 107, "562852": 126, "563006": 126, "563057": 126, "5634": [3, 21, 30, 54, 76, 93, 138, 149], "5638590": 116, "563z": 144, "564": 73, "5644": 15, "5647": 135, "564z": 106, "5672": 58, "56753": 144, "5678": 115, "568": 80, "5684": 107, "57": [3, 15, 17, 37, 41, 63, 66, 73, 77, 83, 87, 97, 98, 103, 105, 106, 107, 115, 116, 131, 135, 144, 146, 148, 150, 186], "570": 90, "5713": 113, "5732": 96, "5733333": 18, "57382c61ba68": 77, "5762": 150, "576771": 105, "578": [73, 129], "5789473684210527": 26, "57bae1c2": 77, "57c5bb9c88": 77, "57df779566": 77, "57z": [41, 123], "58": [9, 18, 35, 36, 41, 45, 63, 66, 73, 77, 86, 103, 105, 107, 108, 112, 115, 116, 129, 131, 150, 157, 184], "580": 9, "58011": 38, "581": [73, 185], "5815": 95, "581b": 126, "584": [87, 151], "584485135": 97, "586": [9, 116], "587": [21, 87], "5877": 102, "588": 9, "588360": 126, "58z": [41, 131], "59": [24, 34, 35, 36, 48, 63, 66, 68, 77, 79, 87, 88, 90, 97, 105, 115, 126, 136, 142, 144, 146, 151, 166], "5902": 42, "590f9895c2cbe93d47c3f7a3104fb843edfb5d5741330593d7d302a1e11e0ba5": 116, "592f0bdc": 150, "59301": 106, "5931a062": 23, "5944": 108, "5963": 48, "5968": 97, "598": 35, "5985342": 18, "599": 63, "599379": 126, "59e44ad8a982ba9a4af1630c6d762675b33c74bec5f73da79192f8cf062d5810edf3b8d6fc6cff139632cd4fe98724850b74a2c2f60ff5a7d87d768aaee9c9582b6e006fb9cd24eec442c54c16859d34613923bfc68e95c984a9b2e5410f4478d795b9cfd974bf584fe716ff7c4030c46c4e224dcb83673a93bf2bc5c59c1af243a1253b84f6f7536ea885aede14749130060df207d4c408ba4364c5e23fdaacc541afa437e8427674f713bb4a7d3659819bc744df8973b93342e860c24d615d125a10f6efff33891450e8d69fc6b95c2b35dbadeddd36b625f2958aac693f9afe1af815286dea185ac2d26218af4078b5fa5e098f53f9ccf823a1833123f4c6": 142, "59g3vyg0wennecew6bz9f": 97, "5a": 41, "5acd56f7639": 23, "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124": 23, "5afc7cfb": 105, "5b": 144, "5b3beaa8": 105, "5ba8": 97, "5c": 115, "5c4e": 150, "5d": 144, "5d63": 71, "5d836a4acc55922e49fc709c7a39e233": 95, "5d85c5e9": 97, "5da9bceb": 97, "5dbcb688": 105, "5dd0": 155, "5e0000000325": 34, "5e1c8874b29de480a0513516fb542cad2b049cc3": 77, "5e229e3630d1": 105, "5e91": 79, "5ef2f214260ab8f58e55eea42e4ac04b0f171807d8d1185fddd67470e9ab6096": 142, "5ef6": 16, "5f170f6131b7": 105, "5f59": 41, "5fc876eac7e8": 105, "5h": 113, "5px": [12, 17, 24, 45, 78, 90, 115, 129, 144], "5xth": 146, "6": [4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 27, 29, 31, 32, 33, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 53, 54, 56, 57, 58, 59, 63, 64, 65, 66, 68, 69, 71, 73, 77, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 118, 119, 121, 123, 124, 126, 128, 129, 131, 134, 135, 136, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 165, 177, 178, 180, 186], "60": [14, 34, 42, 63, 68, 72, 73, 77, 79, 89, 93, 98, 99, 100, 101, 102, 103, 105, 106, 107, 110, 112, 115, 116, 123, 126, 129, 134, 136, 142, 143, 144, 165, 166, 184], "600": [19, 55, 89, 102, 105, 107, 114, 116, 142, 185], "6000": 116, "6006": 59, "6014": 48, "601b3a550ab9": 107, "6024000000000": 150, "60372": 19, "6040000": 116, "605": 59, "606": 73, "606060606060606060": 115, "6060606060606060606": 115, "606e693c6ac040107c07dcc7c7ed6785": 32, "606z": 144, "607": 9, "607447413779893818": 115, "607447413805059643": 115, "60873d6d": 150, "609": [88, 108], "609a9f30b514": [79, 131], "609dc6e4d76f": 18, "60b7c0fead45f2066e5b805a91f4f0fc": 37, "60baffd3f9042e38640f2300d5c5a631": 14, "60bfae787651": 105, "61": [23, 36, 42, 106], "610d4a69": 101, "612822z": 115, "614": 71, "615": 108, "616": 97, "616308z": 115, "6167": 14, "617": [88, 108], "61758": 77, "61859": 77, "619a": 97, "6207": 42, "620z": 14, "623": 97, "624b3e67f533f89c2f700992": 152, "625": [73, 129], "6250": 54, "62514": 116, "62516": 116, "62524": 116, "625b": 105, "625z": 14, "626": [35, 105], "627": 97, "6287": 42, "629": 34, "62b1": 97, "62b2f277d0164e239457b719": 38, "62b326c9d0164ee8e257b729": 38, "62f3": 102, "63": [10, 32, 42, 126, 189], "631": 73, "6319": 79, "6324ff6f2bfc710a0dfcb59f0c2f991e0d68f81976b1e85777bb94827ec031a22720dd4b66b12e2576bde798b74a0645": 126, "6328": [3, 145], "636": 66, "6367011b1d93": 105, "637z": 146, "638246066435733333": 18, "63b8": 97, "63dbcdf8df0c": 34, "63dce33f44ac": 9, "64": [24, 40, 53, 77, 85, 93, 101, 115, 116, 126, 144, 151, 186], "64013580": 110, "641": 35, "641z": 144, "642": 35, "6422279z": 131, "643": 35, "643z": 107, "644": 35, "6441979904": 116, "6455442249407791000": 23, "6455442249407791109": 23, "6464": 186, "646e2686eba9": 115, "6479": 105, "648": 185, "6481": 144, "649": 77, "64f6": 77, "64k": 180, "65": [23, 42, 53, 97, 116, 126], "650": [61, 116, 146], "65001": [69, 70, 120, 128], "652z": 107, "6546xxxx29bc6cxxxx": 71, "655": 97, "6554": [3, 57, 83], "6565662z": 79, "657": 15, "6576": 97, "659": 84, "659151942": 23, "65994753": 32, "65ef47d95cd7f554699537f0": 17, "66": [12, 42, 58, 79], "66048": 66, "6616d56e0000": 79, "6616d57f0000": 79, "6616d7020000": 79, "663": 185, "663b833f6fc0": 97, "663f166080a8": 126, "665": 77, "66605": 95, "668": 150, "66848": 185, "6688": 77, "669": 183, "6695009330bb": 23, "6696966z": 77, "669z": 107, "66e54faed53c": 80, "66f6afcaf33": 116, "67": [42, 102, 116, 126, 151], "6703": 32, "6719": 185, "672": 107, "673": 77, "673z": 107, "676": 107, "676d1be7": 32, "6776": 185, "6779": 144, "678": 129, "6783": [3, 16, 27, 35], "6785431z": 77, "6786": 108, "68": [87, 116, 126, 142, 186], "680271": 66, "6807": 106, "68314": 129, "6833": 102, "6843": 185, "6853839cde69359049ae6f7bd3ae86d7": 23, "686z": 151, "689": 15, "689e": 150, "68a66f7f": 98, "68b1": 144, "68c4": 105, "69": [24, 102, 126], "690z": 48, "6912": 112, "696": 24, "699000": 152, "6_1_6_4": 17, "6a2d": 97, "6a3290f368de76e0dc83d7a380ca91e8950a57ff2aabc94c706b3418743e2743": 155, "6a3f": 131, "6a70": [79, 131], "6ab8": 97, "6b0baed2": 23, "6b281d07ffde": 66, "6b54818cd110": 77, "6b9d": 77, "6bc4b73c": 23, "6bf8c47e": 108, "6c3245d4a9bc0244d99dff27af259cbbae2e2d16": 77, "6c3c2005": 23, "6c5000418a81": 79, "6c5000418a81_4c4831e9": 79, "6c98b3f1dcc03245a5f9e525ad6ac11983dc26dadebeb497492462aa166e19f0": 155, "6cbc27a1941c": 105, "6cbce4a295c163791b60fc23d285e6d84f28ee4c": 107, "6d7f": 34, "6db4c6bcafe3333fffaf5a754b7ae73d": 151, "6e5aa5cb0946c25d40c83823bb5107e6": 116, "6e8476e5": 105, "6e85858585854": 106, "6efvp": 151, "6egsfrqav3zbmfvmllksvobppyvdsc5vcjtzthb1301vadlaspaygytsdaj5z8": 116, "6f097307fda711eeb0bd491bae9facb0": 144, "6f45": 90, "6f7d": 128, "6i5fgoeg3ssimry4dqdovcpg4be4jjskcy1ii": 97, "6ikqchbpxlbmv4jv": 185, "6shmdt44sgg_v": 38, "6t2h2nhfyc8k9rzjiawgavjdsbrc27tey20kg": 97, "6v3hq": 97, "7": [1, 7, 10, 11, 14, 16, 18, 21, 23, 26, 27, 32, 34, 35, 36, 38, 41, 42, 43, 46, 48, 52, 53, 54, 55, 57, 58, 59, 65, 68, 73, 77, 87, 88, 90, 95, 96, 97, 101, 102, 103, 105, 107, 115, 116, 118, 123, 124, 126, 128, 129, 134, 135, 142, 145, 146, 151, 157, 159, 161, 166, 178, 180, 184, 189], "70": [58, 68, 85, 107, 116, 126, 144], "70000006": 23, "701": 14, "701719": 105, "7018": 14, "702": 73, "704": 105, "7058": 3, "705z": 36, "7066667": 18, "707dfe08411": 105, "7091": 23, "70ca": 135, "70f2a19ab22a": 18, "71": [23, 42, 126], "711": 110, "7112": 112, "711226z": 115, "711z": 144, "712": 185, "712z": 107, "71440046": 23, "716": 107, "717": 185, "71760": 34, "71762": 34, "71763": 34, "71764": 34, "71765": 34, "7184658050537109": 78, "719": 42, "71c9": 97, "72": 126, "7200": 142, "720768": 107, "721": 97, "7216": 108, "721f": 32, "723fdc431f32": 116, "7247": 42, "725871979": 32, "725c8064c775432fb85ea16d7b7c85c7": 146, "72676": 144, "728ee069b76107e9e2930dbffd50dfc52f440823e5f252935eb8607a47b11efc": 32, "729": 15, "72b8204066d3b290b68bae2eeb1942cd": 190, "72e3": 131, "72ef5e10": 97, "73": [42, 68, 87, 88], "7309": 17, "731": 110, "7312": 129, "731z": 36, "7333333z": 78, "734843z": 79, "7353f60b1739074eb17c5f4dddefe239": 107, "7368421052631579": 26, "739": 42, "7394034758": 73, "73a3c4aef5de385875339fc2eb7e58a9e8a47b6161bdc6436bf78a763537be70": 77, "73loq": 151, "73z": 77, "74": [42, 126, 185], "7411a4da": 107, "741389": 105, "741z": 151, "742z": 144, "7477c64706110f4d0652b28c6618b8b83d27fef94ca9d112965f8c9a62ca3d7": 144, "74d793c0e151": 32, "75": [97, 105, 126, 143, 185], "751000": 152, "751e": [101, 184], "751z": 48, "752": 15, "754z": 48, "756508e728338b4931e199674e65ff9ba5daa25914f75cca8d424efd7ab89f0d": 126, "757": 29, "758451z": 77, "7585": [3, 64, 86], "759": 35, "7592": 144, "759a": 77, "759liuq4r3": 97, "76": [3, 28, 79, 105], "7611744a6e9a": 23, "761de33e1c3d08865f5f2d0cfc84c3b5401c7915a2953ca6b8c2fddbb007556b": 144, "764a62f2": 131, "765669c8c9": 77, "7657": 123, "7659xxxx29bc6cxxxx": 71, "7660": 38, "768224z": 115, "769721": 105, "76d9": 105, "76ed": 34, "76edc092": 23, "77": [7, 53], "7707565e": 97, "773": 18, "7740": 77, "7746": 115, "7753": 77, "77616": 185, "77910": 185, "77a6": 108, "77bb": 97, "77c094efe348": 23, "77d4a35822f0": 97, "78": [36, 78, 97, 126], "780": 42, "781": 126, "783": 107, "785": 185, "78566": 185, "78680309": 77, "78695": 185, "787": 73, "788": 107, "7899": [3, 31, 45, 105, 116, 135], "78994z": 77, "78bt3": 151, "79": [42, 68, 116, 126], "790": 15, "791": [77, 123], "792": 144, "794z": 48, "7951": 15, "7957": 77, "798": 42, "7989": 18, "798z": 36, "799": 73, "7990619": 56, "799d84f0": 185, "799z": [123, 151], "79a5ab21908f": 23, "79ad5636b73a4c0d828938ae1e5b2c13": 116, "79k7": 151, "7a": 95, "7a07": 79, "7a576996e703": 105, "7a945e934638": 105, "7abca37c1c124cb2a4e74661f4a8c47": 146, "7ae5ba435f196a40cc08b8b02c6b0905774a40d": 45, "7b0c7f7133e4": 18, "7b54": 97, "7baa138c499f": 23, "7bc411976ec9": 144, "7c10": 97, "7c19": 77, "7c551c65686c0866daafcee3d8061d6b": 151, "7c551c65686c0866daafcee3d838f052": 151, "7ca1fdfe537913b8854227efc1f11b00d405f2d21e416e7023c4ebed2bfa887d2bc4d4d553ce41667c99def47ea05e6ce4a773c4ee7173927f1d263e724c16c2": 121, "7cbbf08ebb723e7986f2369fc6b7e6fec773ff511484da8b643141e8b1aa221c": 98, "7cc5b89b": 79, "7cf204190449": [101, 184], "7cinc000000005009": 20, "7d": 58, "7d1eabcdefg": 150, "7d3670ddf5a64a99b3721bf8a375b302": 116, "7d51": 144, "7d51bd774f20": 97, "7d52abd6": 105, "7d6aaa6f0946c25d170b3a2d442500b6": 116, "7d889aac958a5dbebc01a16979140eb2": 151, "7db452ea": 79, "7e": [23, 53], "7e4bb119a9fe9dc526edabfb1ee261b8": 116, "7e639ad8ffb3": 97, "7e9c": 131, "7edbf1904269": 155, "7ef034b68320": 105, "7f": 116, "7f1c3609": 77, "7f42db5a8e63019": 23, "7f4db93a": 102, "7f63": 77, "7f93ed7954ef": 34, "7f9f": 116, "7fb0ff": 66, "7ffyzir1o5k6h97mxcmgbuss0vdrewt4hnxa5hrtghw9sna5qsyzn0zlk": 97, "7gbcp": 77, "7jookt1tj5hinlgfbgcbcrnj5": 97, "7m9fp6we": 144, "7ogelgyvhw": 97, "7p1qd0d8aoqbkgtoky3zgev2o": 97, "7sm0vq7vvnmyjt1puvghoxb7tbcge1aqeamsry4nm27p": 97, "7u7v8aae5otktls0hisfzwvnz2dlhywo3t7fhx8f": 185, "7ua1h": 151, "7z": 97, "8": [7, 10, 12, 15, 18, 20, 23, 24, 30, 31, 32, 34, 35, 36, 38, 40, 41, 42, 45, 46, 48, 55, 56, 59, 61, 64, 71, 73, 77, 85, 87, 88, 89, 90, 97, 98, 101, 102, 103, 106, 107, 108, 110, 112, 113, 115, 116, 118, 123, 126, 129, 135, 144, 146, 148, 151, 155, 165, 180, 183, 185, 186, 188, 189], "80": [14, 15, 23, 36, 42, 79, 84, 85, 116, 123, 145, 153, 183], "800": 116, "8000": [53, 190], "80010119": 34, "800z": 151, "80115532": 183, "802": 29, "802d": [18, 77, 78, 131], "803064": 66, "80386": 121, "804": 185, "8040": 77, "8042": 102, "805306368": 66, "8065": 34, "8066": 34, "8067": 34, "8080": [9, 55, 81, 84, 87, 99, 131, 146, 152, 155, 190], "808080": 101, "8083243z": 77, "808372800": 142, "8088": 182, "8089": 128, "808949021a04d66f9e54192028693507": 135, "809": [48, 185], "80ab": 150, "80c039c4": 105, "80ef843fa78c33b511394a9c7535a9cbace1deb2270e86ee4ad2faffa5b1e7d2": 23, "80m": 183, "81": 126, "810": 42, "8113": 126, "8121": 116, "8126235z": 77, "8131": [3, 12, 24, 46, 52, 84, 95, 107, 112, 166], "814a": 123, "81567": 116, "815f": 144, "816": 73, "8168": 123, "817450822869712903": 107, "817z": 151, "8180": 86, "81d1985def1840b92a0fc109761345e2966043a7": 45, "81e2d4bb": 182, "82": [12, 14, 126], "820": 73, "8205": 77, "822": [84, 90, 128, 142, 186], "8239": 84, "823c": 77, "825": 73, "825c234b510213d77f2a0b84b690ec541ea7e30178b28274f2231880d21e7fef": 185, "825z": [93, 123], "8260": 107, "8273": 97, "8282": 116, "82825b58": 135, "82862c65f3c8": 18, "82ca6db1": 105, "82f6": 97, "83": [42, 126], "8304": 41, "8312": 105, "8328": 34, "8329": 34, "8329e587": 115, "833": 185, "8330": 34, "834299573936": [1, 14], "8344": 97, "836": 144, "836686917654282240": 107, "838": 126, "8394": 42, "8395": 77, "839608851933167623": 107, "83a8bc932fc27c3e8f7c064a809c23aa8d737d2e1844b3c512e912fef14678f43bb0c994250a1d628b06b88075f2b441": 126, "83b1": 97, "83b76efe": 150, "83c0": 106, "84": [88, 90, 97], "8402983z": 77, "842z": 107, "844": 183, "8443": [20, 54, 55, 73, 109, 116], "8445378z": 79, "8446": 116, "844e": 77, "8458727z": 77, "8466667z": 77, "8467": 112, "847c": 150, "8495": 144, "85": [12, 23, 90, 95, 96, 126], "8502": 23, "8503": 14, "850e0b0b": 97, "851553z": 115, "853": 116, "854780206e7abbf5a46704f1e75c5075881e4e914c7b44bea45fac1677781096": 144, "857d21c8a80297fb0078cdc036b290b61cb4eec5c1889eab4c7ae3daeeeaa655": 107, "857f": 9, "858": 185, "858689": 105, "858z": 36, "8591": 105, "85c62850": 58, "85dc76156e96": 79, "86": 36, "8601": 78, "861c": 9, "862": 53, "862a": 41, "86400": [26, 150], "8640423z": 77, "864e": 146, "8653881344": 53, "8678": 131, "8678ccd8c8": 125, "868013z": 77, "86b0": 105, "86e0bfc8": 9, "86ikwxssg": 18, "87": [3, 18, 36, 115, 126, 144, 190], "871": 34, "872": 20, "8725": 30, "87423": 15, "875": 128, "876174682842202112": 107, "876667": 10, "878z": 123, "87b8e8c7": 97, "87bf": 77, "87fd1ea0": 131, "87z": 123, "88": [34, 36, 90, 107, 115, 116, 126], "880": 76, "8803": [3, 14], "880d": 97, "8827": 77, "883": 79, "883158861": 78, "8838": 23, "8842": 40, "8844": 186, "887": 73, "88750037": 102, "88750545": 102, "88750854": 102, "888730": 10, "8888": [72, 186], "889e958fb8354a0e4f9f5abcb3016bfa": 32, "88c3": [79, 131], "88f1": 105, "88f5fb3b8c2436b172fbb4c8fa1c4ff4": 144, "89": [101, 126, 150, 184], "890e283b": 116, "891007z": 150, "8925": 123, "8927": 97, "8944": 107, "8960": 185, "89663c44": 23, "896d": 23, "897": 48, "8970": 105, "89922216709": 31, "899z": 107, "89ad1bbb0946c25d25e6c0984e971d8a": 116, "89bb": 105, "89d65": 77, "89e99b336784": [18, 77, 78], "8_oauth": 155, "8a33": 77, "8a53": 150, "8a68fc7ffd25e12cb92e3cb8a51bf219cada775baef73991bee384b3656fa284": 23, "8a87acebc21e2cc5eeb24af602b32b30": 144, "8aalgaaaaaaaaaqaaaaaaa": 116, "8aalgaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaa4fug4atannibgbtm0hvghpcybwcm9ncmftignhbm5vdcbizsbydw4gaw4gre9tig1vzguudq0kjaaaaaaaaabqrqaaziycad": 77, "8aueshcfnhbpsncgaakiiaafblaqiuabqacagiabowifvz4w6bdqoaacoiaaakaaaaaaaaaaaaaaaaaaaaaablehbvcnqucmvzuesfbgaaaaabaaeaoaaaaeukaaaaaa": 97, "8b": 116, "8b8d9514c6180d5fcd7b7eb52b9f3286cea9c8df818abc5a63ad50ba37bd9935": 59, "8b9342a1bb64": 126, "8bea5e5453c4": 97, "8c0e": 105, "8c1b": 107, "8c2c": 97, "8c4e": 97, "8c61d4bf": 102, "8c64": 18, "8c73": 105, "8cmb0q": 185, "8d64165fb1599e845faefe04040f8151589fec8fb13e09aeb6ea68e5f5b98ef5032e5233a6463785f1f613e8ba5b0fdb385754845c5f40b6d8f620496366d72709daca6b711ed9646f971e2ad76f78e83077bc8525e8b37610bc6584b96e89439672b093594b541a4c1a9b54bc9b5594d61aaaa3eee7435890cfa9035b820495": 126, "8d77ee017c204afea4a10b682f15dba": 116, "8dae": [77, 78], "8dbb": 23, "8dd7415a": 97, "8e0b6b736093": 105, "8e0f26ea940b": 76, "8e20": 116, "8e20f39b0946c25d118925c2e28c2d59": 116, "8e2aaa7770fb": 97, "8e6ffdf6": 79, "8e8f59e68bd8": 150, "8ea2": 23, "8eb293471ee7": 41, "8ec9": 95, "8eec": 23, "8eee": 106, "8ef9": 105, "8f": 107, "8f3f": 102, "8f69": 97, "8f7c9555176248ea553d9ac4c8df5a4b5e36ba43d2b02c153e3ee322970877e0": 144, "8fc9": 106, "8fit": 183, "8h1blbwjmedmgdgoaacoiaabqswecfaauaagicaawpihvzhg5hg4kaaaqigaacgaaaaaaaaaaaaaaaaaaaaaazxhwb3j0lnjlc1blbqyaaaaaaqabadgaaabgcgaaaaa": 97, "8ih": 97, "8ljucb6hgs4ftmzucpdaampmvlzwintpfmzpttu6wtkvjd3by8vp4vl": 185, "8po": 97, "8rt": 110, "8track": [56, 183], "8v1aaaaaaa5f": 106, "9": [2, 7, 10, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 31, 34, 38, 40, 41, 42, 45, 46, 48, 50, 52, 58, 63, 64, 65, 66, 71, 73, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 119, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 146, 150, 151, 152, 153, 155, 161, 165, 180, 182, 185, 189], "90": [36, 77, 97, 105, 126, 155], "9000": [4, 168, 169, 170, 171, 172, 174], "9010714z": 79, "9011": 79, "9048930534532860994": 48, "905z": 144, "906c": 105, "908090000946c25d330e919313d23887": 116, "9092": [65, 179], "9097": [3, 10, 23, 65, 79, 144, 150], "9099": 23, "909eb7d918e2": 105, "90d1": [34, 87, 155], "91": [23, 71, 126], "910001": 90, "910332z": 78, "911z": 79, "912": 185, "9133333": 18, "9133333z": 77, "913851": 105, "913z": 105, "914": [71, 112], "914c": 105, "915": 68, "9170": 15, "9190697z": 77, "91z": 123, "92": [23, 115, 157], "9200": 178, "920097": 90, "9205": 116, "921": 185, "921173": 85, "92192": 17, "923af5dd": 105, "923b": 79, "925": 77, "928": 107, "9297673": 18, "92f3": 146, "92f8": 126, "92fd": 66, "93": [26, 68, 85, 107, 116, 126, 142], "930": 32, "930097": 90, "93166": 106, "932": 107, "9332": 106, "9333333z": 77, "9338": 131, "9340": [3, 15, 78, 101, 102, 109, 110, 123, 129, 153], "935": 123, "9392": 128, "939525795968188423": 107, "93dfc3af285816182861e0a5252624420bcc0484": 77, "94": [23, 105, 116, 129], "94035": 61, "940c4d2": 77, "941": 136, "942z": 107, "944": 15, "944506478": 90, "944626604": 90, "9451859": 18, "945a": 79, "946671267z": 32, "94667175z": 32, "948": 42, "9480498z": 77, "9484": 105, "94a5": 79, "94aee176e311": 97, "95": [126, 180], "950": 185, "9501": 105, "9507": 105, "951": 68, "952": 107, "952427": 121, "9533333z": 77, "954c": 105, "95538": 144, "9582": 18, "9591": 146, "959z": 106, "95c7f1040af1": 97, "96": 126, "9603": 78, "9604553": 18, "960c": 77, "960z": 14, "962": 103, "963z": 36, "9649": 2, "965": 42, "96667px": 101, "9667": 97, "9670": 42, "9683de062b98f63f5d1be56538a01e923115c78102ab71d6442579998228ad7b": 45, "968a": 66, "968z": 71, "969": 42, "96aa": 23, "96b8": 103, "97": 126, "9705338z": 78, "971": 107, "9710a198": 23, "9730547z": 77, "975": 59, "97583": 185, "975z": 36, "976": 34, "97645": 185, "9775": 80, "978": [95, 126], "9785550145": 95, "9796746496148376": 34, "979ca3": 66, "97b31dfdc7621e7daef56e339df8fafc43c8ae71be2c79ef311832281dc1810c": 98, "97d2": 76, "97de": 105, "97e2": 38, "97waaaibewaaaa": 41, "98": [42, 105], "98000000": 23, "981": 129, "9813614d": [101, 184], "982": 15, "9823720455": 116, "98237204551697": 116, "982372045517": 116, "9864": 68, "9876": 77, "987654321098765432": 115, "9888736570875306": 71, "9893": [56, 183], "989eq": 151, "98af": 23, "98d8": 23, "99": [23, 34, 71, 76, 103, 115, 116, 147], "9903": 165, "9905": 129, "99185ba4": 97, "993z": 106, "994": 87, "995b": 77, "99791": [56, 183], "998231069301": 150, "998z": 106, "999": 22, "9999": [66, 116], "999999": 66, "99999999": 14, "999c463c": 126, "999e509752141a0ee42ff455529c10fc": 95, "99c3": 38, "99e5ebfa1cbebdd970bb3d841bb645d8bee76c375a637406859e2a8425951177": 108, "99f846f3": 18, "9a": [12, 17, 24, 45, 78, 90, 115, 129, 144], "9a05": 97, "9a4b": 155, "9a7d483f1db2": 107, "9ab6ae14bb10": 101, "9ab8": 105, "9acd32": 90, "9acef57500d9b89f82cc91e2fd336a7d91a9b9b7aba2142926c7ec0200add67837547c1edfad047efe447f2db1882b2d7955f413426997e0adb17b80d8d6436a2bf36050fe9a45dd102316a8fa2a848e9a31ef4e9ff17d17759b199c38a5266578b47b9c0820d9016281a9270996615441438e1aba839683171f085e8b05d3cd492213361fbb27c761184de071bdc67baaaee09a448a3f25829b29ef37d57dcffe10df94faca02e01536f62fcd67285d1e504d56b6a639ef0531a7dcd3ef39fa9e34409a32be16ddcf530b787d0e5739a0e4bc60dc676a50894ee532a10f421acd621f3bded71c427881357ef20b5f8918eaad29e337a11981cfb97533ec3941": 186, "9ae9cd9c": 41, "9aef": 108, "9b07dd735441": 79, "9b09": 23, "9b2b": [101, 102, 184], "9b2d": 23, "9b3e": 126, "9b4630d4b69a2b1381c9e39c66cbfafc4d3a9288": 45, "9b67": 23, "9b71": 105, "9ba82fd36919": 97, "9bd2": 135, "9c4f": 77, "9c6d": 23, "9c84": 146, "9cc7": 105, "9d1969c7": 97, "9d234710c5e5": 80, "9d32e1b": 77, "9d38": 105, "9d55c259": 23, "9d64": 144, "9d86": 23, "9e688968fd94": 23, "9e9f": 23, "9ee3fa9f9907f3c6321a7323aaf0bee5a4aa5eb59652911d3cde20567d90f75": 126, "9ee8fac8927c": 38, "9eef": 23, "9f": [115, 116], "9fc8f81b962541b26d1e0feaf2c1523": 32, "9jf5st900y1h": 106, "9o9yondfpqb8": 110, "9rkgoesfy7wrzmawhqtofjhkygyqwxcwwlx7abwjdcpyo0kaecf8e5t2zvwyr362eanxn0hysjpkray1hlk1": 116, "9t6hycryc0imfyglh8huh6orq0qo6pnmv8gcgw4zdhnhuqms3xwhn5c3mwsxgs5": 110, "A": [4, 8, 9, 11, 12, 14, 15, 17, 18, 19, 23, 24, 26, 28, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 55, 58, 59, 60, 63, 64, 65, 66, 67, 68, 71, 73, 75, 76, 77, 78, 79, 82, 84, 86, 87, 89, 90, 94, 97, 98, 99, 100, 102, 103, 105, 106, 108, 110, 112, 113, 114, 115, 116, 119, 120, 121, 122, 126, 127, 129, 130, 131, 134, 135, 136, 139, 141, 142, 144, 146, 148, 150, 151, 152, 153, 155, 157, 159, 165, 166, 178, 179, 180, 181, 182, 184, 187, 188, 189, 190], "AND": [14, 15, 18, 23, 24, 34, 48, 71, 78, 79, 80, 102, 105, 106, 107, 112, 115, 118, 123, 129, 135, 144, 150, 153, 165, 166], "AS": [14, 26, 42, 102], "AT": 36, "And": [71, 110], "As": [15, 32, 34, 48, 56, 63, 69, 70, 71, 75, 101, 105, 106, 107, 112, 135, 144, 150, 155], "At": [4, 14, 15, 107, 115, 131, 135], "BES": 135, "BY": 102, "Be": [48, 63, 66, 75, 76, 81, 86, 88, 96, 102, 103, 109, 128, 153, 160, 180, 181, 182, 189], "But": [10, 14, 34, 35, 41, 42, 48, 65, 66, 73, 77, 80, 87, 88, 89, 90, 98, 101, 102, 103, 113, 117, 124, 128, 131, 151], "By": [4, 9, 11, 15, 20, 28, 42, 51, 54, 60, 67, 77, 79, 94, 97, 99, 100, 103, 105, 112, 114, 120, 122, 124, 127, 130, 139, 141, 148, 154, 159, 186], "FOR": [118, 180, 186], "For": [3, 4, 6, 8, 26, 29, 32, 33, 37, 44, 47, 67, 72, 94, 100, 117, 118, 119, 120, 132, 133, 137, 141, 143, 158, 163, 168, 171, 175, 176, 177, 178, 179, 180, 181, 182, 188, 189, 190], "IN": [26, 112], "INS": 14, "INTO": 190, "IT": [10, 20, 66, 118, 144], "If": [1, 3, 4, 7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 136, 138, 139, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 159, 160, 165, 166, 174, 176, 177, 178, 179, 180, 181, 182, 187, 188, 189, 190], "In": [3, 4, 10, 12, 13, 14, 17, 20, 23, 24, 25, 29, 32, 33, 34, 35, 36, 37, 41, 42, 45, 46, 47, 48, 56, 58, 63, 65, 66, 68, 69, 70, 73, 75, 76, 77, 78, 79, 80, 81, 84, 86, 87, 88, 89, 90, 96, 98, 99, 100, 101, 102, 103, 105, 106, 107, 110, 112, 113, 115, 116, 118, 119, 120, 122, 124, 126, 127, 128, 129, 131, 132, 134, 139, 140, 142, 144, 146, 150, 151, 153, 155, 164, 176, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "It": [1, 3, 4, 5, 12, 29, 34, 35, 42, 48, 55, 63, 65, 71, 76, 81, 87, 89, 90, 96, 97, 98, 99, 101, 102, 103, 105, 106, 107, 110, 112, 118, 119, 120, 122, 124, 126, 131, 133, 140, 144, 146, 150, 165, 166, 174, 177, 180, 182, 184, 188, 189], "Its": 118, "NOT": [24, 37, 87, 106, 112, 115, 129, 144, 179], "No": [9, 10, 11, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41, 42, 44, 45, 46, 48, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 67, 68, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 92, 93, 94, 95, 96, 97, 98, 99, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 120, 122, 123, 124, 125, 126, 128, 129, 131, 132, 134, 135, 136, 137, 138, 140, 141, 142, 143, 144, 145, 146, 147, 149, 150, 151, 153, 155, 159, 165, 166, 178, 180, 181, 182, 183, 184, 185, 186, 190], "Not": [12, 15, 37, 40, 42, 53, 65, 77, 79, 87, 90, 103, 105, 106, 107, 112, 114, 115, 116, 123, 128, 144, 150, 153, 177, 181], "ON": [75, 144, 180], "OR": [12, 17, 23, 24, 34, 38, 48, 66, 71, 79, 101, 106, 108, 112, 115, 118, 119, 128, 144, 153], "Of": 103, "On": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 119, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 155, 165, 190], "One": [2, 13, 15, 40, 60, 76, 100, 101, 114, 116, 122, 126, 127, 134, 135, 139, 141, 181, 184, 189], "Or": [40, 79, 81, 109, 153, 155], "Such": 14, "TO": [87, 180], "That": [76, 126], "The": [0, 1, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 45, 46, 47, 48, 50, 51, 52, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 127, 128, 129, 130, 131, 134, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 156, 157, 158, 159, 160, 161, 162, 163, 165, 166, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 190], "Then": [3, 8, 13, 32, 36, 43, 46, 63, 66, 76, 82, 96, 102, 111, 144, 190], "There": [9, 11, 14, 15, 19, 23, 28, 37, 42, 48, 51, 52, 57, 59, 60, 67, 68, 69, 70, 77, 78, 80, 85, 90, 94, 99, 100, 106, 110, 114, 116, 118, 119, 122, 126, 127, 130, 131, 134, 139, 141, 146, 148, 153, 157, 159, 177, 181, 189, 190], "These": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 55, 56, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 117, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 141, 142, 144, 145, 146, 150, 151, 152, 153, 155, 161, 165, 176, 178, 179, 180, 181, 184, 189], "Theses": 166, "To": [4, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 38, 40, 41, 42, 43, 44, 45, 46, 48, 50, 51, 52, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 136, 138, 139, 140, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 155, 157, 158, 159, 160, 161, 162, 165, 167, 168, 171, 172, 173, 174, 175, 180, 181, 182, 183, 184, 185, 186, 188, 189, 190], "WITH": 180, "Will": [37, 58], "With": [34, 61, 89, 101, 102, 103, 105, 106, 107, 110, 112, 122, 126, 127, 134, 139, 144, 152, 178, 184], "_": [12, 17, 24, 42, 45, 54, 78, 90, 97, 106, 115, 116, 129, 144, 153, 176, 178, 180], "__c": 112, "__emailmessag": [116, 135], "__future__": 190, "__import__": 29, "__init__": [12, 17, 24, 45, 78, 90, 115, 129, 135, 144, 190], "__main__": [14, 15, 116, 153], "__name__": [14, 15, 116, 153, 190], "__typenam": [102, 150], "_ansible_no_log": 10, "_assigned_d": 20, "_attribut": 95, "_attribute_valu": 95, "_blank": [34, 48, 56, 87, 89, 102, 105, 106, 108, 112, 116, 144, 183], "_broker_id": 75, "_client_id": 75, "_create_templ": 65, "_destination_tenant_guid": 75, "_destination_top": 75, "_grr_search_funct": 190, "_hash": 144, "_id": 38, "_index": 38, "_item": [12, 17, 24, 45, 78, 90, 115, 129, 144], "_kei": 128, "_link": [20, 45], "_message_id": 75, "_other_field": 75, "_payload": 75, "_raw_param": 10, "_request": 75, "_request_message_id": 75, "_resili": 67, "_score": 38, "_service_id": 75, "_sourc": 38, "_source_broker_id": 75, "_source_client_id": 75, "_source_tenant_guid": 75, "_summary_": 42, "_t": 107, "_update_templ": 65, "_uses_shel": 10, "_valu": 131, "_version": 75, "a0": 23, "a00728ff": 76, "a00f861a": 95, "a06053fbd98a": 23, "a069": 97, "a0d5": [105, 107], "a1": [68, 116], "a123": [26, 99], "a1234567a1ab12345a5308c05fac0abc": 186, "a124": 18, "a12ab1abc1ab123c12abc1ab1a12a1a12345a1a1": 142, "a12ab1abc1ab123c12abc1ab1a12a1a12345a1a2": 142, "a142f062": 103, "a14cb453f735": 77, "a17f": 63, "a1abc12345678b716d2a7d61b51c6d5764ab1234": 142, "a1abc123456c7a1234567890d6b12a1": 142, "a1b2c3d4597": 140, "a1b2c3d4e5f6": 18, "a1d2": 116, "a259": 23, "a2875ba": 77, "a296": 105, "a29d": 98, "a2a8": 126, "a2b5": 23, "a2dbb074cb64": 95, "a397": 116, "a39d": 105, "a3ff": 77, "a4": 68, "a4066fa7f2fa3b28d9f6ad4fc556d77074d0800a": 45, "a422": 71, "a44a": 79, "a47778e8373dc356e9726f2ebe9b210455a32e76b6fd893a8b691bd99436509c": 186, "a49d": 123, "a4b7e24a": [77, 78], "a4bd": [101, 184], "a4fa638ab155": 38, "a4t": 121, "a5": 121, "a51eb932122b9f71062e9ed8705f35f0": 190, "a55f": 105, "a574": 105, "a5cd": 102, "a5f818c5": 105, "a6": 116, "a62cab990d8648b6a9047787e030fa7": 131, "a656": 18, "a6a5": 115, "a6c2": 23, "a736": 126, "a776161a9ff8": 97, "a7a7": 182, "a7b6": 150, "a7c8cfb0b6ba": 80, "a7db": 105, "a80d": 79, "a849": 97, "a863": 77, "a8a8afd5c67": 79, "a8f1": 105, "a8pqqpskl7vgrx8vheovs7toybctxbwcmcxtfdjmnhfsmzzzwoy4frkyqlychfdr0muotntpjpb": 97, "a942d8eb": 116, "a9563": 151, "a96b": 23, "a98a0f97": 23, "a9a09646": 146, "a9b4b7160946c25d24b6aa458ef5557f": 116, "a9c6": 97, "a9e3": 9, "a_url": 90, "aa": [90, 123, 135], "aa08": 18, "aa0d": 58, "aa123abc12abcd95cd3d9cd0e24614f123456a12": 186, "aa123abc12abcd95cd3d9cd0e24614f123456a13": 186, "aa123abc12abcd95cd3d9cd0e24614f123456a22": 186, "aa419": [12, 71], "aa916f54d4e2bdf424a8e36a5fa2252770cbcbf3": 45, "aaa": [42, 79, 123, 145], "aaa7": 79, "aaa_auth_error": 42, "aaa_brute_forc": 42, "aaaa": [18, 77, 80, 116, 142, 145, 189], "aaaaaaa": 23, "aaaaaaaa": [18, 23], "aaaaaaaaaa": 106, "aaaaaaaaaaaaa": 106, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa": 23, "aaaae": 77, "aaae": 102, "aad": 79, "aaddeviceid": 77, "aadtenantid": 77, "aadus": 131, "aaduserid": [77, 78], "aamkagvhzgflndvhlti0mdatnge1ni05zjk3ltaxnzllyjfindazywbgaaaaaadg92sqc8zpqj1gsk2sch2nbwdi5xky9khuq48uewaxv": 41, "aaqkagvhzgflndvhlti0mdatnge1ni05zjk3ltaxnzllyjfindazywaqalxvooc96jzpnurwrwacvyg": 41, "ab": 155, "ab06": 131, "ab1234b123456e7bd0cb4d9049298eb7d18fef66d950e8ab78bcd3f484345ce74536c19a85d0ba3d32dc9e7d1878cd4d341254e7ad129255c6983e6e154c4530a0daaf665ea325fc0206f8b1d7e0b6b7ab9abc71abcd4a12345678abcd123456": 95, "ab12a": 155, "ab250219d796": 23, "ab29bea5333c488694b9533e65858bf2": 116, "ab2ef34gh56ijklm012n3abc41ab2ef34gh56ijklm012n3abc4": 42, "ab2ef34gh56ijklm012n3abc41ab2ef34gh56ijklm4": 42, "ab66": 102, "ab89": 79, "ab9b": 150, "aba": 106, "abac": 48, "abc": [12, 17, 24, 45, 77, 78, 90, 115, 123, 129, 144, 153], "abc8": [87, 155], "abcd": [18, 98], "abcd1234": [16, 26, 87, 99, 146], "abcd1efghi2jk3l4mnop": 14, "abcde5abcabc2maqxcvdhvegowkt1abcd": 155, "abcdef": [87, 155], "abcdefg": [15, 23, 150], "abcdefg1": 150, "abcdefg1234": 23, "abcdefg12345": 15, "abcdefg1234567": [23, 87], "abcdefg123457": 23, "abcdefg2": 150, "abcdefg3": 150, "abcdefgh": [14, 15, 18, 90], "abcdefghi01234567": 23, "abcdefghij0k": 153, "abcedefg": 150, "abcpassword": 66, "abcxyzabc": 30, "abe1": 98, "abil": [15, 20, 24, 32, 40, 58, 65, 66, 69, 70, 75, 76, 79, 86, 87, 88, 96, 108, 110, 114, 118, 123, 128, 130, 131, 146, 151, 177, 180, 182, 189], "abl": [14, 15, 20, 79, 109, 110, 124], "abnormal_s3_upload": 42, "abnormal_user_cr": 42, "abnormally_large_database_respons": 42, "abort": [16, 73, 179], "abort_scan_result": 115, "about": [15, 16, 23, 26, 28, 34, 45, 48, 63, 66, 77, 78, 81, 84, 86, 87, 88, 89, 90, 97, 98, 101, 102, 103, 105, 106, 107, 110, 112, 113, 114, 116, 126, 128, 131, 132, 140, 144, 147, 151, 152, 153, 154, 158, 173, 175, 179, 180, 182, 186, 188], "aboutm": 112, "abov": [3, 4, 7, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 32, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 119, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 155, 160, 165, 181, 183, 184, 185, 186, 188, 189, 190], "abs7350fc": 131, "absenc": 145, "absent": 189, "absolut": [70, 97, 133, 181], "absolute_resilience_devic": 96, "absolute_resilience_is_serial_numb": 96, "absolute_resilience_list_devices_by_local_ip": 97, "absolute_resilience_local_ip": 97, "absolute_resilience_ord": 97, "absolute_resilience_order_by_valu": 97, "absolute_resilience_skip": 97, "absolute_resilience_top": 97, "abstract": 18, "absupd": 98, "abus": [7, 12, 101, 139, 165, 186], "abusecomplaint": 186, "abuseconfidencescor": 7, "abuseipdb": [126, 154], "abuseipdb_artifact_typ": 7, "abuseipdb_artifact_valu": 7, "abuseipdb_check_ip_address_blocklist": 7, "abuseipdb_ct": 167, "abuseipdb_kei": [7, 167], "abuseipdb_range_of_dai": 7, "abuseipdb_threat_fe": 167, "abuseipdb_url": [7, 167], "abusix": [142, 186], "abw": 135, "ac1f": 101, "ac38af87": 80, "ac9f": 131, "aca5": 34, "acb2": 73, "acc5c44e941d": 97, "acceler": [101, 106], "accept": [34, 41, 64, 75, 84, 85, 90, 95, 97, 105, 110, 119, 131, 145, 155, 181, 185, 188], "access": [1, 4, 8, 11, 16, 17, 18, 19, 20, 22, 23, 24, 30, 32, 33, 34, 35, 36, 37, 40, 41, 42, 45, 48, 54, 58, 61, 63, 67, 68, 70, 72, 73, 74, 76, 77, 78, 79, 80, 81, 83, 84, 86, 87, 88, 94, 95, 96, 97, 98, 99, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 118, 119, 120, 123, 124, 126, 128, 129, 131, 132, 135, 137, 144, 146, 148, 150, 154, 155, 166, 178, 180, 181, 182, 184, 186, 188, 190], "access_kei": 15, "access_key_id": [14, 15], "access_key_id_list": 15, "access_token": [63, 87, 146], "access_token_secret": 63, "accesscod": 146, "accesskei": 14, "accesskeydetail": 14, "accesskeyid": [14, 15], "accessmod": 20, "accesss": 34, "accident": 146, "accommod": [71, 110, 117, 165], "accompani": [4, 72], "accord": [4, 20, 86, 91, 97, 101, 109, 126, 128, 146, 186], "accordingli": [4, 180, 183], "account": [1, 4, 7, 8, 10, 12, 14, 15, 16, 17, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 56, 57, 58, 59, 62, 63, 64, 65, 66, 68, 70, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 113, 114, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 138, 139, 142, 144, 145, 146, 149, 150, 151, 152, 153, 155, 160, 161, 164, 165, 166, 167, 180, 181, 183, 184, 187, 188, 189], "account_delet": 18, "account_deleted_account": 18, "account_detail": 112, "account_id": [14, 18, 115], "account_info": 18, "account_nam": 18, "account_name_account": 18, "account_name_credenti": 18, "account_name_runbook": 18, "account_name_schedul": 18, "account_name_statist": 18, "account_query_d": 18, "account_result": 18, "account_takeov": 135, "account_upd": 18, "accountexpir": 66, "accountid": [14, 63, 112, 115], "accountnam": [77, 78, 79, 115], "accountnumb": 112, "accountsourc": 112, "accounttyp": 63, "accredit": 186, "acct": [48, 180, 181], "accumul": 118, "accur": [50, 114], "accuraci": 186, "acheiv": 48, "achiev": 110, "achren": 71, "ack": 179, "acknowledg": [20, 42, 89, 114, 116, 136, 161, 186, 190], "acknowledge_inc_output": 34, "acknowledge_md_output": 34, "acknowledgement_timeout": 89, "acltyp": 129, "acord": 190, "acquir": [41, 47, 55, 84], "acqur": 78, "acroform": 90, "acroni": [142, 186], "across": [42, 52, 68, 78, 79, 85, 97, 115, 116], "act": [111, 131, 141], "act_field_guardium_insights_fetch_s": 54, "act_field_guardium_insights_from_d": 54, "act_field_guardium_insights_to_d": 54, "action": [8, 10, 20, 24, 29, 34, 35, 36, 38, 40, 41, 42, 45, 46, 48, 54, 55, 58, 59, 63, 65, 66, 72, 73, 76, 77, 80, 87, 88, 89, 90, 91, 97, 98, 102, 103, 105, 107, 108, 113, 115, 116, 117, 118, 119, 120, 124, 126, 128, 131, 140, 142, 151, 153, 161, 162, 163, 164, 179, 181, 182, 184, 188, 189, 190], "action_api": 14, "action_file_cr": 144, "action_id": 19, "action_msg": 77, "action_service_nam": 14, "action_taken": 42, "action_typ": 14, "actionafterreboot": 18, "actionid": 68, "actions_compon": 29, "actionstatu": 68, "actiontyp": 14, "activ": [2, 8, 10, 12, 14, 15, 17, 21, 29, 30, 31, 33, 34, 35, 36, 41, 42, 48, 50, 59, 63, 65, 66, 67, 68, 71, 73, 76, 77, 79, 80, 81, 84, 87, 88, 89, 90, 95, 97, 98, 99, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 120, 124, 128, 129, 131, 134, 135, 136, 140, 141, 142, 144, 146, 148, 150, 151, 153, 155, 158, 164, 165, 166, 181, 184, 188], "activation_cod": 144, "activation_code_expiry_tim": 144, "activation_condit": 97, "activation_typ": 97, "active__c": 112, "active_from": 42, "active_util": 42, "activedirectori": [107, 115], "activethreat": 115, "activetim": 34, "activity_field_given": 81, "activity_nam": 18, "activityd": 112, "activitygroupnam": 78, "activityid": 34, "activitykind": 123, "activitylog": 73, "activitymap_id": 42, "activityst": 107, "actor": [9, 54, 98, 148], "actor_caller_typ": 14, "actornam": 77, "actors_list": 98, "actual": [20, 26, 90, 110, 158, 180], "actualavailableallocationunit": 53, "ad": [7, 8, 9, 10, 11, 12, 14, 15, 17, 18, 19, 20, 23, 24, 25, 26, 32, 33, 34, 35, 38, 40, 41, 42, 45, 46, 48, 51, 54, 55, 56, 57, 58, 59, 60, 63, 64, 65, 66, 68, 69, 71, 72, 73, 74, 75, 76, 78, 79, 80, 81, 84, 86, 87, 88, 89, 90, 91, 96, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 118, 119, 122, 123, 124, 126, 127, 128, 129, 131, 132, 135, 139, 140, 142, 144, 146, 147, 148, 150, 151, 152, 153, 159, 165, 166, 172, 174, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 189], "ad1": 185, "ad18": 105, "ad2": 185, "ad22": 108, "ad3": 185, "ad8176b49d94a51aec11e0b5f0dc3257e60f288540315d72e21477a0c73a192d": 98, "ad_group_id": 144, "ad_hoc": 84, "ada7": 102, "adada": 152, "adam": [56, 183], "adamtheautom": 90, "adapt": [17, 24, 69, 116, 117, 119], "adapter_list_length": 17, "adaptivenetworkcontrolsresourceblad": 78, "adaptivenetworkharden": 78, "adb2": 78, "adb5d27282c0": 97, "adb9": 102, "adblock": 185, "adc": [42, 116], "add": [0, 1, 4, 7, 9, 12, 13, 14, 16, 17, 18, 20, 23, 25, 29, 31, 32, 33, 36, 37, 38, 40, 41, 45, 48, 49, 50, 52, 53, 56, 58, 59, 61, 62, 63, 65, 68, 76, 77, 78, 80, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 94, 95, 97, 98, 99, 100, 101, 102, 104, 105, 107, 108, 109, 113, 114, 115, 119, 122, 124, 126, 129, 130, 131, 132, 134, 135, 136, 137, 140, 141, 142, 143, 144, 146, 147, 150, 151, 155, 160, 161, 164, 165, 166, 177, 178, 179, 180, 181, 182, 187, 188, 189], "add_artifact": [14, 116, 135], "add_artifact_from_email": 116, "add_artifact_result": 24, "add_attach": 118, "add_attachments_result": 106, "add_detection_note_result": 42, "add_email_convers": [135, 189], "add_groups_result": 66, "add_incident_not": 135, "add_info_to_cas": 135, "add_intel_item": 128, "add_members_from": 131, "add_members_incid": 131, "add_node_to_dt": 105, "add_perm_set": 73, "add_printer_driv": 42, "add_response_as_hit": 71, "add_result": 66, "add_results_not": 68, "add_row": 68, "add_row_to_campaign_object_dt": 98, "add_row_to_pipl_datat": 95, "add_separ": [12, 17, 24, 45, 78, 90, 115, 129, 144], "add_si": 73, "add_soar_id_as_security_mark": 48, "add_tags_output": 34, "add_task": 101, "add_to_q": 72, "add_to_row": 18, "add_us": 73, "addal10": 107, "addartifact": [14, 23, 34, 40, 41, 42, 58, 68, 77, 78, 79, 84, 90, 95, 98, 101, 102, 106, 107, 116, 126, 135, 138, 142, 144, 150, 186, 189], "addcustomdata_002": 17, "added_group": 15, "added_polici": 15, "added_tag": 34, "addedd": [56, 183], "addemailattach": 135, "addhit": [7, 50, 71, 91, 121, 152, 165, 183, 185, 186], "addit": [1, 3, 4, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 69, 70, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 136, 139, 140, 141, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 154, 155, 159, 162, 165, 166, 179, 181, 184, 188, 189], "addition": [21, 37, 40, 84, 110, 126, 151, 179, 180], "additional_com": 118, "additional_data": [20, 109], "additional_memb": 131, "additionaldata": 79, "additionalinfo": [14, 77], "additionalproperti": 123, "additon": 146, "addl": 188, "addnot": [7, 8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 32, 33, 34, 35, 37, 38, 40, 42, 45, 46, 48, 49, 50, 52, 53, 54, 58, 59, 61, 62, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 83, 84, 85, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 109, 112, 113, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 135, 136, 137, 138, 142, 143, 144, 145, 146, 147, 149, 150, 151, 152, 153, 183, 186, 190], "addon": 89, "addproperti": [12, 15, 17, 24, 42, 45, 78, 90, 106, 115, 116, 129, 140, 144, 153, 187], "addr": [49, 59, 77, 101, 126, 184], "addreject": 87, "addrespons": 66, "address": [1, 7, 8, 9, 12, 13, 14, 17, 19, 21, 22, 23, 24, 26, 30, 32, 34, 36, 40, 41, 42, 44, 45, 48, 51, 53, 54, 55, 56, 59, 61, 64, 65, 66, 68, 71, 73, 75, 77, 78, 79, 80, 82, 84, 87, 89, 90, 91, 94, 95, 99, 101, 102, 103, 104, 105, 107, 110, 112, 114, 116, 118, 120, 122, 123, 126, 127, 128, 129, 131, 132, 133, 135, 142, 144, 146, 147, 148, 153, 155, 160, 165, 172, 180, 183, 184, 186, 190], "address_group": 88, "address_md5": 95, "addrow": [14, 15, 17, 18, 19, 23, 24, 32, 33, 34, 36, 37, 40, 42, 58, 66, 68, 73, 76, 77, 79, 81, 86, 87, 95, 97, 98, 101, 102, 103, 105, 106, 107, 113, 116, 123, 128, 135, 136, 144, 150, 153, 184, 190], "addtask": [81, 101], "addtoreferencedata": 102, "addtoreferenceset": 102, "addtrust": 87, "adhocurl": [56, 183], "adiminstr": [122, 127, 139], "adjust": [28, 123, 140], "admin": [9, 34, 35, 40, 41, 42, 45, 58, 73, 75, 79, 80, 84, 88, 90, 98, 101, 102, 103, 106, 110, 115, 119, 120, 126, 128, 131, 135, 146, 151, 152, 153, 155, 158, 164, 186, 189, 190], "admin_id": [59, 126], "admin_password": 190, "administ": 123, "administr": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 28, 29, 30, 31, 34, 35, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 99, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 138, 140, 142, 143, 144, 145, 146, 149, 150, 151, 152, 153, 161, 165, 166, 178, 181, 183, 184, 185, 186, 187, 188, 189, 190], "administratoraccess": 15, "administratorcount": 116, "adminsoarm": 131, "adminstr": 159, "adminus": 106, "adminuslab": [142, 186], "adob": 42, "adobe_malware_classifi": 121, "adopt": 95, "adserv": 158, "adservic": 185, "advanc": [1, 18, 29, 42, 69, 70, 81, 95, 98, 146], "advanced_schedul": 18, "advancedschedul": 18, "advantag": [20, 48, 52], "adversari": 81, "advertis": 186, "advis": [37, 56, 79, 102, 129, 183], "advisor": [18, 97, 154], "advisori": 105, "adw": [42, 107], "adwar": [9, 36, 151], "ae": [14, 110], "ae2861b242686e7bd0cb4d9049298eb5d18fef66d950e8ab78bcd3f484345ce74536c19a85d0ba3d32dc9e7d1878cd4d341254e7ad12c25596cc3e7f51186468fd84b26f5ea234ef1546e7f5cdf7f7f5ba84b228f4a349812f8c57a1de7b6388b6": 95, "ae2861b242686e7bd0cb4d9049298eb7d18fef66d950e8ab78bcd3f484345ce74536c19a85d0ba3d32dc9e7d1878cd4d341254e7ad129255c6983e6e154c4530a0daaf665ea325fc0206f8b1d7e0b6b7ad9ebf71afac4c88709957ecdd78608b": 95, "ae3aa3d9307f": 123, "ae69": 79, "ae6c": 32, "ae7b": 77, "ae973ab4": [77, 78], "aeb7": 18, "aebab623": 79, "aec0": 150, "aec6": 58, "aed0": 107, "aes_128_gcm": 185, "aexampl": 87, "af": 145, "af217af0": 105, "af2b": 18, "af36": 77, "af3c39a10a320801000000dbf200c60a": 116, "af52828c": 150, "af73d9d5": 23, "af8b16cd": 66, "afd6c37d": 105, "aff4": 53, "affect": [42, 48, 113, 115, 116, 150], "affected_project": 150, "affectedresourc": 14, "affili": 105, "affiliation_st": 105, "afg": 135, "afghanistan": 135, "aforement": 131, "africa": 135, "african": 135, "afrikaan": 145, "after": [8, 12, 17, 24, 32, 34, 37, 40, 41, 42, 45, 46, 55, 58, 63, 67, 68, 72, 73, 78, 84, 86, 87, 89, 90, 96, 99, 103, 104, 105, 106, 111, 112, 115, 116, 117, 118, 120, 129, 132, 133, 134, 136, 140, 144, 146, 155, 157, 160, 166, 177, 187, 189, 190], "afterward": [102, 189], "ag": [10, 12, 53, 185, 190], "again": [35, 41, 48, 55, 81, 84, 109, 113, 143, 144, 153, 166, 190], "against": [10, 12, 34, 35, 37, 42, 61, 66, 71, 77, 79, 84, 86, 91, 93, 98, 104, 105, 112, 113, 116, 132, 135, 147, 149, 151, 153, 161, 164, 177, 189], "agenda": [30, 31, 146], "agent": [20, 23, 38, 42, 53, 102, 107, 110, 116, 121, 128, 135, 166, 171, 185, 190], "agent_act": 23, "agent_data": 190, "agent_id": [115, 190], "agent_load_flag": 32, "agent_local_tim": 32, "agent_nil_st": 23, "agent_polici": 115, "agent_support": 23, "agent_vers": 32, "agentcomputernam": 115, "agentdecommissionedat": 115, "agentdetectioninfo": 115, "agentdetectionst": 115, "agentdomain": 115, "agentguid": [73, 76], "agentid": [79, 115, 116], "agentinfect": 115, "agentinfo": 53, "agentipv4": 115, "agentipv6": 115, "agentisact": 115, "agentisdecommiss": 115, "agentlastloggedinusernam": 115, "agentmachinetyp": 115, "agentmitigationmod": 115, "agentnetworkstatu": 115, "agentosnam": 115, "agentosrevis": 115, "agentostyp": 115, "agentrealtimeinfo": 115, "agentregisteredat": 115, "agentregistrationinform": 18, "agentsvc": 18, "agenttimestamp": 116, "agenttyp": 116, "agentusn": 116, "agentuuid": 115, "agentvers": [73, 77, 107, 115, 116], "aggi8ni7jmr52asax0bbsax0bb0en3": 20, "aggreg": [14, 98, 102, 106], "aggregate_flag": 98, "aggregated_cvss": 102, "aggregateprogress": 63, "aggregatetimeestim": 63, "aggregatetimeoriginalestim": 63, "aggregatetimesp": 63, "ago": [135, 157], "agoddard": 98, "agre": [148, 186, 190], "agreement": 10, "ahead": 98, "ahnlab": 121, "ai": [34, 42, 115, 142, 146, 154, 186], "aia": 135, "aiagroup": 34, "aiaincidentev": 34, "aianalyst": 34, "aianalystdata": 34, "aiascor": 34, "aicc": [142, 186], "aid": 6, "aida4eqbbg2ylag6dd5j3": 14, "aim": [71, 80], "air": 1, "airmauritiu": 98, "airport": 116, "aiza": 44, "ak_id": 15, "ak_stat": 15, "akam": 147, "akamai": 71, "akia4eqbbg2yczi44f7r": 14, "al32utf8": 180, "ala": 135, "alb": 135, "albania": 135, "albanian": 145, "alberta_health_risk_assess": [59, 126], "alert": [34, 36, 42, 56, 89, 90, 97, 105, 112, 116, 123, 183], "alert_categori": 144, "alert_classif": 135, "alert_compromised_ent": 79, "alert_confidence_level": 79, "alert_count": 89, "alert_cr": [89, 144], "alert_d": 79, "alert_data": 106, "alert_datatable_upd": 135, "alert_descript": [77, 79], "alert_group": 89, "alert_grouping_paramet": 89, "alert_grouping_timeout": 89, "alert_id": [77, 79, 144], "alert_link": 77, "alert_list": 106, "alert_nam": 79, "alert_notes_pres": 144, "alert_queri": 78, "alert_remediation_step": 79, "alert_row": [106, 135], "alert_rrn": 106, "alert_sever": 79, "alert_sourc": 106, "alert_statu": 79, "alert_tact": 79, "alert_time_rang": 78, "alert_time_range_sec": 78, "alert_typ": [79, 106, 144], "alert_type_descript": 106, "alert_url": [79, 107, 144], "alert_url_urlencod": 144, "alertblad": [78, 79], "alertcreationtim": 77, "alertdeeplink": [78, 79], "alertdetect": 78, "alertdisplaynam": 79, "alertgroupidentifi": 123, "alertid": [77, 78, 79, 107], "alertidentifi": 123, "alertlink": 79, "alertmessageenqueuetim": 79, "alertnam": 123, "alertproductnam": 79, "alertrul": 79, "alerts_result": 79, "alertscount": 79, "alerttyp": 79, "alexa": [142, 165], "alexa_1m": 71, "alexand": 95, "alg": 107, "algeria": 135, "algorithm": [42, 69, 110, 142, 166, 186], "alia": [42, 112], "alias": [55, 81], "alien_search_typ": 8, "alien_search_valu": 8, "alien_sect": 8, "alien_vault_search_section_ip": 8, "alienvault": [142, 154, 186], "alienvault_search_typ": 8, "alienvault_search_valu": 8, "alienvault_sect": 8, "align": [87, 90, 117], "all": [3, 4, 9, 10, 11, 12, 15, 17, 18, 20, 21, 22, 23, 24, 28, 29, 31, 32, 33, 34, 38, 40, 41, 42, 43, 44, 45, 46, 48, 53, 54, 58, 59, 60, 65, 66, 67, 68, 69, 71, 72, 74, 75, 76, 77, 78, 79, 80, 83, 84, 85, 87, 89, 90, 91, 96, 97, 98, 101, 102, 105, 106, 107, 108, 110, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 129, 131, 132, 135, 136, 137, 139, 140, 142, 143, 144, 146, 148, 150, 151, 152, 153, 155, 157, 161, 165, 166, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 188, 190], "all_incid": [14, 42], "all_incidents_field": 42, "all_tag": 34, "alleg": 183, "allen": 14, "alloc": 87, "allocateaddress": 14, "allow": [0, 4, 8, 10, 13, 14, 15, 17, 18, 19, 20, 22, 23, 24, 28, 30, 32, 33, 35, 37, 38, 41, 42, 48, 52, 53, 55, 56, 59, 63, 64, 65, 66, 67, 68, 71, 73, 74, 77, 78, 79, 80, 82, 84, 85, 86, 87, 88, 90, 98, 102, 103, 104, 105, 108, 110, 112, 113, 114, 115, 116, 117, 118, 120, 123, 126, 128, 129, 131, 134, 144, 145, 146, 151, 153, 155, 159, 160, 176, 177, 178, 179, 180, 181, 182, 186, 188, 189], "allow_ad_hoc_execut": 84, "allow_codetag": [118, 120], "allow_fork": 45, "allow_legacy_authorization_en": 48, "allow_open_ssh_port": 48, "allowal": 146, "allowanyusertobecohost": 146, "allowauthenticateddevic": 146, "allowed_ip": 73, "allowed_status_cod": 110, "allowedip": 73, "allowfirstusertobecohost": 146, "allowjoin": 146, "allowlist_url": 153, "allowmoduleoverwrit": 18, "allownewtimepropos": 41, "allowremoteshel": 115, "almost": [4, 56, 150, 177, 183], "aln": 103, "along": [1, 10, 14, 21, 24, 35, 41, 42, 65, 66, 73, 76, 77, 80, 87, 88, 89, 90, 98, 102, 103, 108, 110, 113, 117, 118, 119, 124, 128, 131, 134, 142, 151, 189], "alongsid": [110, 183], "alphamountain": [142, 186], "alphanumber": 96, "alphanumer": 102, "alphasoc": [142, 186], "alreadi": [9, 10, 11, 15, 20, 21, 28, 29, 34, 36, 37, 44, 54, 60, 73, 80, 87, 88, 108, 110, 112, 113, 114, 116, 120, 123, 129, 135, 140, 143, 146, 148, 166, 176, 178, 179, 180, 182, 189, 190], "also": [1, 4, 9, 10, 11, 12, 14, 15, 17, 18, 19, 20, 23, 24, 26, 28, 32, 34, 35, 37, 40, 41, 42, 43, 48, 51, 55, 56, 60, 63, 65, 66, 67, 69, 71, 78, 79, 80, 81, 85, 87, 88, 90, 94, 95, 97, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 114, 115, 116, 118, 120, 122, 123, 125, 127, 129, 130, 131, 134, 135, 139, 141, 143, 144, 146, 148, 150, 153, 154, 159, 176, 177, 178, 179, 180, 181, 182, 183, 184, 188, 189, 190], "alt": [101, 184, 185], "alt1": 12, "alt2": 12, "alt3": 12, "alt4": 12, "alter": [4, 37, 42, 55, 76, 180, 188, 189], "altern": [29, 35, 37, 42, 57, 78, 87, 110, 115, 136, 155, 156], "although": [85, 94, 110, 112], "alto": 154, "alwai": [85, 110, 117, 118, 146, 164, 190], "am": [9, 42, 116, 185], "am_descript": 42, "am_id": 42, "amazon": [14, 15, 89, 102, 150], "amazonaw": [1, 14, 15, 150], "amazonroute53readonlyaccess": 15, "amber": 9, "amd": 115, "amd64": [53, 58], "amer": 89, "america": [12, 31, 63, 89, 107, 112, 113], "american": [95, 135, 148], "american_indian": 95, "amhgor1zpif2": 97, "among": [178, 182], "amount": [18, 42, 63, 72, 102, 134, 143, 166], "amp4ep": 23, "amp_act": 23, "amp_application_sha256": 23, "amp_artifact_type_act": 23, "amp_artifact_type_ev": 23, "amp_artifact_type_trajectori": 23, "amp_com": 23, "amp_comput": 23, "amp_computer_isol": 23, "amp_computer_trajectori": 23, "amp_conn_guid": 23, "amp_detection_sha256": 23, "amp_ev": 23, "amp_event_typ": 23, "amp_external_ip": 23, "amp_file_descript": 23, "amp_file_list_fil": 23, "amp_file_list_guid": 23, "amp_file_sha256": 23, "amp_group": 23, "amp_group_guid": 23, "amp_group_nam": 23, "amp_hostnam": 23, "amp_internal_ip": 23, "amp_limit": 23, "amp_offset": 23, "amp_q": 23, "amp_scd_file_list": 23, "amp_scd_nam": 23, "amp_sever": 23, "amp_start_d": 23, "ampersand": 41, "amqp": 58, "ams_": 42, "ams_descript": 42, "ams_id": 42, "ams_nam": 42, "amsterdam": 20, "amzn": 110, "an": [0, 1, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 34, 35, 38, 40, 41, 42, 44, 45, 47, 48, 50, 51, 52, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 127, 128, 129, 130, 131, 132, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 158, 159, 160, 161, 165, 166, 167, 170, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "an_ip": 90, "anaconda": 83, "analys": [140, 180], "analysi": [8, 39, 42, 51, 61, 62, 71, 72, 80, 95, 97, 118, 119, 133, 140, 142, 143, 153, 154, 180, 186], "analysis_id": 143, "analysis_job_start": 143, "analysis_level": 42, "analysis_link": 143, "analysis_report_id": 64, "analysis_report_nam": 64, "analysis_report_statu": 143, "analysis_report_url": 64, "analysis_sever": 143, "analysis_statu": [64, 143], "analysis_tim": [101, 184], "analysis_vti_scor": 143, "analysis_webif_url": 143, "analyst": [22, 24, 34, 56, 78, 81, 101, 102, 115, 120, 159, 183], "analystverdict": [71, 115], "analystverdictdescript": 115, "analyt": [38, 106, 114], "analytics_poll_tim": 54, "analyz": [37, 39, 62, 64, 72, 81, 98, 99, 101, 114, 126, 133, 135, 153, 154, 180, 184, 185], "analyzer_report_statu": 143, "anchor": [12, 17, 24, 45, 78, 90, 115, 129, 144], "andorra": 135, "android": [64, 68, 77], "androiddeviceid": 68, "angel": 142, "angola": 135, "anguilla": 135, "ani": [2, 8, 9, 10, 14, 15, 17, 19, 20, 21, 23, 24, 28, 32, 36, 40, 42, 48, 52, 55, 56, 58, 60, 61, 63, 66, 70, 71, 76, 77, 78, 80, 81, 84, 85, 86, 87, 88, 90, 92, 97, 100, 101, 102, 103, 105, 106, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 120, 122, 124, 126, 127, 128, 135, 139, 140, 141, 143, 146, 150, 152, 153, 155, 160, 162, 163, 166, 177, 179, 180, 181, 184, 186, 187, 188, 189, 190], "ann": 95, "announc": [37, 40], "annualrevenu": 112, "anomal": [14, 107], "anomali": [14, 54, 55, 154], "anomalousapi": 14, "anomalousbehavior": 14, "anonym": [42, 66, 90], "anonymous_ftp": 42, "anorc": 112, "anoth": [34, 35, 37, 40, 41, 48, 57, 65, 66, 79, 103, 105, 106, 107, 112, 126, 144, 177, 180, 181], "another_script": 84, "another_templ": 87, "ansibl": 154, "ansible_host": 10, "ansible_modul": 10, "ansible_module_argu": 10, "ansible_paramet": 10, "ansible_playbook_nam": 10, "ansible_playbook_vari": 10, "antarctica": 135, "anti": 116, "anti_viru": 121, "antigena": 34, "antigua": 135, "antii": [142, 186], "antiip_spoof": 116, "antimac_spoof": 116, "antimalwar": [107, 116], "antisoci": 12, "antispam": 90, "antiviru": 77, "any_platform": 50, "anymor": 190, "anyon": 131, "anyth": [7, 23, 84, 101, 110, 119, 177], "anytim": 29, "anywher": 161, "ap": [34, 106], "apach": [42, 105], "apache_http_server_path_travers": 42, "apache_struts2_exploit_attempt": 42, "apart": [95, 131], "apcu": 121, "apg": 15, "api": [2, 4, 7, 8, 9, 10, 11, 13, 16, 21, 25, 26, 27, 28, 30, 31, 33, 38, 44, 45, 46, 49, 50, 51, 52, 55, 56, 57, 59, 61, 62, 64, 65, 70, 71, 74, 75, 78, 80, 82, 83, 84, 85, 89, 90, 91, 92, 93, 94, 96, 99, 100, 104, 112, 114, 117, 121, 122, 125, 126, 127, 129, 132, 134, 138, 139, 140, 142, 143, 145, 146, 149, 151, 152, 154, 156, 160, 164, 167, 168, 169, 172, 174, 177, 181, 182, 185, 186, 189, 190], "api_access_nam": 34, "api_cal": 33, "api_call_typ": 33, "api_call_type_text": 33, "api_cli": 190, "api_document": 98, "api_endpoint": 190, "api_id": 144, "api_kei": [17, 34, 44, 51, 71, 88, 99, 106, 107, 123, 137, 181], "api_key_id": 181, "api_key_secret": 181, "api_nam": 180, "api_request_id": 135, "api_secret": [17, 34, 71, 79, 107, 137, 144], "api_token": [13, 23, 25, 26, 45, 82, 89, 102, 103, 105, 110, 115, 124, 135, 142], "api_url": [77, 150], "api_vers": [17, 23, 79, 88, 101, 105, 106, 107, 112, 115, 129, 135], "api_void_artifact_typ": 12, "api_void_artifact_valu": 12, "api_void_request_typ": 12, "apibl": 127, "apidoc": [65, 116], "apikei": [56, 97, 107, 108, 126, 152], "apikey_valu": 152, "apislaexpir": 123, "apistageslaexpir": 123, "apiv4": 71, "apivoid": 154, "apivoid_api_kei": 12, "apivoid_base_url": 12, "apivoid_sub_url": 12, "aponoff": 116, "app": [0, 6, 8, 13, 22, 26, 33, 41, 51, 55, 67, 69, 70, 72, 81, 82, 85, 94, 99, 100, 104, 111, 117, 119, 126, 130, 132, 133, 141, 157, 158, 159, 164, 167, 170, 171, 172, 173, 174, 179, 183, 185, 186, 188, 189], "app_app_id_attr": 68, "app_attr": 68, "app_config": [34, 42, 48, 63, 89, 105, 106, 112, 144, 150], "app_dt": 68, "app_fn_components_exe_fn_compon": 29, "app_id": [68, 101], "app_instal": 97, "app_logo": 4, "app_nam": [4, 68, 155], "app_search": 38, "app_secret": [77, 79], "app_vers": 68, "app_version_attr": 68, "apparent_encod": 110, "appbuild": 108, "appcompliancest": 68, "appdata": 152, "appdatas": 68, "appear": [9, 20, 21, 58, 115, 119, 120, 124, 127, 131, 135, 174, 181, 183, 189], "append": [9, 12, 15, 16, 17, 24, 35, 37, 45, 52, 58, 59, 63, 71, 77, 78, 79, 80, 81, 88, 90, 96, 97, 101, 107, 112, 113, 115, 116, 121, 126, 129, 136, 144, 157, 165, 178, 180, 184, 189, 190], "appexchang": [4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 140, 142, 144, 145, 146, 150, 151, 152, 153, 165], "apphost": [38, 58, 64, 85, 87, 93, 107, 108, 113, 117, 146, 180], "appid": 68, "appinstanceserv": 20, "appinterfaceform": 20, "appl": [33, 71], "appld8dth6rcih86": 68, "applewebkit": [93, 185], "appli": [12, 15, 17, 20, 24, 32, 45, 48, 73, 77, 78, 79, 89, 90, 96, 97, 101, 105, 109, 110, 112, 115, 129, 144, 164, 165, 177, 189], "applianc": [8, 24, 32, 33, 42, 51, 130, 161, 176, 178, 179, 180, 182, 190], "appliance_id": 42, "appliance_nam": 144, "appliance_uuid": [42, 144], "applic": [4, 18, 22, 23, 26, 28, 36, 37, 40, 41, 42, 60, 63, 68, 71, 77, 78, 79, 87, 89, 100, 102, 105, 106, 107, 108, 110, 114, 116, 120, 122, 126, 127, 135, 136, 139, 141, 144, 146, 151, 154, 155, 158, 165, 167, 168, 171, 175, 181, 188], "application_block": 23, "application_id": [131, 135], "application_sha256": 23, "application_whitelist": 23, "applicationid": 102, "applicationnam": [78, 102], "applications_to_monitor": 116, "applied_d": 32, "applogin": 20, "applyandmonitor": 18, "applytag": 75, "applytempl": [20, 109], "appnam": [36, 106], "apppassword": 20, "approach": [81, 98, 134, 189], "appropri": [4, 15, 48, 57, 63, 69, 70, 71, 96, 102, 107, 110, 131, 165, 181, 188], "approv": [22, 37, 144], "approve_list": 188, "approxim": [56, 183], "approximate_unaggreg": 144, "appspot": 185, "appsvulnerabilitystatu": 115, "apptyp": 68, "appx": 47, "apr": 113, "april": [103, 151], "apschedul": 113, "apt": [77, 81, 85], "aqhzksvjvfwihz3qnk": 41, "aql": [17, 102], "aqmkagvhzgflndvhlti0mdaaltrhntytowy5ny0wmtc5zwixyjqwm2malgaaa8b3zkolzolanuzktaxwfy0baolletl0oe5djxr7brg": 41, "ar": [1, 3, 4, 5, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41, 42, 43, 44, 45, 46, 47, 48, 50, 51, 52, 54, 55, 57, 58, 59, 60, 61, 62, 64, 65, 67, 68, 69, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 87, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 104, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 126, 127, 129, 130, 131, 132, 134, 135, 136, 138, 139, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 163, 165, 166, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 188, 189], "ara": 85, "arab": [85, 135, 145], "arabia": 135, "arbitrari": [42, 77], "arc": [39, 98], "arch": [14, 107], "archenemi": 95, "archiv": [10, 29, 37, 41, 45, 80, 107, 126], "archive_format": 45, "archive_oper": 131, "archive_result": 131, "archive_search": 58, "archive_url": 45, "archived_fil": 23, "archivefind": 14, "archives_to_search": 58, "arcsight": [142, 186], "area": [20, 35, 36, 37, 59, 106, 126, 188], "arg": [4, 12, 17, 24, 42, 45, 71, 78, 84, 90, 97, 105, 110, 113, 115, 129, 135, 144, 165, 190], "argentina": 135, "argument": [1, 34, 37, 84, 110, 190], "argv": [10, 185], "arial": 57, "ariel": 103, "arin": [82, 148, 185, 186], "arm": 135, "armenia": 135, "armenian": 145, "armi": [142, 186], "armonk": 49, "army6j8scotdjyfdvo0yaisktifdxa7r": 97, "arn": [14, 15, 150], "around": [28, 41, 66, 118, 177], "arrai": [16, 180], "arriv": 189, "arrow": 190, "arsi": 20, "art": 87, "articl": [105, 183], "artifact": [7, 8, 9, 10, 12, 17, 23, 25, 26, 27, 29, 32, 35, 36, 38, 39, 43, 45, 46, 47, 48, 50, 52, 53, 54, 56, 57, 58, 59, 60, 61, 62, 63, 64, 66, 72, 73, 75, 78, 79, 80, 84, 85, 86, 87, 88, 90, 91, 92, 93, 94, 96, 97, 99, 103, 104, 105, 106, 110, 112, 115, 116, 121, 122, 124, 125, 127, 128, 129, 132, 138, 139, 140, 142, 143, 144, 147, 148, 150, 151, 152, 153, 157, 158, 159, 160, 162, 164, 165, 167, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 189, 190], "artifact_analysi": 64, "artifact_api_to_typ": 14, "artifact_creation_count": 102, "artifact_data": 58, "artifact_descript": [41, 68, 77, 95, 98, 101, 116, 135], "artifact_dir": 10, "artifact_filt": 78, "artifact_id": [5, 27, 37, 39, 46, 62, 64, 72, 90, 108, 110, 112, 116, 124, 126, 142, 143, 186], "artifact_keys_as_list": 58, "artifact_list": 129, "artifact_map": 17, "artifact_name_list": 129, "artifact_rel": 101, "artifact_retention_num": 10, "artifact_top": 179, "artifact_typ": [14, 23, 34, 41, 42, 58, 64, 68, 77, 95, 98, 101, 113, 116], "artifact_type_id": [59, 126], "artifact_type_lookup": 123, "artifact_type_to_row": 116, "artifact_valu": [10, 12, 14, 23, 41, 42, 58, 64, 68, 93, 95, 98, 113, 116, 135, 157], "artifact_values_as_list": 58, "artifactflg": 77, "artifacttyp": 189, "artificat": 123, "artifici": [101, 135], "artist": 12, "aruba": 135, "as15169": [61, 185], "as_own": 186, "asa": 154, "asa_ip": 24, "asa_password": 24, "asa_usernam": 24, "asabusecontact": 165, "asav": 24, "asc": [35, 59, 68, 73, 78, 97, 115, 116, 126, 180], "ascend": [42, 73, 97, 116], "ascens": 135, "ascii": [15, 110], "ascountri": 165, "asdf": 93, "asdm": 24, "asia": 40, "asia3": 147, "ask": [80, 190], "ask_en": 116, "asm": [105, 135], "asn": [14, 26, 36, 61, 93, 148, 185, 186], "asn_cidr": 148, "asn_country_cod": 148, "asn_dat": 148, "asn_descript": 148, "asn_org": 14, "asn_registri": 148, "asnam": 165, "asnnam": 185, "asnnumb": 14, "asnorg": 14, "aspect": [37, 180], "aspmx": 12, "ass": 106, "assess": [59, 101, 126, 135, 151], "asset": [13, 17, 32, 45, 79, 97, 103, 105, 112, 150], "asset_group": 144, "asset_id": 102, "asset_nam": 102, "asset_row": 17, "assetid": 112, "assets_format": 48, "assets_list": 17, "assets_raw": 48, "assets_url": 45, "assign": [4, 19, 20, 23, 32, 58, 59, 77, 79, 89, 96, 102, 109, 110, 112, 118, 123, 126, 129, 131, 142, 146, 148, 153, 160, 179, 182, 189], "assign_polici": 73, "assign_tag_result": 42, "assigne": [20, 42, 45, 63, 73, 89, 106, 123], "assigned_d": 32, "assigned_to": [77, 103], "assigned_via": 89, "assignedto": [42, 77, 78, 79, 89, 102, 106, 144], "assignedtocloudgroup": 116, "assignedtoloc": 116, "assignedusernam": 123, "assignee_nam": 73, "assigneenam": 73, "assignees_url": 45, "assignment_group": 118, "assist": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 138, 142, 144, 145, 146, 149, 150, 151, 152, 153, 155, 165, 166], "assistantnam": 112, "assistantphon": 112, "assiz": 165, "associ": [10, 15, 16, 23, 30, 33, 35, 36, 40, 42, 48, 63, 71, 73, 77, 79, 80, 85, 87, 89, 96, 97, 98, 102, 103, 105, 106, 107, 112, 113, 114, 116, 118, 122, 124, 127, 131, 132, 135, 139, 144, 150, 165, 166, 178, 179, 181, 182, 183, 185, 188, 189], "associatewithincid": 135, "assum": [29, 52, 78, 84, 110, 113, 116, 135, 146, 171], "assumed_rol": 14, "assumpt": [116, 189], "asymmetr": 180, "asynchron": [10, 16, 58, 75], "at_id": [59, 126], "ata": 135, "atd": [76, 154], "atd_password": 72, "atd_trust_level": 76, "atd_url": 72, "atd_usernam": 72, "atf": 135, "atg": 135, "atl": 63, "atlassian": [42, 63], "atleast": 131, "atp": [77, 78], "atpdeviceid": 116, "atpserv": 116, "atsvc": 42, "att": [14, 68, 80, 101, 154], "att_nam": 19, "att_tact": [101, 184], "att_tech": [81, 184], "attach": [10, 17, 19, 20, 27, 29, 35, 39, 40, 42, 43, 46, 54, 57, 59, 60, 62, 63, 64, 67, 71, 72, 80, 83, 84, 85, 90, 96, 97, 98, 102, 103, 108, 113, 114, 116, 117, 125, 128, 129, 131, 135, 140, 142, 143, 163, 165, 171, 177, 178, 179, 180, 181, 182, 186, 189], "attach_fil": [59, 126], "attachmennt": 35, "attachment_base64": 40, "attachment_content_typ": 40, "attachment_desc": 47, "attachment_form_field_nam": 110, "attachment_id": [5, 27, 35, 37, 39, 40, 46, 62, 64, 72, 90, 110, 112, 118, 124, 126, 142, 143, 186], "attachment_id1": 40, "attachment_id2": 40, "attachment_input": 37, "attachment_nam": [17, 37, 40, 41, 46, 106, 112, 118, 125, 126], "attachment_s": 40, "attachmentinfo": 129, "attachments_count": [59, 126], "attachmentsourceformnam": 20, "attachmentsourceguid": 20, "attack": [7, 42, 48, 56, 71, 77, 78, 79, 81, 86, 87, 98, 99, 101, 102, 105, 106, 115, 116, 131, 144, 150, 165, 183, 184, 189], "attack_not": 105, "attack_tact": [81, 144, 184], "attackdetail": 36, "attackphas": 34, "attatch": 143, "attempt": [1, 7, 15, 23, 34, 35, 36, 37, 42, 58, 77, 78, 79, 84, 97, 98, 102, 103, 106, 107, 110, 113, 131, 135, 145, 151, 153, 165, 180, 189], "attempted_connections_drop": 42, "attende": [30, 31, 40, 41, 146], "attendee_url": [30, 31], "attendee_url_with_pass": 31, "attent": [20, 40, 134, 136], "attribut": [34, 37, 40, 41, 48, 58, 66, 68, 76, 79, 87, 110, 112, 116, 120, 121, 131, 137, 142, 158, 165, 186], "attribute1": 66, "attribute2": 66, "attribute_count": 80, "attribute_id": 80, "attribute_nam": 66, "attribute_uuid": 80, "attribute_valu": [66, 121], "attributeextens": 116, "attributetag": 80, "atualizar": 94, "au": [56, 106, 131, 135, 146, 155, 183], "audit": [23, 58, 99, 188], "auditlogg": 58, "aug": 113, "augment": 101, "august": [26, 40], "australia": 135, "austria": 135, "aut": 135, "auth": [7, 18, 42, 45, 54, 55, 63, 84, 87, 90, 150, 155, 158, 190], "auth_head": 110, "auth_method": 63, "auth_password": 178, "auth_token": 63, "auth_url": [18, 87, 155], "auth_us": 178, "auth_util": 155, "autha": 90, "authdetail": 73, "authent": [13, 15, 18, 20, 32, 38, 39, 42, 54, 55, 56, 63, 65, 66, 71, 79, 82, 84, 89, 90, 98, 103, 106, 109, 116, 117, 120, 124, 128, 129, 131, 141, 150, 153, 166, 178, 183], "authentiact": 116, "authentihash": 171, "author": [9, 11, 18, 28, 29, 37, 42, 45, 48, 51, 60, 63, 67, 79, 82, 94, 99, 100, 101, 105, 107, 110, 112, 114, 122, 124, 127, 129, 130, 131, 135, 139, 141, 142, 144, 146, 155, 159, 166], "authoritativeverdict": 71, "authority_dist": 105, "authority_key_identifi": [142, 186], "authority_overrid": 105, "authorization_cod": [87, 110], "authorization_st": 105, "authorship": 124, "authsourc": 90, "authtyp": 73, "auto": [20, 29, 34, 48, 87, 96, 99, 110, 112, 116, 123, 182, 190], "auto_approv": 9, "auto_resolve_timeout": 89, "auto_rol": 42, "auto_scaling_group_nam": 144, "auto_sync_darktrace_com": 34, "auto_test": 59, "autoblock": 116, "autoblock_dur": 116, "autoid": 73, "autom": [7, 10, 12, 14, 15, 16, 17, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 140, 141, 142, 144, 145, 146, 150, 151, 152, 153, 154, 160, 165, 181, 183, 185, 186], "automat": [10, 14, 17, 22, 32, 34, 35, 42, 48, 54, 63, 64, 65, 66, 68, 71, 73, 77, 79, 80, 86, 87, 88, 89, 90, 96, 97, 101, 105, 106, 107, 108, 110, 112, 115, 116, 117, 118, 124, 129, 131, 135, 140, 144, 146, 150, 151, 159, 161, 165, 166, 172, 174, 180, 181, 182, 183, 185, 189, 190], "automaticallyresolv": 115, "automation1": 18, "automationaccount": 18, "automationhybridserviceurl": 18, "autoshun": [142, 186], "autostart": 42, "autosuppress": 34, "autotester24": 18, "autoupd": 34, "autoupdat": 34, "av": 116, "av_act": 144, "av_api_kei": 8, "av_ave_vers": 144, "av_base_url": 8, "av_engin": 144, "av_last_scan_tim": 144, "av_mast": 144, "av_pack_vers": 144, "av_product_vers": 144, "av_statu": 144, "av_update_serv": 144, "av_vdf_vers": 144, "avail": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 37, 38, 40, 41, 42, 44, 45, 46, 48, 50, 51, 52, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 73, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 136, 139, 141, 142, 144, 145, 146, 148, 150, 151, 152, 153, 157, 159, 165, 166, 177, 180, 189], "avalid": 39, "avast": 121, "avatar": [45, 63], "avatar_url": 45, "avatarid": 63, "avatarurl": 63, "avdefsetrevis": 116, "avdefsetsequ": 116, "avdefsetvers": 116, "avecbnzttwn0vlsgyznibork": 84, "avengineonoff": 116, "aventail": 116, "avenu": 20, "averag": [76, 85], "avg": 121, "avinstal": 107, "avira": [121, 142, 186], "avl": [142, 186], "avoid": [17, 48, 67, 71, 79, 84, 110, 115, 117, 126, 129, 146, 180, 188], "avt": 157, "aw": [42, 102, 103, 150, 151, 154], "aw2cacdq": 110, "awar": [63, 66, 76, 86, 88, 96, 102, 103, 128, 131, 180, 182, 189], "aws_access_key_id": 16, "aws_aim_group_filt": 15, "aws_aim_policy_filt": 15, "aws_api_cal": 14, "aws_gd_access_key_id": 14, "aws_gd_close_incident_templ": 14, "aws_gd_detector_id": 14, "aws_gd_finding_id": 14, "aws_gd_lookback_interv": 14, "aws_gd_master_region": 14, "aws_gd_polling_interv": 14, "aws_gd_region": 14, "aws_gd_regions_interv": 14, "aws_gd_secret_access_kei": 14, "aws_gd_severity_threshold": 14, "aws_guardduty_archiv": 14, "aws_guardduty_count": 14, "aws_guardduty_detector_id": 14, "aws_guardduty_finding_arn": 14, "aws_guardduty_finding_id": 14, "aws_guardduty_finding_typ": 14, "aws_guardduty_finding_updated_at": 14, "aws_guardduty_region": 14, "aws_guardduty_resource_typ": 14, "aws_guardduty_sever": 14, "aws_guardduty_trigger_refresh": 14, "aws_iam_access_kei": 15, "aws_iam_access_key_filt": 15, "aws_iam_access_key_id": [14, 15], "aws_iam_arn": 15, "aws_iam_group": 15, "aws_iam_group_filt": 15, "aws_iam_group_nam": 15, "aws_iam_mfa_serial_num": 15, "aws_iam_mfa_serial_numb": 15, "aws_iam_password": 15, "aws_iam_password_reset_requir": 15, "aws_iam_policy_filt": 15, "aws_iam_policy_nam": 15, "aws_iam_query_typ": 15, "aws_iam_secret_access_kei": 15, "aws_iam_sign_cert_id": 15, "aws_iam_ssc_id": 15, "aws_iam_ssh_key_id": 15, "aws_iam_ssh_keys_id": 15, "aws_iam_statu": 15, "aws_iam_us": 15, "aws_iam_user_filt": 15, "aws_iam_user_nam": [14, 15], "aws_imds_proxi": 42, "aws_region_nam": 16, "aws_s3_bucket_nam": 14, "aws_secret_access_kei": 16, "aws_services_enumer": 42, "aws_sms_topic_nam": 16, "awsapicallact": 14, "awscloud": 102, "awsdenyal": 15, "awsdenyall_2": 15, "awsserviceroleforaccessanalyz": 14, "awsserviceroleforamazonguardduti": 14, "awsserviceroleforconfig": 14, "awsserviceroleforsecurityhub": 14, "awsservicerolefortrustedadvisor": 14, "ax5ezig32a8mbpkcwyoi": 97, "axon": 17, "axoniu": 154, "axonius_attachment_nam": 17, "axonius_countri": 17, "axonius_device_dis": 17, "axonius_device_limit": 17, "axonius_devices_dt": 17, "axonius_email": 17, "axonius_enforcement_set_nam": 17, "axonius_field_name_list": 17, "axonius_get_device_by_queri": 17, "axonius_get_device_count": 17, "axonius_hard_drives_encryption_statu": 17, "axonius_hostnam": 17, "axonius_id": 17, "axonius_incident_id": 17, "axonius_internal_axon_id": 17, "axonius_ip": 17, "axonius_last_used_us": 17, "axonius_last_used_users_dept": 17, "axonius_limit": 17, "axonius_link": 17, "axonius_nam": 17, "axonius_os_type_distribut": 17, "axonius_own": 17, "axonius_query_d": 17, "axonius_query_str": 17, "axonius_region": 17, "axonius_saved_query_nam": 17, "axonius_security_level": 17, "axonius_tag": 17, "axonius_task_id": 17, "axonius_write_attach": 17, "axzhgjdf4g9knzzoimqgcridsfrsgptao": 97, "az": [18, 135, 145], "azadvisorconfigur": 18, "azerbaijan": 135, "azerbaijani": 145, "azorult": 71, "azur": [41, 71, 78, 79, 154, 155], "azure_automation_account": 18, "azure_automation_account_disable_local_auth": 18, "azure_automation_account_loc": 18, "azure_automation_account_nam": 18, "azure_automation_account_public_network_access": 18, "azure_automation_account_resource_group": 18, "azure_automation_account_tag": 18, "azure_automation_activity_nam": 18, "azure_automation_agent_key_to_regener": 18, "azure_automation_create_ui_tab": 18, "azure_automation_credenti": 18, "azure_automation_credential_descript": 18, "azure_automation_credential_nam": 18, "azure_automation_credential_password": 18, "azure_automation_credential_usernam": 18, "azure_automation_job_nam": 18, "azure_automation_module_nam": 18, "azure_automation_node_id": 18, "azure_automation_report_id": 18, "azure_automation_resource_group": 18, "azure_automation_resource_group_nam": 18, "azure_automation_runbook": 18, "azure_automation_runbook_input_paramet": 18, "azure_automation_runbook_nam": 18, "azure_automation_schedul": 18, "azure_automation_schedule_descript": 18, "azure_automation_schedule_nam": 18, "azure_automation_schedule_start_tim": 18, "azure_automation_statist": 18, "azure_resource_group": 18, "azure_url": 79, "azureautom": 18, "azureautomationdsc": 18, "azurechinacloud": 18, "azurecloud": 18, "azuregermancloud": 18, "azureid": 79, "azureresourc": 79, "azuresentineldemo": 79, "azuresubscriptionid": 78, "azuretenantid": 78, "azureusgovernm": 18, "b": [14, 15, 17, 19, 21, 23, 27, 29, 30, 31, 32, 33, 34, 35, 37, 38, 40, 42, 45, 46, 48, 49, 52, 53, 58, 61, 64, 65, 66, 75, 77, 78, 79, 90, 92, 95, 98, 105, 106, 107, 112, 115, 116, 118, 119, 123, 126, 128, 129, 131, 135, 136, 137, 142, 144, 146, 147, 148, 150, 151, 153, 155, 185, 186, 190], "b052": 102, "b077d6bc": 23, "b0c4de": 40, "b0de": 23, "b1": 116, "b168": 23, "b16e": 79, "b17ce924d5c75dd1e222f438fda67c526a77783403737613f261980b7bcc7510": 98, "b184": 23, "b1b1": 23, "b1e43228990c4bfe8e979969d955b800": 32, "b211": 97, "b22222": 40, "b23e": 97, "b271": 131, "b2f9": 102, "b2fb5c8f": 126, "b34e": 185, "b3763ac5": 79, "b39c": 105, "b39f": 105, "b404": 79, "b41a290abff3ef1770ec7570fcee8575e7bb93a995c562119709087fdbd933ea": 107, "b483sj": 44, "b491": 102, "b4a3": 105, "b4a3b681": 105, "b4be": 23, "b4ydtroxd46j9q9hn": 97, "b5": 107, "b50616ee": 107, "b50e": 38, "b524aa8c65c3": 79, "b5399550db67cad2b136d83fa4895b4a040ac865e3eaa5fb55870ddd4d227eb54313ce15d30a8716c25fb0fe0364fbf87ac82610cc0eecfacc7891eedb5dee35b7634002900fe9d8d89ad5a182a5d3e65d14060ef1a1322799b1656f61a75e4407fecb7938f7e0cf96fbb73917f8635447ee9a5814d4a842fabc6e3dc2487d93e5746beff941b544e7233db8ebcb78384ffc0fb47c67cdcbdd333a4633f3610c02d0b4f9ab08e6878e4aa436f31008c42505a3c7b1b701609a9a7026d220eb47005fc263d3422121d0214994f9c53c025d3a3a01fc6381344a422dd018a20893d94cdbcef4bf53a54fac15372e13048673be1b250fe172215e404b8ef45dc569": 186, "b576": 155, "b59c": 84, "b59pudg6fb81qmsuzkiu3z": 185, "b5a1": 97, "b5c1": 97, "b6": 42, "b626": 77, "b64": 126, "b6929ec040fc733128de56e0dadbb6d6211fd6169ac2150af9df4bc0d47f1a1a": 45, "b6d6": 105, "b6df": 131, "b6e8": 105, "b6ee": 101, "b720": 97, "b733": 97, "b74e5ff66d5": 73, "b759": 131, "b77a": 77, "b77de9b4": 97, "b791d1df2bb8aa77d19b10e3bb395b81": 116, "b799": 123, "b7a6": 79, "b7e3c7e0": 73, "b8": [42, 68], "b833": 23, "b84e": 150, "b86e3a85": 97, "b8860b": 40, "b889": [18, 77, 78, 131], "b8dee9c8e74b": 23, "b906": 115, "b9158547a9fe9dc52292a6098528f239": 116, "b95a": 23, "b98308abb5851cacd0589ec3177389d6": 128, "b986": 131, "b9b364b9905c": 98, "b9ce5c65": 79, "b9e9": 9, "ba": 145, "ba0f": 98, "ba33": 125, "ba356d0fe198472": 23, "ba51": 97, "bacd7b02f178": 150, "back": [10, 14, 34, 37, 41, 42, 48, 52, 63, 76, 77, 79, 80, 87, 88, 97, 99, 101, 102, 105, 106, 107, 108, 110, 112, 115, 116, 123, 129, 135, 142, 150, 166, 181, 188, 190], "backdoor": 121, "backend": 85, "backend_timestamp": 144, "backend_update_timestamp": 144, "background": [101, 131, 144], "backoff": [41, 165], "backslash": 90, "backtick": 42, "backup": 102, "backupdata": 34, "backward": [84, 110, 171], "bad": [7, 42], "bad_report_statu": 153, "bad_summari": 153, "badgetext": 112, "badpasswordtim": 66, "badpwdcount": 66, "badrequestexcept": 14, "bae5": 107, "baf0": 128, "bafybeicfmpubkjm27jyai3bgvcerhr4ewupxngxvt7kj4yhihb3rfuxq5q": 98, "bafybeifluccxb2hveire3sevma2galuosmtm2egvpbegknas2bmlcjfykq": 98, "bafybeifwtldig24fsmrgbwlm2vr2gll4axhcdrpvdqxlg6akalewirimmi": 98, "bag": 69, "bahama": 135, "bahrain": 135, "bak": 166, "balanc": [69, 116], "ban": [22, 144], "bandit": 81, "bandwidth": [42, 129], "bangladesh": 135, "bank": 71, "banner": 120, "bannerphotourl": 112, "banners_uuid": 105, "baqd": 84, "bar": [55, 114, 120, 190], "barbado": 135, "barbuda": 135, "barth\u00e9lemi": 135, "base": [2, 4, 7, 8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 91, 92, 93, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 142, 144, 145, 146, 149, 150, 151, 152, 153, 156, 160, 162, 165, 166, 178, 179, 180, 181, 182, 186, 188, 189, 190], "base64": [40, 45, 57, 85, 87, 97, 110, 140, 178, 179, 182], "base64_str": 116, "base64cont": [47, 57, 90], "base64screenshot": 47, "base64toattach": 47, "base_devic": 144, "base_device_url": 34, "base_model_breach_url": 34, "base_url": [23, 26, 32, 34, 45, 98, 99, 104, 105, 114, 123], "baseline_rul": 116, "basestr": [35, 52, 58, 63], "bash": [1, 3, 84, 141, 163], "bashkir": 145, "bashstatu": 116, "basi": 106, "basic": [5, 13, 15, 18, 23, 63, 64, 73, 82, 84, 97, 103, 110, 112, 119, 141], "basic_alert_group": 89, "basiccliprovis": 75, "basicconstraint": 90, "basqu": 145, "bat": 116, "batch": [41, 58, 116], "batchgetresourceconfig": 14, "baz": 110, "bb05": 97, "bb0f": 18, "bb37f78894db451b8e8921ec127667a3": 116, "bb7d": 77, "bbb": [79, 145], "bbb_ccc": 145, "bbbb": [18, 23], "bbdf": 23, "bbe9": 115, "bbremner": 66, "bc36": 77, "bc40": 106, "bc48": 32, "bc5a499d6ae2": 97, "bc6hr123456789qpd2eeowet9rdrqfjmnjmuohp123450": 18, "bcc": [87, 135], "bcc5": 23, "bccfolder": 90, "bccrecipi": 41, "bcd90285ec6b": 97, "bcl": 90, "bcrypt": 183, "bd13": 75, "bd7e": 97, "bde8": 97, "bdi": 135, "be5f636f": 105, "be60": 106, "beacon": 42, "bearer": [87, 110, 150], "beautifulsoup": 87, "beautifulsoup4": [89, 159], "becaus": [14, 34, 84, 118, 150, 177, 189], "becom": [9, 29, 96, 144, 189], "bed46322589d": 23, "been": [3, 7, 10, 12, 14, 16, 17, 18, 20, 23, 24, 29, 31, 32, 34, 35, 36, 37, 38, 40, 41, 42, 45, 48, 50, 52, 63, 65, 66, 71, 72, 73, 77, 78, 80, 81, 85, 87, 88, 89, 90, 91, 98, 101, 102, 103, 105, 106, 107, 109, 112, 113, 115, 116, 117, 118, 119, 120, 121, 123, 124, 128, 129, 131, 134, 135, 136, 142, 144, 146, 150, 151, 153, 154, 156, 174, 178, 181, 182, 184, 185, 186, 189], "befor": [4, 15, 24, 32, 34, 35, 38, 41, 42, 52, 56, 63, 64, 67, 72, 75, 79, 84, 85, 86, 88, 97, 98, 102, 105, 108, 110, 131, 135, 136, 140, 144, 150, 153, 166, 179, 181, 182, 183, 187, 188, 189], "begin": [14, 15, 40, 41, 42, 48, 73, 84, 87, 90, 103, 110, 190], "beginnavig": 185, "begins_with": 105, "begintim": 116, "behalf": [41, 112, 131], "behavior": [1, 34, 40, 42, 43, 72, 77, 98, 106, 107, 115, 118, 163, 186], "behaviour": [34, 107], "behind": [55, 117, 120], "being": [37, 40, 42, 48, 50, 52, 55, 58, 63, 71, 72, 73, 84, 99, 102, 110, 116, 118, 131, 144, 146, 151, 153, 165, 166, 177, 189], "bel": 135, "belaru": 135, "belarusian": 145, "belgium": 135, "believ": 79, "beliz": 135, "belong": [71, 124], "below": [3, 4, 10, 11, 14, 18, 19, 20, 21, 23, 24, 29, 32, 33, 34, 40, 41, 42, 47, 48, 54, 55, 57, 58, 59, 63, 68, 69, 73, 74, 76, 77, 79, 81, 82, 83, 85, 86, 87, 88, 89, 95, 96, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 114, 115, 116, 118, 119, 120, 123, 126, 128, 129, 131, 134, 136, 138, 143, 144, 146, 150, 153, 154, 155, 157, 180, 181, 184, 188, 189, 190], "ben": 135, "benefit": 177, "bengali": 145, "benign": [71, 101, 106, 144], "benign_count": 71, "benign_qa_testware7": 23, "benignposit": 79, "benigntot": 185, "benignverdict": 185, "benin": 135, "benkow": [71, 142, 186], "berkelei": 42, "berlin": 185, "bermuda": 135, "bernoullinb": 69, "best": [29, 45, 97, 133, 151, 166, 181], "beta": 45, "better": [12, 17, 24, 45, 48, 78, 90, 108, 115, 118, 129, 144, 168, 177, 181, 189], "between": [4, 12, 17, 18, 19, 20, 24, 29, 34, 41, 42, 45, 48, 55, 63, 64, 73, 77, 78, 79, 84, 87, 89, 90, 95, 97, 102, 104, 105, 106, 107, 108, 110, 114, 115, 116, 117, 118, 120, 123, 129, 135, 144, 146, 149, 150, 165, 180, 181, 187], "beyond": 63, "bf": 23, "bf2b": 77, "bf2d": 105, "bf2f": [77, 78], "bf63b8c7c3585d05dd2358eb52f4a9ca05d02aec8b2ae7a5eaed4d9320bcfbb9940055167dba6bd2d936c8af29efcf70b569cad8e3d3cf55e956ac1fb43bee7476127e1746cd442207d6bff13ed82e4e6c80b8306ff74afbf301fdc93f4e0d3b6c5d8b6b57db7546813506ea2d8f613dbc58de5cab9281ced1def935f7e92b8c1f07441fda6eb534f6e8a39eb687256043aac4a2eb3526ee5e6860b75fed448a4fa2f66f72012593f91a854f6c3b082999dfae3a72b50292c99916c106f233c9d0bb16ac85650b1584e039c4298319045624b53895bf0e7ff6c7fa2196d7302bd6a2239e0855ab36f441ba336fac06bf5a9235cc05479f7262571c5e4961464b3513b543879036e347b5ed780b9a0d9088bcc11632036711f6ebb3815143cb618484939d7e6b527feef4ac7f85ad3aa7f663165cae3cbacf80c81ec6f8203eca62a0edb74a29bda7c5dea39da96d075294e41aaef353db096cddcf224713ee7d3c8b286893121ed84dabc5e9cd7177b7bcf2e03687a1c93cfc89b8b47d002acb52e331ff2a730bcdc72c130b2ab9e20c5da2d46afbc2cf87ff547910de9414bb8ad436cc89fea9bdaca8c2a0fb297b56fc9bf54a561607aa18a5dc966744ee2807c2faa30a92b0e05345fc31e2af240fffecf108c7ce0f8ebc482d84d344cd99668ad3799a1ae28df6b4c06c28f1b3f4744880b959b769efad87b02be9ba567d647142ced2d00ff5b8f47da4c3b4e0fd54347fe4839fb117584eb2c07dfa239b9cd64676ad3a5aff1140e3c2d591ef7da67171afcd1adbef3628ac21cf56d9465212ea01555c736a7d17d3435f68526dc21354f7b70bb768202d3c90e08cc028ed4f97500e3445f7ad9626d3dbe61824dd59c2ac77603ab39ed8e46078c5108205f689e8ede8e0de2fe230247c6f9242fa6ebd77a7e2e629e11acfd08612cc6d88e696aa28d1ccb4210ef0a568b5a54175e6246a2e79225fbbe39e3a8bddc884fd9a2b6760f0f6a76b7fb2d1fdf48d81393374e5e4b8442e5af8ba50cefbcafbb15d65cf5ff22233aedbbe5931de02e1203df2704838cd0e727dc916dcf6f3f2c4fa925f7c1bdc3565133cddd338ef8f2f93d924456fc317d5f4414b815977014bd551aec83c8f60fcbc1d1fed6f996776302ce8324e66ceba93636e942bbbd6eb6bbf4762a2063a1cda838e20b9d551a03c5a6b6613a443f90d7a2d6c8517a1f18202e11c2dee7295bb3cdbe755bb0105d142a9fc0b3220d4615b1b47fd3991514a24156f99c011b8239491b5d70414162811ff60cf0b6d5598743e17bd4cfe9f0f32e8ab02599ca010f75d86c9e60ca8958fa575d04eb20f807352634c53ae285a750cfc6bac6b2836f4ba42b2cc041c37a8529a4e87b99c7e36fd49d318c09188b49ce3ef596f951c93b1af5a099b37f5dc75ed232f10b377b904ec361e764d12f28f2bfc9b8b891140f46f475fedcdeb2cd769994dbed0a6c8bd45d75588bc7de9b6d69ed8592eb3d65c2a4480d0704a484e0904fd7cc6c990ec3911b0fbe35d095ef2674904dbd97ce9b70eb480d1f75a86dda86c02c830ccfe9fe86856756babbb8554e684155d3c3dc9f86fbd12c18b10e0382f38817fbd76fb3f84c4ad4e0c529962e03e77310d5336985e456c26a2f0bf9e2d8f40e6d5f2ad3a3e51b7d1c5a743768211e924d5083bf55aa": 95, "bf64": 9, "bf74": 97, "bf7fe476": 97, "bf88": [101, 184], "bfa": 135, "bfb9": 123, "bfd0e1f9808d": 77, "bfore": [142, 186], "bg": [98, 144, 145], "bgbgmq": 90, "bgcolor": 90, "bgd": 135, "bgiaaackaabsu0exaagaaaeaaqdfmtypvbc2zorpgfbk76tuyp2mz7": 116, "bgr": 135, "bh": 135, "bhr": 135, "bhutan": 135, "bi": [34, 48, 79, 80, 89, 106, 112, 117, 123, 129, 135, 177, 181], "bidirect": [48, 105, 106, 107, 112, 115, 144], "bidirection": 181, "big": [19, 42], "bigfix": 154, "bigfix_action_id": 19, "bigfix_artifact_id": 19, "bigfix_artifact_properties_nam": 19, "bigfix_artifact_properties_valu": 19, "bigfix_artifact_typ": 19, "bigfix_artifact_valu": 19, "bigfix_asset_id": 19, "bigfix_asset_nam": 19, "bigfix_endpoints_wait": 19, "bigfix_hunt_results_limit": 19, "bigfix_incident_id": 19, "bigfix_incident_plan_statu": 19, "bigfix_pass": 19, "bigfix_polling_interv": 19, "bigfix_polling_timeout": 19, "bigfix_port": 19, "bigfix_query_for_artifact": 19, "bigfix_remedi": 19, "bigfix_retrieve_resource_detail": 19, "bigfix_update_action_statu": 19, "bigfix_url": 19, "bigfix_us": 19, "bigfixadmin": 19, "bigint": 180, "bih": 135, "bill": [48, 62, 68, 122, 186], "billi": 66, "billingaccount": 48, "billingaddress": 112, "billingc": 112, "billingcountri": 112, "billinggeocodeaccuraci": 112, "billinglatitud": 112, "billinglongitud": 112, "billingpostalcod": 112, "billingst": 112, "billingstreet": 112, "bin": [1, 2, 55, 70, 116, 173], "binari": [43, 85, 110, 116, 126, 190], "binaryfileid": 116, "bind": [37, 85], "bind_fold": 37, "bind_paramet": 180, "bios_manufactur": 32, "bios_vers": 32, "biosreleased": 53, "biosrevis": 53, "biosroms": 53, "biosvendor": 53, "biosvers": [53, 116], "birthdat": [46, 112], "bissau": 135, "bit": [77, 115], "bit9_escal": 22, "bitdefend": [121, 142, 186], "bittorr": 42, "bittorrent_act": 42, "biz": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 138, 139, 141, 142, 143, 144, 145, 146, 149, 150, 151, 152, 153, 155, 159, 165, 166, 181, 183, 185, 186], "bkav": [142, 186], "black": [22, 57, 154, 190], "blackberri": 68, "blacklist": [7, 12, 23, 82, 116, 123, 142, 143, 167, 186], "blacklist_2": 116, "blacklisted_cert": 42, "blacklistrul": 116, "blacklisturl": 153, "blacktop": 37, "blade": [78, 79], "blake2": 126, "blake2b": 126, "blank": [12, 17, 24, 37, 38, 40, 41, 42, 45, 54, 55, 59, 63, 67, 77, 78, 79, 84, 86, 89, 90, 96, 107, 115, 120, 123, 126, 129, 135, 136, 144, 146, 153, 185, 189, 190], "blend": 188, "blind": 87, "blinkbox": 36, "blkio_stat": 37, "blm": 135, "blob": [43, 45, 83, 140, 180], "blob_url": 45, "blobs_url": 45, "block": [10, 14, 23, 24, 27, 77, 78, 79, 81, 82, 87, 88, 98, 103, 107, 109, 116, 123, 138, 140, 149, 151, 153], "block_policy_nam": 55, "block_result": 54, "blocked_us": 88, "blocked_user_2": 88, "blocklist": [7, 24], "blocklist_in": 24, "blocklist_url": 153, "blog": [7, 56, 87, 90, 183], "blogg": 52, "bloodhound": 42, "bloodhound_enumeration_act": 42, "blr": 135, "blue": [63, 90, 95, 120], "bluekeep": 42, "bluelink": 116, "blueliv": [142, 186], "bluemix": [28, 84], "blur": 95, "blz": 135, "bmc": 154, "bmc_helix_additional_data": 20, "bmc_helix_assigned_support_organ": 20, "bmc_helix_assigned_to": 20, "bmc_helix_compani": 20, "bmc_helix_created_d": 20, "bmc_helix_customer_first_nam": 20, "bmc_helix_customer_last_nam": 20, "bmc_helix_descript": 20, "bmc_helix_impact": 20, "bmc_helix_incid": 20, "bmc_helix_incident_numb": 20, "bmc_helix_incident_typ": 20, "bmc_helix_organ": 20, "bmc_helix_prior": 20, "bmc_helix_reported_sourc": 20, "bmc_helix_request_id": 20, "bmc_helix_statu": 20, "bmc_helix_support_group": 20, "bmc_helix_templ": 20, "bmc_helix_urg": 20, "bmigroup": 98, "bmu": 135, "bn": 145, "bob": 86, "bodi": [21, 40, 41, 45, 46, 63, 80, 87, 88, 89, 90, 101, 106, 116, 118, 128, 129, 131, 135, 144, 165, 166, 171, 188, 189], "body_html": 45, "body_text": 45, "bodypreview": 41, "boe": 20, "bokmal": 145, "bol": 135, "bold": [12, 17, 24, 45, 78, 87, 90, 101, 115, 129, 144, 166, 187], "bolivarian": 135, "bolivia": 135, "bonair": 135, "bone": 96, "bonjour": 116, "book": 106, "bookmarkscount": 79, "bool": [12, 17, 24, 35, 42, 45, 52, 58, 63, 73, 78, 87, 90, 110, 115, 123, 125, 129, 135, 144, 149, 165], "bool_to_str": 107, "boolean": [14, 15, 16, 17, 18, 23, 31, 34, 35, 40, 41, 42, 45, 48, 58, 59, 63, 66, 73, 75, 81, 83, 84, 90, 95, 96, 97, 98, 101, 102, 104, 105, 106, 107, 108, 110, 112, 113, 115, 116, 123, 124, 126, 131, 135, 143, 144, 146, 149, 153, 165, 166, 180, 181, 184, 185], "boost": 69, "booster21": 95, "bootp": 116, "bootstrap": [65, 179], "bootstrap_serv": 65, "border": [57, 90, 101], "borphanedroot": 20, "bosnia": 135, "boston": 49, "bot": [7, 124], "both": [4, 10, 12, 14, 15, 19, 21, 24, 27, 29, 32, 35, 38, 40, 41, 42, 43, 54, 58, 59, 63, 65, 66, 73, 77, 79, 80, 81, 85, 86, 87, 88, 89, 90, 96, 98, 102, 103, 107, 110, 113, 116, 117, 118, 120, 124, 126, 128, 134, 135, 142, 145, 151, 155, 166, 180, 181, 183, 186, 188, 189], "botnet": [42, 101], "boto3": [14, 15, 16], "botocor": 14, "botswana": 135, "bottom": [9, 11, 28, 40, 44, 51, 54, 94, 99, 100, 101, 112, 114, 120, 122, 125, 127, 130, 139, 141, 143, 159], "botvrij": 71, "botvrij_url": 71, "bounc": 181, "bound": 97, "boundari": [110, 171], "bouvet": 135, "box": [20, 24, 33, 55, 87, 105, 117, 119, 120, 188, 190], "bp_host": 71, "bpmn": 97, "bpmndi": 97, "bpmndiagram": 97, "bpmndiagram_1": 97, "bpmnedg": 97, "bpmnelement": 97, "bpmnlabel": 97, "bpmnplane": 97, "bpmnplane_1": 97, "bpmnshape": 97, "br": [12, 15, 17, 21, 24, 27, 30, 32, 35, 37, 38, 40, 42, 45, 46, 48, 49, 52, 53, 58, 59, 61, 64, 66, 75, 77, 78, 79, 81, 87, 90, 92, 93, 94, 96, 98, 101, 105, 106, 107, 112, 115, 116, 118, 119, 123, 126, 128, 129, 131, 135, 136, 137, 140, 142, 144, 146, 147, 148, 151, 153, 184, 187, 188, 190], "bra": 135, "brace": 110, "bracket": [12, 17, 24, 45, 59, 78, 84, 86, 90, 115, 126, 129, 135, 144, 187], "branch": [1, 2, 3, 40], "branches_url": 45, "brand": [98, 185], "brand_protect": 36, "brazil": 135, "brb": 135, "breach": [55, 81, 105, 181], "breachdat": [56, 183], "breachdevic": 34, "break": [12, 15, 17, 24, 38, 42, 45, 78, 88, 90, 107, 115, 116, 117, 129, 135, 144, 165, 177, 180, 187], "breakdown": 71, "breakpoint": 190, "bremner": 66, "brew": [0, 3, 85], "brg1trxqkztgsgukcgyaa7swvz3lgj42tifzoh4f5": 110, "brian": 95, "brief": 79, "bring": [37, 46], "britain": 7, "british": 135, "brn": 135, "broadcast": 116, "broadcom": 116, "broadwai": 95, "broker": [20, 75], "brokera": 65, "brokerb": 65, "brought": [78, 129], "brows": [63, 140, 154], "browse_rich_text": 33, "browse_rich_text_fin": [8, 33], "browser": [14, 87, 106, 116, 125, 155], "browsertyp": 115, "brunei": 135, "brute": [7, 37, 42, 79], "bs4": [31, 142, 145], "bso_ip": [54, 55], "bso_password": [54, 55], "bso_us": [54, 55], "btn": 135, "bu": 129, "bucket": [42, 102], "bucket_arn": 14, "bucket_nam": 14, "bucket_own": 14, "bucket_typ": 14, "bucketnam": 14, "buddies_forev": 95, "buffer": 52, "bug": [10, 11, 14, 19, 23, 24, 35, 40, 41, 42, 48, 63, 64, 65, 66, 68, 73, 74, 76, 77, 79, 80, 87, 88, 89, 90, 98, 99, 101, 102, 103, 109, 111, 113, 116, 117, 124, 126, 128, 129, 131, 139, 140, 141, 142, 148, 151, 167, 177, 180, 189], "bugfix": [38, 40, 98, 142], "bugreport": 68, "build": [6, 10, 23, 29, 31, 37, 47, 85, 88, 102, 103, 107, 108, 128, 135, 145], "build_dict": 135, "build_nlp": 70, "buildtim": 53, "built": [4, 6, 10, 37, 69, 76, 80, 90, 110, 122, 127, 134, 139, 178, 181], "builtin": [12, 17, 24, 45, 78, 90, 110, 115, 129, 144, 187], "builtinmodul": 18, "bulgaria": 135, "bulgarian": 145, "bulk": [177, 181], "bulletproof": 71, "bundl": [4, 42, 76, 87, 101, 184, 187, 188, 189], "burger": 119, "burkina": 135, "burlesqu": 90, "burmes": 145, "burundi": 135, "busi": [14, 41, 63, 95, 96, 118, 119, 129, 134, 149, 150, 177, 188], "business_unit": 150, "businessimpact": 150, "businessnam": [135, 189], "businessunit": 150, "button": [9, 11, 15, 28, 29, 41, 44, 54, 60, 75, 106, 112, 114, 120, 122, 127, 131, 135, 139, 140, 143, 155, 178, 187, 188, 189, 190], "bvcddgjrecxdkbxzqwslpugoqarh9sltwvjnozsebeuy0bnokoimnavmp1wydfaexzmumhsge7tmjduxsaaac587wpwiv1xlrm4kqsem5atgwpvfiofuuikngn5guu3srzdyw4rjtkmv6ajtuswiez1tbuwitlhfsswkjx5esjato6ncu5ymkeg932rjr8tgopgitoaj7d1qfjknemqebp8hheg8delgufgxelvcqvk5wqq5hkfmfamqngv7wbehxdnrcj4b6r7clpialbfcpjpw0awchxszbhxkhvpf73tvgafjlhb1metcattoph": 97, "bvmware": 144, "bvow5qzrtnubcuoeophtzn9asgz4vcfrctzijnsyladejxlak7ycabpylthaiw8sbwctcqocmwfl": 97, "bvt": 135, "bwa": 135, "bwf": 116, "bxjk1ll8g1exl2c2smpexubdua1n5xwmhhphp6psiajy74qucnyplfvylms9qrwoq70mqny9tllef6": 116, "bypass": [29, 35, 73, 77, 89, 144, 178, 181], "bypassdurationhour": 77, "byte": [42, 84, 102, 126, 178, 180, 182], "bytea": 180, "bytespersector": 53, "bytypeeventcount": 107, "bzz1madgczc3ch4yrq": 84, "c": [9, 10, 12, 13, 15, 17, 18, 22, 23, 24, 26, 34, 42, 43, 45, 48, 53, 55, 63, 65, 69, 70, 72, 73, 77, 78, 79, 82, 84, 89, 90, 104, 105, 106, 107, 112, 115, 116, 118, 121, 126, 128, 129, 131, 135, 136, 142, 144, 145, 146, 150, 152, 153, 155, 157, 160, 176, 178, 179, 180, 181, 182, 186, 190], "c0": 23, "c000": 58, "c008": 182, "c01770161d68": 77, "c03qzgv0yju": 124, "c06fa6c3": 155, "c09beb673a5": 123, "c0bb86dc6104": 97, "c0bf408c999": 182, "c0dfacf7": [101, 102, 184], "c18c": 107, "c1b52a5273fa0254f2f35f75a8b7a3944939fea11d22e08e1164314d88b6f808e75bb7": 121, "c1c063ec9b69": 97, "c1ff": 105, "c250ef8f3919": [101, 102, 184], "c26dc4e73a335b4414d238b6b30bfd6aff693293f9e4946b5df13f9aac40af5c": 23, "c280778959b8456fba4ad911fa7badc757d07afbb6fadd05bba28171bbe17f21d25f2ef0d2724e7534f88d62e34ada5190d4013d9c0cc071f7e62fb6d6076726d0deff17cef085fd31c166ca876505472a5fc0abb88cc3bfd0177f63a35cf046fb86aafb4dd72a5e7f9ae013977dbefb7d35570d5d5e819835ea1642a2d3b074f7592ded38e7fe7a1bb336e67eae3f9ea61683de53014e8100aebb42f51f752934cde9848038ae3c3714c0f027ce3052b98adc5f22a079f84f4e4904e2757caa2f2a1e03ec714ca32a61fc6fca911e935a2e780858f6eebb34205d9ae6afc6d7f2bf0a7bfa8e9277e36c7b0c4086644a15ec70d7728e6330e10bef5a30972e25": 142, "c2_web_beacon": 42, "c2bb95a17b879bffc96c58f8a1689784": 14, "c2bb95a17b879bffc96c58f8a1689785": 14, "c3": [23, 107, 116], "c3465af09c46": 79, "c37e": 63, "c3be": 116, "c3be9c35": 107, "c3bf1b3634a2": [77, 78], "c4": 116, "c4af": 79, "c4c4": 106, "c4d5b6bafe03": 23, "c54022c7": 77, "c56ba498d41caa7be3c1eb5588cec27c413eb208": 121, "c57b14f911e20ef253dd822c05443f52": 185, "c5926008a5d3": 79, "c5e36a0098f54a6d4bf33037c5c68bf4": 107, "c61f3dfaf47": 79, "c645": 144, "c670630c6c19434d3d62b9f6e800bffd4cf5d5c361d64c8c92c628f1aba368e": 126, "c6c712b0": 79, "c708d037ae5a46b69ec4dcbf7e4555e5": 42, "c74c": 98, "c770": 107, "c784cc7c2ddc": 79, "c79839fc": 97, "c7aa": [77, 78], "c8": [23, 53], "c80cd55d": 97, "c815": 59, "c831966a9c313235f314ffa88c3126f556e9191c70bddea0cc3883ba1d64edd8": 98, "c84d": 18, "c875f7333fb843aeacb01d1cbfa52ae5": 131, "c8769d55": 80, "c960": 23, "c96b": 105, "c986": 23, "c_outer": 116, "ca": [40, 42, 74, 76, 77, 87, 90, 99, 106, 110, 142, 144, 145, 185, 186], "ca1": 142, "ca1df3031a00e387c8a7da086272f2b6": 17, "ca_file_to_be_us": 38, "ca_information_access": [142, 186], "caaaayaaaaaaaaaaaaaaaaaacaaagauzgf0yqaaaabgagaaeceaamwaaad": 116, "caafba4e4f6d130e7db30ed4d5e53504": 188, "cacert": 142, "cach": [12, 150, 180, 185], "cachedur": 50, "cachetool": [97, 107], "cad8": 116, "cad80f000946c25d6c150831060aa326": 116, "cade": 97, "cadenc": 150, "caf": 135, "cafil": [11, 24, 98, 99, 102, 103, 107, 114, 123, 129, 178, 181, 190], "cafm": 101, "caico": 135, "cakei": 87, "calbro": 20, "calcul": [3, 102, 126], "caledonia": 135, "calendar": [41, 105, 131, 134, 135, 154], "calendar_invite_datetim": 21, "calendar_invite_descript": 21, "calendar_invite_extra_email_addr": 21, "calendar_invite_incident_id": 21, "calendar_invite_subject": 21, "calibri": [40, 87], "california": [12, 61, 142], "california_health_risk_assess": 126, "call": [4, 8, 12, 14, 15, 17, 19, 20, 21, 24, 29, 33, 36, 40, 41, 42, 43, 45, 47, 48, 52, 55, 56, 59, 62, 65, 71, 73, 77, 78, 79, 87, 90, 97, 98, 101, 102, 103, 107, 110, 113, 115, 119, 124, 126, 129, 131, 134, 135, 140, 144, 145, 146, 150, 156, 162, 164, 176, 178, 179, 180, 181, 182, 184, 187, 189, 190], "call_does_not_exist_error": 42, "call_rest_api": [110, 141], "callback": [87, 112, 131, 146, 155, 162], "callcenterid": 112, "caller": [14, 42], "caller_id": 118, "callertyp": 14, "callinnumb": 146, "callintollfreenumb": 146, "callintollnumb": 146, "calluses1": 107, "cambodia": 135, "cambridg": [49, 113, 134, 157], "cameroon": 135, "campaign": [9, 151], "campaign_descript": 98, "campaign_id": 98, "campaign_members_list": 98, "campaign_nam": 98, "campaign_result": 98, "campaign_start_d": 98, "campaignfamili": 98, "campaignid": 98, "campaignmemb": 98, "camunda": 97, "can": [1, 4, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 45, 46, 48, 50, 52, 53, 54, 55, 56, 57, 58, 59, 62, 63, 64, 65, 66, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 104, 105, 106, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 123, 124, 125, 128, 129, 130, 131, 134, 135, 136, 138, 140, 141, 142, 143, 145, 146, 148, 149, 150, 151, 152, 153, 155, 158, 159, 160, 161, 162, 164, 165, 166, 168, 176, 178, 179, 180, 181, 182, 184, 186, 187, 188, 189, 190], "canada": [18, 101, 135], "cancel": [15, 20, 40, 68, 97, 103, 118, 119, 180], "cancellationcom": 77, "cancellationdatetimeutc": 77, "cancellationrequestor": 77, "candid": 71, "cannot": [10, 22, 34, 37, 42, 48, 63, 67, 71, 85, 87, 89, 92, 105, 106, 110, 112, 113, 115, 126, 135, 144, 146, 165, 180, 181, 188, 189], "canon": 82, "canonical_nam": 48, "canonicalid": 14, "canopenincid": 123, "canva": 190, "capabl": [9, 10, 11, 13, 14, 20, 24, 29, 35, 37, 38, 40, 41, 42, 46, 65, 66, 67, 73, 75, 77, 79, 80, 87, 88, 89, 90, 96, 98, 102, 103, 107, 109, 110, 113, 114, 117, 118, 123, 124, 128, 131, 132, 142, 151, 156, 166, 178, 179, 180, 181, 182, 188], "capac": 18, "cape": 135, "capit": [106, 147], "captur": [0, 42, 46, 48, 57, 79, 87, 97, 113, 116, 135, 150, 177, 180, 188, 189], "carbon": [22, 154], "card": [71, 116, 131, 165], "care": 101, "carefulli": [52, 186], "carrier": [36, 87], "case": [4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 35, 36, 37, 38, 40, 41, 45, 46, 47, 50, 52, 54, 57, 58, 59, 62, 64, 65, 66, 71, 73, 74, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 102, 103, 107, 108, 109, 110, 113, 115, 116, 117, 118, 119, 120, 121, 124, 125, 126, 128, 131, 132, 134, 136, 140, 142, 145, 146, 151, 152, 153, 154, 159, 161, 165, 166, 176, 177, 178, 179, 180, 181, 182, 184, 188, 189], "case_3a649db8": 123, "case_fields_to_queri": 112, "case_json": 112, "casefil": 151, "casefileid": 151, "caseid": [112, 123], "casenumb": 112, "caserecommend": 123, "caserecommendationoutcomestatu": 123, "cases_closed_from_funct": 48, "casesourc": 123, "cassandra": 15, "cast": [134, 180], "cat": [0, 7, 90, 153, 183], "cat_id": 153, "cat_nam": [59, 126], "catalan": 145, "catalog": [22, 54, 68, 154], "catalogu": 58, "catch": [119, 179], "categor": [9, 20, 51, 71, 105, 153, 157, 165], "categori": [7, 20, 26, 33, 34, 36, 38, 41, 42, 48, 54, 55, 71, 77, 78, 80, 81, 87, 95, 97, 99, 103, 105, 107, 115, 123, 131, 142, 185, 186, 189], "categories_list": 7, "categories_nam": 7, "categories_set": 7, "categorization_list": 157, "categorization_nam": 157, "categorizationresult": 157, "category_count": [102, 103], "category_id": [58, 59, 126, 153], "category_list": 153, "category_map": 42, "category_nam": 102, "categorydefinit": 103, "categorynam": [102, 103], "categoryname_categori": 103, "catname_exist": 153, "cattelecom": 7, "caus": [29, 70, 77, 102, 115, 123, 134, 166, 181, 189], "caution": [42, 126], "caveat": 38, "cayman": 135, "cb": 144, "cb1a7e68": 108, "cb94c359": 23, "cb971c75": 102, "cb_analyt": 144, "cb_firewall_inact": 144, "cbc": 42, "cbc_device_external_ip": 144, "cbc_device_id": 144, "cbc_device_internal_ip": 144, "cbc_device_loc": 144, "cbc_device_nam": 144, "cbc_device_os_vers": 144, "cbc_device_polici": 144, "cbc_device_policy_id": 144, "cbc_device_quarantin": 144, "cbc_device_statu": 144, "cbc_device_tim": 144, "cbc_device_usernam": 144, "cbc_file_scan_result": 144, "cbc_filemod_nam": 144, "cbc_filemod_reput": 144, "cbc_process_cmd": 144, "cbc_process_effective_reput": 144, "cbc_process_nam": 144, "cbc_process_pid": 144, "cbc_process_policy_act": 144, "cbc_process_sha256": 144, "cbc_process_typ": 144, "cbc_process_usernam": 144, "cbc_query_d": 144, "cbc_sensor_st": 144, "cbid": 34, "cbmdvby5nbiikd3d3lmdvby5nbiiuz29vz2xllwfuywx5dgljcy5jb22cfi": 84, "cc": [87, 90, 129, 135, 142, 186, 188], "cc00a6170946c25d35bd115e41f2f92c": 116, "cc0f": 105, "cc4934376adfa2c4d5c698791c51264d0080948b": 77, "cc7cdc7674ebaa353386f4529c800cd78ac5dd88": 107, "ccc": [79, 145], "ccc4": 106, "cccc": [18, 23, 106, 116], "cccccccc": 106, "cccccccccccc": 23, "cccccccccccc0": 23, "ccccccccccccd": 23, "ccf2d5f4ab37650ccbb582f351aa6fdd": 101, "cck": 135, "ccrecipi": 41, "cd": [0, 28, 67, 77, 90, 94, 100, 114, 127, 139, 141, 143, 159, 161, 175, 190], "cd08c63eac1f211b1b6fd4039b293000": 116, "cd0f7a5bd5d5": 18, "cd22": 116, "cd5c5c": 40, "cd64": 106, "cd9f8f74430fa82254987d8c01e4316fb82102d7": 45, "cda5cca328c811efb47ec103488c1130": 144, "cdcatalog": 90, "cdd7": 98, "cde7": 73, "cdnoqxknafn5": 106, "cdp": 42, "cdp_name": 42, "cdvc2haa8xorjasvhwvndqtrsvwbpqo5iegobiaztfg1e7clhgxfe4t61vphvvhcul4wxa2eqistpwz8v1sruhamddhxndm3vyx4tvjxdg5dzh48jbzvgqc": 97, "ce": [42, 97, 116, 190], "ce35": 97, "ceas": 110, "ced": 116, "cell": [14, 32, 35, 36, 59, 108, 118, 126, 135], "cell_nam": 20, "cellco": 14, "cellular": 87, "center": [16, 20, 21, 27, 29, 30, 38, 46, 52, 54, 57, 59, 62, 68, 74, 75, 76, 77, 79, 83, 87, 92, 93, 95, 97, 102, 103, 106, 114, 138, 143, 145, 149, 154, 155, 165], "cento": [8, 10, 32, 33, 55, 115, 116, 190], "central": [55, 58, 102, 106, 135, 145], "central1": 48, "centralu": [78, 79], "centurylink": 14, "cer": 99, "cert": [40, 42, 63, 74, 79, 80, 88, 99, 102, 103, 105, 116, 123, 128, 171, 186], "cert_private_kei": 116, "cert_signatur": [142, 186], "cert_uuid": 105, "certain": [4, 34, 110, 131, 146, 157, 165, 189], "certego": [142, 186], "certfic": 166, "certif": [11, 22, 24, 38, 42, 45, 52, 54, 55, 63, 64, 65, 73, 75, 76, 77, 84, 88, 89, 98, 99, 101, 102, 105, 107, 112, 114, 115, 116, 129, 131, 135, 144, 153, 155, 165, 166, 178, 185], "certificate_path": 52, "certificate_polici": [142, 186], "certificatebodi": 15, "certificateid": [15, 115, 185], "certificateinfo": 77, "certificatetransparencycompli": 185, "certinfo": 107, "cf": 28, "cf23df2207d99a74fbe169e3eba035e633b65d94": 151, "cf7f235xxxxxxxxxxddxxxx930ae68d377754b971xxxxxxxxx": 146, "cf973382698e6d6fb61d6fe6c9e241cb66afff98": 45, "cf_api_apikei": 28, "cf_api_bas": 28, "cf_api_password": 28, "cf_api_usernam": 28, "cfb1": 79, "cfbc": 79, "cfg": [14, 83, 84], "cfid": 34, "ch": [12, 139], "chad": 135, "chain": [42, 97, 118], "challeng": [110, 180], "chanc": 37, "chang": [7, 9, 15, 17, 20, 21, 23, 28, 29, 31, 34, 38, 40, 41, 45, 48, 55, 56, 60, 62, 67, 78, 79, 80, 81, 83, 84, 94, 96, 100, 105, 106, 107, 108, 110, 112, 113, 114, 116, 118, 119, 120, 122, 123, 127, 129, 132, 135, 139, 140, 141, 143, 144, 147, 148, 150, 155, 157, 159, 166, 167, 177, 187, 188, 190], "change_m": 166, "change_memb": [59, 126], "change_timestamp": 144, "change_workspac": [59, 126], "changed_bi": 144, "changed_by_typ": 144, "changed_to": [14, 78, 106, 109, 115, 129, 150], "changekei": 41, "changelog": 63, "changem": [87, 90, 103, 128], "changetyp": 118, "channel": [52, 89, 126, 135], "channel_nam": 131, "channelid": 131, "channelident": 131, "channelmessag": 131, "char01": 20, "char02": 20, "char03": 20, "char04": 20, "char27": 20, "charact": [9, 10, 15, 24, 41, 84, 85, 96, 105, 112, 124, 134, 135, 141, 144, 145, 146, 180, 182, 189], "characterist": [105, 110], "characteristic_tag": 105, "characteristics_count": 105, "characterset": 180, "chardet": [84, 141], "charl": 66, "charleston": 186, "charset": [12, 40, 41, 90, 110], "chat": 20, "chatid": 131, "chatter_api": 112, "chdir": 10, "che": 135, "check": [0, 3, 7, 12, 13, 14, 18, 22, 26, 29, 31, 40, 41, 42, 48, 50, 58, 64, 66, 71, 72, 79, 82, 85, 91, 94, 98, 99, 101, 102, 105, 112, 113, 115, 116, 121, 129, 134, 135, 142, 143, 150, 155, 160, 167, 180, 181, 189], "check_add_quot": 15, "checkbox": 112, "checker": [142, 186], "checkin": 0, "checkout": [48, 166], "checkurl": 94, "chengdu": 77, "chi_sim": 85, "chi_tra": 85, "chid": 34, "child": [87, 102, 117, 118, 144, 149, 154], "child_artifact_result": 108, "child_incid": 108, "childproc_cmdlin": 144, "childproc_guid": 144, "childproc_usernam": 144, "children": [34, 59, 108, 126], "chile": 135, "china": [71, 135], "chines": [85, 145], "chl": 135, "chloe": 95, "chmod": [37, 190], "chn": 135, "choic": [4, 97, 181], "chong": [142, 186], "choos": [8, 31, 37, 40, 45, 55, 87, 115, 129, 146, 155, 166, 189], "chosen": [68, 189], "christma": 135, "christohersmbp2": 134, "christoph": 83, "chrome": [47, 93, 125, 185], "chuck": 123, "chuvash": 145, "ci": [48, 131, 146, 155], "cid": [32, 34], "cidr": [128, 148, 171, 189], "cidsbrowserffonoff": 116, "cidsbrowserieonoff": 116, "cidsdefsetvers": 116, "cidsdrvmulfcod": 116, "cidsdrvonoff": 116, "cidsenginevers": 116, "cidssilentmod": 116, "cif": 42, "cifs_round_trip_tim": 42, "cin": [142, 186], "cio": 14, "cip": 90, "cipher": [42, 185], "circl": [33, 190], "circuit": [3, 4, 7, 8, 10, 13, 16, 17, 18, 20, 22, 24, 25, 26, 27, 29, 30, 31, 33, 34, 39, 41, 42, 43, 44, 45, 46, 48, 50, 54, 55, 56, 58, 65, 69, 70, 71, 72, 74, 75, 76, 77, 81, 82, 83, 84, 85, 87, 89, 90, 91, 92, 93, 95, 96, 97, 102, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 117, 119, 120, 121, 123, 125, 126, 132, 133, 134, 135, 136, 138, 140, 142, 143, 144, 145, 146, 149, 150, 152, 153, 157, 158, 160, 162, 165, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182], "circuits_": 67, "circul": 80, "circumst": 14, "cisco": [42, 103, 116, 142, 154], "cisco_1m": 71, "cisco_add_domain": 25, "cisco_asa_artifact_typ": 24, "cisco_asa_end_rang": 24, "cisco_asa_firewal": 24, "cisco_asa_firewall_network_object_group": 24, "cisco_asa_fqdn_ip_vers": 24, "cisco_asa_ipv4_netmask": 24, "cisco_asa_netmask": 24, "cisco_asa_network_object_descript": 24, "cisco_asa_network_object_dt": 24, "cisco_asa_network_object_group": 24, "cisco_asa_network_object_id": 24, "cisco_asa_network_object_kind": 24, "cisco_asa_network_object_nam": 24, "cisco_asa_network_object_valu": 24, "cisco_asa_query_d": 24, "cisco_asa_statu": 24, "cisco_cdp_vulner": 42, "cisco_delete_domain": 25, "cisco_get_domain": 25, "cisco_meraki_adapt": 17, "cisco_top1000": 71, "cisco_top20k": 71, "citi": [14, 20, 36, 49, 59, 61, 95, 112, 126, 135, 148, 185, 186], "citrix": [42, 116], "citrix_issu": 42, "city_countri": 185, "city_country_list": 185, "city_nam": [12, 14, 135], "citynam": 14, "civ": 135, "ck": [80, 101, 154], "ckent": 95, "clam": 121, "clamav": 154, "clamav_scan_stream": 27, "clarifi": 134, "clark": 95, "class": [12, 17, 20, 24, 26, 34, 45, 48, 63, 64, 69, 77, 78, 90, 102, 105, 106, 107, 108, 115, 116, 119, 123, 129, 135, 144, 150, 162, 189, 190], "class_weight": 69, "classic": [120, 123], "classif": [9, 64, 77, 79, 91, 98, 115, 131, 153, 160], "classifi": [26, 69, 71, 150, 160, 165], "classification_hit": 91, "classification_map": 135, "classificationcom": 79, "classificationreason": 79, "classificationsourc": 115, "classifiedasthreat": 36, "classless": 189, "claus": [48, 102, 112], "clean": [4, 7, 10, 23, 106, 133, 142, 143, 186], "cleaner": 189, "cleanup": 144, "clear": [73, 102], "clear_datat": 102, "clear_table_output": 105, "cli": [24, 55, 75, 131, 146, 155], "cli_password": 55, "cli_us": 55, "click": [9, 11, 15, 17, 28, 29, 31, 32, 33, 36, 37, 41, 42, 44, 48, 51, 54, 55, 60, 63, 67, 74, 94, 98, 99, 100, 101, 106, 112, 114, 116, 119, 120, 122, 125, 127, 130, 131, 135, 139, 140, 141, 143, 146, 148, 155, 159, 160, 166, 170, 178, 182, 184, 189, 190], "clickabl": 189, "clicks_block": 98, "clie": 73, "client": [9, 11, 15, 18, 20, 23, 28, 31, 32, 41, 42, 45, 51, 52, 60, 65, 67, 75, 76, 77, 78, 79, 81, 87, 89, 94, 99, 100, 103, 105, 107, 114, 115, 116, 122, 127, 130, 135, 139, 141, 146, 148, 150, 157, 159, 166, 170, 180, 190], "client1": 75, "client64": 180, "client_auth_cert": [45, 116, 135, 166], "client_auth_kei": [45, 116, 135, 166], "client_auth_pem": 166, "client_certif": [77, 79], "client_credenti": 110, "client_hostnam": 55, "client_id": [18, 23, 41, 65, 77, 78, 79, 87, 146, 150, 155, 190], "client_incid": 36, "client_ip": 55, "client_port": 42, "client_secret": [18, 41, 78, 87, 146, 150, 155], "client_task": 73, "clientauth": [87, 142], "clientdeleteprohibit": [142, 186], "clientdescript": 53, "clientid": 53, "clientlocal": 20, "clientnam": 53, "clienttransferprohibit": [142, 186], "clientupdateprohibit": [142, 186], "clientvers": 53, "clipboard": 190, "clkvz": 110, "clone": [96, 118, 175], "clone_url": 45, "close": [9, 11, 14, 22, 28, 34, 42, 44, 48, 51, 54, 63, 74, 77, 78, 79, 84, 89, 94, 97, 99, 100, 103, 105, 106, 110, 112, 113, 115, 117, 119, 120, 122, 127, 128, 130, 139, 141, 143, 144, 150, 159, 181, 190], "close_a_remedy_incident_from_task": 109, "close_alert_result": 144, "close_cas": [34, 48, 63, 89, 106, 112, 115, 123, 144], "close_case_templ": [34, 48, 63, 106, 112, 129, 144, 150], "close_cod": [114, 118], "close_field": 59, "close_incident_templ": [77, 79], "close_messag": 150, "close_not": 119, "close_record": 118, "close_sentinel_incident_templ": 79, "close_soar_cas": 79, "close_tim": 103, "closed_d": [59, 126], "closed_incid": 20, "closedat": 107, "closedcom": 123, "closedd": 112, "closeddatetim": 78, "closedrootcaus": 123, "closedsourc": 36, "closest": 84, "closing_reason": 103, "closing_reason_id": 103, "closing_reason_lookup": 103, "closing_us": 103, "closur": [20, 42, 108, 144], "closure_reason": 144, "closure_reason_map": 144, "cloud": [117, 119, 120, 133, 143, 154, 155, 181, 183, 185, 186, 188], "cloud_account": 42, "cloud_instance_id": 42, "cloud_instance_nam": 42, "cloud_instance_typ": 42, "cloud_provider_account_id": 144, "cloud_provider_resource_id": 144, "cloud_provider_tag": 144, "cloudabilityrol": 14, "cloudappst": 78, "cloudfileshashverdict": 115, "cloudflar": 165, "cloudflarenet": 165, "cloudflaressl": 90, "cloudpaksecur": 107, "cloudplatform": 150, "cloudprovid": [77, 115], "cloudproviderurl": 150, "cloudresourcemanag": 48, "cloudstoragecollabor": 129, "cloudstoragerol": 129, "cloudwatch": 89, "cluster": [48, 71, 115], "cluster25": [142, 186], "cluster_nam": 144, "cm": [59, 126, 181], "cmc": [142, 186], "cmd": [10, 37, 83, 84, 144], "cmd_oper": 37, "cmdlet": 18, "cmfuzg9t": 47, "cmr": 135, "cn": [41, 66, 142, 158, 186, 190], "cname": 82, "cnc": 99, "cnifyxxos7x0oyrxzbzoi1mrzhexfuohvrcciqany5izacrbsrno4zxtgot4bw9dcmcrxtwbhhxucshvl205gevndxibm9qkobhuaokkz2zlgd9wucwwglidhdzs0mqmtdtwj": 97, "co": [26, 38, 42, 77, 79], "co3": [9, 11, 15, 28, 51, 60, 67, 94, 99, 100, 114, 122, 127, 130, 139, 141, 148, 159], "co3si": [66, 189], "coalesc": 113, "coalit": 71, "cobalt": 42, "cobalt_strike_c2_dn": 42, "cobalt_strike_c2_http": 42, "cobalt_strike_c2_tl": 42, "coco": 135, "cod": 135, "code": [4, 12, 17, 19, 20, 24, 27, 29, 37, 41, 42, 45, 58, 77, 78, 80, 81, 84, 85, 87, 88, 90, 92, 99, 101, 103, 105, 106, 107, 109, 112, 114, 115, 118, 119, 123, 129, 138, 142, 143, 144, 149, 151, 153, 155, 161, 166, 177, 180, 186, 189], "codecommit": 15, "codegen": [25, 29, 81, 109, 140, 153, 160, 190], "codepag": 66, "cog": 135, "cog_cognsuppgrpcomp": 20, "cog_cognsuppgrpid": 20, "cog_cognsuppgrpnam": 20, "cog_cognsuppgrporg": 20, "cognit": 101, "cogno": 177, "cok": 135, "col": 135, "coldfus": 42, "collabor": [42, 45, 106, 108, 131, 146], "collaborators_url": 45, "collaps": 57, "collat": 180, "colleagu": 95, "collect": [4, 10, 12, 17, 24, 37, 45, 67, 73, 78, 81, 90, 96, 97, 103, 106, 113, 115, 128, 129, 144, 154, 179, 183, 184, 188, 189], "collectforens": 77, "collectinvestigationpackag": 77, "collection_id": 103, "collection_result": 151, "collectionid": 115, "collector": [106, 182], "colombia": 135, "colon": [24, 45], "color": [24, 27, 34, 40, 42, 53, 66, 87, 90, 101, 115, 119, 142, 143], "colornam": 63, "colspan": 87, "column": [46, 55, 119, 120, 161, 164, 177, 178, 180, 184, 190], "columnnumb": 185, "com": [0, 1, 3, 7, 8, 9, 10, 11, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 25, 26, 28, 29, 30, 32, 34, 35, 36, 37, 40, 41, 42, 43, 44, 45, 47, 48, 49, 50, 54, 55, 56, 57, 58, 59, 61, 62, 63, 64, 66, 67, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 87, 88, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 118, 120, 123, 124, 125, 126, 129, 131, 134, 135, 137, 140, 142, 143, 144, 145, 146, 147, 148, 150, 151, 153, 155, 157, 158, 159, 160, 165, 166, 167, 175, 178, 179, 180, 181, 182, 183, 184, 185, 186, 188, 189, 190], "combin": [33, 42, 79, 90, 102, 106, 111, 114, 126, 129, 135, 141, 144, 153, 176, 178, 179, 180, 181, 182], "comcast": 95, "come": [76, 81, 84, 85, 119, 125, 146], "comma": [15, 17, 21, 34, 35, 40, 41, 42, 43, 48, 54, 58, 65, 66, 68, 73, 77, 79, 81, 83, 84, 86, 87, 96, 97, 98, 99, 101, 102, 104, 105, 106, 107, 108, 110, 112, 114, 115, 123, 124, 129, 131, 135, 136, 144, 146, 166, 178, 179, 181, 182, 184], "command": [1, 4, 10, 12, 17, 18, 24, 29, 37, 41, 42, 45, 46, 55, 69, 70, 72, 75, 77, 78, 82, 83, 87, 88, 90, 101, 102, 107, 110, 111, 115, 118, 119, 120, 129, 131, 141, 144, 146, 150, 154, 155, 156, 160, 163, 169, 170, 172, 173, 174, 176, 178, 179, 180, 182, 184, 187, 189], "command_st": 116, "command_status_id": 116, "commandid": 116, "commandid_comput": 116, "commandid_group": 116, "commandlin": [43, 84, 102, 190], "comment": [7, 9, 11, 14, 15, 23, 28, 34, 42, 44, 45, 48, 51, 56, 59, 60, 64, 65, 74, 77, 78, 80, 87, 94, 96, 99, 100, 108, 114, 118, 119, 122, 126, 127, 128, 129, 130, 139, 141, 143, 144, 147, 148, 150, 159, 160, 165, 181, 188, 189, 190], "comment_count": 45, "comment_perm": [59, 126], "comment_result": 79, "commentcount": 34, "comments_url": 45, "commentscount": 79, "commit": [3, 83, 86, 107, 111], "commits_url": 45, "committ": 45, "common": [16, 18, 20, 29, 32, 33, 37, 71, 77, 79, 81, 84, 90, 102, 109, 110, 126, 141, 180, 189], "commonli": [14, 20, 110], "commun": [3, 4, 7, 14, 16, 19, 21, 24, 27, 30, 31, 35, 38, 42, 45, 46, 50, 52, 54, 57, 59, 62, 64, 65, 66, 71, 73, 77, 78, 80, 83, 84, 85, 86, 87, 88, 89, 91, 92, 93, 95, 96, 97, 103, 108, 112, 114, 115, 117, 120, 121, 123, 125, 126, 128, 131, 134, 138, 139, 142, 145, 146, 148, 149, 152, 153, 155, 159, 165, 166, 170, 177, 180, 185, 188], "communication_typ": 52, "communitykei": 84, "communitynicknam": 112, "comoro": 135, "comp_field": 23, "compani": [4, 7, 20, 108, 112, 116], "company_black_list": 144, "company_logo": 4, "companynam": [112, 116], "compar": [17, 34, 45, 67, 73, 105, 107, 112, 144, 189], "comparatortyp": 34, "compare_url": 45, "comparison": [97, 123, 181], "compat": [12, 17, 24, 29, 45, 73, 78, 79, 80, 84, 86, 87, 90, 98, 101, 109, 110, 115, 129, 140, 142, 144, 156, 171, 187], "compatibilti": 178, "compatibleversionadditionalproperti": 18, "compil": [12, 15, 17, 24, 45, 71, 78, 85, 90, 108, 115, 129, 135, 144, 153, 165, 180], "compile_hits_sect": 71, "compile_section_by_dtyp": [71, 165], "compiled_sect": 71, "complaint": 186, "complet": [4, 9, 10, 11, 15, 16, 18, 20, 23, 27, 28, 37, 39, 41, 42, 48, 49, 51, 54, 55, 59, 60, 63, 64, 66, 67, 68, 73, 79, 80, 84, 93, 94, 96, 97, 99, 100, 102, 103, 104, 106, 109, 110, 114, 116, 117, 118, 119, 122, 123, 126, 127, 130, 131, 133, 139, 140, 141, 142, 143, 144, 146, 148, 153, 155, 159, 166, 176, 177, 178, 179, 180, 181, 182, 183, 184, 188, 190], "completioncom": 123, "completiondatetimeunixtimeinm": 123, "completor": 123, "complex": [40, 110, 112, 180, 189], "compli": [15, 71, 110, 165, 186], "complianc": [34, 68], "compliance_standard": 48, "compliance_statu": 144, "compliant": [18, 68, 97], "complic": [40, 177], "compon": [4, 9, 10, 11, 15, 16, 19, 23, 27, 28, 30, 34, 39, 41, 46, 51, 54, 58, 60, 63, 65, 66, 67, 72, 74, 75, 76, 77, 78, 81, 83, 86, 88, 89, 93, 97, 100, 103, 105, 106, 111, 112, 113, 114, 122, 127, 129, 130, 133, 138, 139, 140, 141, 143, 144, 145, 148, 150, 151, 154, 181, 188, 190], "component_id": 20, "component_load": 29, "componentsdir": [29, 190], "componentsvers": 107, "compos": [40, 188], "comprehens": [54, 87, 106], "compress": [126, 185], "compress_s": 126, "compress_typ": 126, "compris": 189, "compromis": [34, 60, 79, 91, 98, 101, 103, 116, 135, 151, 177, 180, 184], "compromisedent": 79, "comput": [15, 19, 37, 42, 48, 73, 77, 78, 79, 84, 115, 160], "computer_domain_nam": 116, "computer_id": [19, 116], "computer_nam": [19, 77, 116], "computerdescript": [73, 116], "computerdistinguishednam": 115, "computerdnsnam": 77, "computerid": 116, "computerip": 116, "computermemberof": 115, "computernam": [73, 115, 116], "computersandsoftwar": 142, "computertimestamp": 116, "computerusn": 116, "concaten": [99, 118, 134, 141], "concept": [52, 105, 131], "concern": 177, "concern_scor": [101, 184], "concurr": 134, "condens": [71, 165], "condit": [10, 12, 14, 15, 17, 18, 22, 23, 24, 32, 37, 53, 55, 56, 58, 59, 64, 65, 66, 71, 73, 78, 79, 80, 81, 86, 88, 90, 96, 97, 101, 102, 106, 107, 109, 110, 112, 113, 115, 118, 123, 126, 129, 144, 150, 153, 164, 165, 166, 177, 188, 189], "condition": 38, "conduct": 40, "conf": [1, 40, 131, 157], "confer": 144, "confid": [7, 9, 46, 71, 78, 79, 81, 85, 95, 101, 102, 105, 115, 145, 184], "confidence_count": 71, "confidence_level": 9, "confidence_scor": [7, 55], "confidencelevel": [79, 115], "confidencescor": 71, "confidenti": 110, "config": [0, 1, 3, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 38, 40, 41, 42, 43, 44, 45, 46, 48, 50, 51, 52, 54, 55, 58, 59, 60, 62, 64, 65, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 78, 79, 80, 81, 82, 83, 87, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 100, 101, 104, 105, 106, 107, 109, 110, 111, 112, 113, 114, 115, 116, 117, 120, 121, 122, 123, 124, 127, 129, 130, 131, 132, 134, 135, 138, 139, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 157, 158, 159, 160, 164, 167, 170, 171, 172, 173, 174, 176, 178, 179, 180, 181], "config_command": 83, "config_data": 190, "config_fil": 155, "config_id": 54, "config_id_bas": 32, "config_id_build": 32, "config_id_platform": 32, "config_result": 83, "config_section_data": 190, "configr": [42, 115, 153], "configur": [4, 8, 9, 25, 26, 28, 33, 37, 43, 44, 47, 51, 60, 67, 69, 70, 85, 94, 99, 100, 110, 111, 114, 117, 118, 122, 126, 127, 130, 132, 136, 139, 140, 141, 143, 154, 157, 159, 161, 163, 165, 166, 170, 171, 172, 173, 174, 176, 177, 178, 179, 180], "configurationdownloadmanag": 18, "configurationmod": 18, "configurationmodefrequencymin": 18, "configurationrepositoryweb": 18, "configurationvers": 18, "configure_connect": 180, "configured_nam": 153, "configurednam": 153, "confirm": [9, 15, 18, 42, 59, 69, 87, 98, 114, 126, 131, 135, 181], "confirmed_fraud": 135, "confirmed_legitim": 135, "conflict": [42, 71, 117, 180], "confluenc": 42, "confluent": 179, "confluentinc": 65, "confluentkafka": 179, "conform": [20, 109], "confus": [40, 84, 96, 177], "congo": 135, "conjunct": [78, 116, 124], "conn_guid": 23, "connect": [9, 14, 23, 31, 38, 41, 42, 48, 52, 55, 63, 64, 65, 66, 69, 70, 71, 75, 78, 80, 82, 84, 86, 88, 97, 102, 105, 107, 110, 116, 120, 128, 129, 131, 132, 142, 146, 155, 167, 171, 173, 175, 176, 178, 179, 181, 182, 188, 190], "connect_data": 180, "connect_result": 115, "connect_timeout": 158, "connectend": 185, "connection_direct": 14, "connector": [23, 42, 180, 181, 190], "connector_guid": 23, "connector_id": 144, "connector_vers": 23, "connectstart": 185, "connecttimeout": [180, 181], "consecut": 181, "consent": [41, 131], "consequ": [71, 165, 183], "consid": [10, 29, 42, 77, 79, 85, 89, 101, 105, 106, 108, 112, 118, 144, 150, 178, 181], "consider": [129, 189], "consist": [5, 18, 35, 42, 55, 102, 108, 158, 166, 177, 183, 187, 188, 189], "consol": [4, 14, 15, 17, 26, 32, 42, 48, 102, 129, 136, 150, 158, 160, 185], "console_url": 42, "consolemigrationstatu": 115, "constant": [17, 89, 180], "constraint": [110, 125, 180], "construct": [87, 106, 110, 144, 150, 162], "constructor": [135, 190], "consult": [20, 87, 110, 116, 178], "consum": [47, 63, 65, 112, 182], "consumer_kei": 112, "consumer_key_nam": 63, "consumer_secret": 112, "contact": [20, 32, 71, 76, 84, 95, 106, 116, 137, 140, 141, 144, 148, 155, 184, 186, 189], "contact_countri": 101, "contact_email": 101, "contact_nam": 101, "contact_org": 101, "contact_result": 112, "contact_typ": 101, "contactemail": 112, "contactfax": 112, "contactid": 112, "contactinfo": 116, "contactmobil": 112, "contactphon": 112, "contain": [1, 2, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 32, 33, 34, 35, 36, 38, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 135, 137, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 155, 159, 165, 166, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "contained_bi": 105, "container_exit_statu": 37, "container_id": 37, "container_imag": 150, "container_nam": 1, "container_scann": 48, "container_stat": 37, "containerd": 150, "containerinfo": 115, "content": [4, 56, 118, 133, 140, 148, 154, 157, 165, 166, 171, 176, 177, 178, 179, 180, 181, 182, 187, 189, 190], "content_as_str": [14, 116], "content_document_link": 112, "content_typ": [59, 107, 126], "content_vers": 97, "contentremov": 36, "contents_url": 45, "contenttyp": [41, 131], "contentupd": 116, "context": [38, 41, 45, 77, 78, 97, 116, 131, 144, 152, 154, 176, 184, 185], "contextu": 87, "contin": 186, "continent_cod": 12, "continent_nam": 12, "continu": [10, 14, 20, 23, 24, 29, 35, 41, 42, 63, 65, 66, 73, 77, 80, 86, 87, 88, 89, 90, 97, 98, 102, 103, 113, 116, 117, 124, 128, 131, 142, 150, 151, 155, 180, 181, 188, 189], "continueconfigur": 18, "contributor": 45, "contributors_url": 45, "control": [1, 9, 11, 12, 15, 23, 28, 42, 48, 51, 60, 67, 77, 94, 95, 100, 101, 107, 110, 114, 116, 122, 127, 130, 131, 139, 141, 148, 150, 155, 159, 178, 182, 184, 185], "controldescript": 150, "controllerkind": 115, "controllerlabel": 115, "controllernam": 115, "controltow": 14, "conveni": [20, 29, 84, 154, 182, 184], "convent": [10, 65, 119], "convers": [12, 17, 24, 45, 78, 90, 97, 103, 105, 108, 115, 129, 131, 134, 135, 144, 166, 180, 187, 188, 189], "conversationid": 41, "conversationindex": 41, "convert": [10, 15, 19, 23, 27, 29, 35, 41, 42, 46, 52, 57, 58, 59, 63, 65, 66, 68, 71, 73, 77, 84, 88, 95, 97, 98, 101, 102, 105, 107, 109, 110, 111, 112, 113, 116, 123, 126, 128, 134, 135, 149, 153, 180, 182], "convert_json_to_rich_text": [12, 17, 24, 45, 78, 90, 106, 115, 129, 140, 144, 187], "convert_result": [12, 17, 24, 45, 78, 90, 115, 129, 144], "convert_to_nw_tim": 111, "converted_json": [12, 17, 24, 45, 78, 90, 115, 129, 144], "convertjson": [12, 17, 24, 45, 78, 90, 115, 129, 144], "cook": [17, 135], "cooki": [110, 140, 185], "cool": 89, "coordin": [41, 44], "coorel": [34, 105], "coorespond": [77, 188], "coowner": 151, "copi": [1, 4, 8, 9, 11, 15, 17, 24, 27, 28, 29, 33, 34, 37, 42, 44, 48, 51, 54, 55, 60, 63, 67, 75, 77, 87, 89, 94, 96, 99, 100, 102, 105, 106, 107, 110, 112, 114, 120, 122, 127, 130, 138, 139, 141, 143, 144, 148, 149, 150, 155, 159, 160, 164, 181, 182, 188, 189, 190], "copyright": [12, 17, 21, 24, 45, 55, 78, 90, 115, 129, 135, 144, 148], "core": [18, 42, 115, 155], "corecount": 115, "corel": 107, "corner": [17, 112, 119, 131], "cornwal": 148, "corp": [12, 17, 24, 45, 55, 78, 90, 115, 129, 135, 144], "corpor": [14, 20, 68, 98, 144, 147], "correct": [10, 29, 35, 41, 52, 63, 65, 66, 79, 87, 102, 103, 112, 116, 129, 135, 155, 166, 181, 182, 189, 190], "correctli": [1, 4, 9, 15, 45, 48, 63, 66, 76, 86, 88, 102, 103, 128, 129, 153, 181], "correl": [90, 98, 106, 107, 112, 144], "correspond": [10, 14, 15, 23, 24, 35, 41, 42, 58, 63, 65, 66, 71, 73, 74, 77, 78, 80, 85, 87, 88, 89, 90, 96, 98, 99, 101, 102, 103, 105, 106, 107, 110, 112, 113, 114, 115, 116, 117, 118, 124, 128, 129, 131, 142, 144, 150, 151, 159, 161, 164, 188], "corrupt": 182, "costa": 135, "couchdb": 42, "could": [20, 40, 42, 48, 55, 69, 71, 77, 80, 86, 98, 101, 105, 116, 131, 150, 177, 181, 189, 190], "count": [14, 34, 36, 59, 68, 69, 76, 88, 90, 97, 102, 105, 106, 107, 110, 112, 115, 116, 126, 144, 153, 165, 177, 185], "count_items_in_tuple_list": 97, "count_unique_devic": 144, "counted_object": 97, "counted_wf": 97, "counter": [18, 33, 95, 102, 114], "counter_act_adapt": 17, "counterproperti": 18, "countervalu": 18, "countri": [7, 12, 14, 17, 20, 36, 49, 59, 61, 95, 102, 103, 112, 126, 129, 135, 148, 184, 185, 186], "country_cod": [12, 95], "country_nam": [7, 12, 14, 61, 135, 185], "country_pref": 17, "countrycod": [7, 66], "countrynam": [7, 14], "cours": 151, "cousin": 95, "cover": [20, 34, 77], "covid": 71, "cp": 65, "cp4": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165, 166, 177, 178, 181, 182, 183, 185, 186, 188], "cp4s_cases_prefix": 118, "cp4s_host_url": 120, "cpan": 90, "cpe": 105, "cpe_vers": 105, "cpreus": 180, "cptimeout": 180, "cpu": 107, "cpu_stat": 37, "cpu_usag": 37, "cpucount": 115, "cpudescr": 107, "cpuid": 115, "cpuserialnumb": 73, "cpuspe": 73, "cputyp": 73, "cpuvendor": 107, "cpv": 135, "cpython": 14, "cq": 121, "cqaaabyaaadi5xky9khuq48uewaxv": 41, "craft": [77, 118], "crawl": 37, "crc": 126, "crdf": [12, 142, 186], "cre_rul": 103, "creat": [2, 3, 4, 7, 9, 10, 11, 12, 14, 15, 16, 17, 19, 21, 22, 23, 27, 28, 29, 32, 34, 36, 37, 38, 39, 43, 46, 48, 50, 51, 52, 54, 55, 58, 60, 62, 65, 67, 69, 70, 71, 72, 74, 75, 76, 78, 79, 81, 84, 87, 90, 91, 94, 96, 97, 99, 100, 105, 106, 108, 110, 114, 115, 116, 117, 121, 122, 123, 124, 127, 129, 130, 132, 133, 134, 136, 138, 139, 140, 141, 142, 144, 148, 150, 151, 152, 153, 159, 161, 162, 164, 165, 166, 176, 178, 179, 180, 181, 182, 184, 186, 187, 188, 189], "create_a_remedy_incident_from_task": [97, 109], "create_a_scheduled_rul": 113, "create_address_result": 88, "create_alerts_and_incid": 89, "create_artifact": [59, 126], "create_artifact_result": 107, "create_attach_result": 107, "create_cas": [34, 48, 63, 106, 112, 115, 144], "create_case_templ": 129, "create_channel_result": 131, "create_d": [59, 63, 65, 87, 97, 102, 126, 128, 131], "create_extra_artifact": 102, "create_field": 59, "create_group_result": 131, "create_hit": 165, "create_incid": [89, 160], "create_incident_templ": [77, 79], "create_incidents_action_plan": 160, "create_incidents_risk_model": 160, "create_issu": 73, "create_mileston": [59, 126], "create_note_from_data_t": 29, "create_note_result": 103, "create_record": 118, "create_result": [18, 63], "create_salesforce_case_result": 112, "create_servic": 89, "create_system": 126, "create_tag_result": 42, "create_task_result": 112, "create_team": 131, "create_tim": [48, 102, 103, 144], "create_timestamp": 144, "create_tmp_fil": 111, "create_vers": 126, "createassociatedincid": 135, "createbucket": 14, "created": [15, 76], "created_at": [14, 45, 89, 105, 106], "created_bi": [20, 144], "created_d": 101, "created_incid": 20, "created_tim": 106, "createdat": [14, 18, 34, 115, 150], "createdbi": [77, 116], "createdbydisplaynam": 77, "createdbyid": 112, "createdbysourc": 77, "createdd": [73, 112, 115], "createddatetim": [41, 78, 131], "createdtim": [77, 116, 131], "createdtimeutc": [65, 79], "createimag": 14, "createorg": 190, "createplaintext": [10, 16, 24, 53, 62, 77, 79, 83, 84, 90, 97, 107, 123, 190], "createrichtext": [8, 12, 14, 15, 17, 19, 20, 21, 23, 24, 27, 30, 31, 32, 33, 35, 37, 38, 40, 42, 45, 46, 49, 52, 53, 58, 59, 61, 66, 71, 75, 77, 78, 79, 81, 84, 87, 90, 92, 93, 96, 97, 98, 101, 105, 107, 109, 112, 113, 115, 116, 118, 123, 124, 126, 128, 129, 131, 135, 136, 137, 142, 143, 144, 146, 147, 148, 151, 153, 184, 190], "createsnapshot": 14, "createtag": 14, "createtim": [48, 77], "createwindowfromurl": 116, "creation": [19, 34, 37, 42, 48, 54, 59, 63, 71, 73, 80, 89, 96, 102, 103, 105, 106, 109, 110, 112, 113, 118, 123, 126, 129, 131, 142, 144, 153, 165, 181, 189], "creation_d": [142, 147], "creation_tim": 103, "creationd": [102, 129], "creationdatetimeutc": 77, "creationopt": 131, "creationtim": [18, 34, 77, 116, 123], "creationtimedatetimeutc": 77, "creationtimedatetimeutc_t": 77, "creationtimestamp": 48, "creationtimeunixtimeinm": 123, "creator": [59, 63, 106, 124, 126, 154], "creator_id": [59, 107, 126], "creator_princip": [59, 97, 107, 108, 126], "creatorid": 146, "creatornam": 73, "creatoruserid": 123, "cred": 18, "credenti": [11, 24, 32, 34, 42, 48, 54, 79, 98, 102, 103, 110, 113, 120, 153, 184], "credential_delet": 18, "credential_descript": 18, "credential_nam": 18, "credential_query_d": 18, "credential_upd": 18, "credential_usernam": 18, "credibl": [102, 103], "credit_card_field_pres": 12, "credits_remain": 12, "creeventlist": 103, "cri": [135, 150], "crimestatus_id": [59, 126], "crimin": [135, 142, 166, 186], "criminal_ip_ip_threat_servic": 166, "criminal_ip_url_threat_servic": 166, "criminalio": 166, "criminalip_api_kei": 166, "criminalip_ip_address": 166, "criminalip_playbook": 166, "crit_server_suspicious_download": 42, "criteria": [33, 35, 41, 42, 59, 77, 79, 97, 105, 107, 112, 113, 126, 181, 189], "criterion": 14, "critic": [34, 42, 48, 58, 65, 81, 89, 101, 105, 106, 117, 123, 150, 177, 181], "criticaleventsinfolist": 116, "criticalexpirationtim": 123, "crl": [142, 186], "crl3": 142, "crl4": 142, "crl_distribution_point": [142, 186], "croatia": 135, "croatian": 145, "cron": 113, "cross": [42, 185], "crosspremisesheadersfilt": 90, "crosspremisesheaderspromot": 90, "crossten": 90, "crosstenantheadersstamp": 90, "crowd": 42, "crowd_strike_adapt": 17, "crowdsec": [142, 186], "crowdsourc": 71, "crowdstrik": 115, "crr": 186, "crt": [76, 87, 107, 142], "crucial": [110, 131], "cryptoapi": 42, "cryptocurr": 42, "cryptocurrency_min": 42, "cryptograph": 110, "cryptographi": [63, 84, 87, 90, 141, 155], "cryptographickei": 80, "cryptographydeprecationwarn": 155, "cryptolaemu": 71, "cryptomin": 42, "cryptomining_pool_dns_request": 42, "cryptomining_pool_ssl_connect": 42, "cs_action": 32, "cs_action_nam": 32, "cs_device_id": 32, "cs_falcon_bauth_api_kei": 32, "cs_falcon_bauth_api_uuid": 32, "cs_falcon_bauth_base_url": 32, "cs_falcon_devices_dt": 32, "cs_falcon_devices_ioc_ran_on_results_dt": 32, "cs_falcon_oauth2_base_url": 32, "cs_falcon_oauth2_cid": 32, "cs_falcon_oauth2_kei": 32, "cs_falcon_ping_delai": 32, "cs_falcon_ping_timeout": 32, "cs_filter_str": 32, "cs_ioc_typ": 32, "cs_ioc_valu": 32, "cs_queri": 32, "cs_return_limit": 32, "csc": 147, "csc_id": 23, "csr": [87, 110], "csrss": 107, "css": [40, 57, 140], "csv": [46, 58, 69, 120, 136, 141, 180], "csv_data": 35, "csv_hdr1": 35, "csv_header": 35, "ct": [167, 168, 169, 170, 171, 172, 173, 174, 175], "cti": 101, "ctive": 65, "ctp": 154, "ctrl": 190, "ctry": 90, "cub": 135, "cuba": 135, "cubi4pm6d": 84, "cunha": 135, "cura\u00e7ao": 135, "curl": 88, "curli": 110, "current": [1, 4, 14, 23, 24, 32, 35, 37, 38, 40, 41, 42, 52, 68, 71, 77, 78, 79, 102, 105, 107, 108, 110, 113, 115, 116, 118, 119, 126, 129, 131, 134, 135, 143, 144, 146, 160, 177], "current_d": 180, "current_dt": [79, 97, 123], "current_item_count": 23, "current_rol": 180, "current_sensor_policy_nam": 144, "current_tim": [102, 103, 134, 180], "current_timestamp": 180, "current_us": 180, "currentclientid": 116, "currentgroup": 34, "currentloginusernam": 116, "currentlyclassifiedasthreat": 36, "curtrackingid": 157, "custom": [1, 3, 4, 8, 9, 10, 12, 13, 22, 25, 28, 32, 33, 36, 37, 38, 39, 44, 45, 51, 56, 59, 60, 67, 71, 75, 82, 85, 88, 89, 90, 94, 96, 100, 104, 110, 111, 122, 124, 126, 127, 130, 132, 133, 134, 136, 139, 140, 141, 142, 143, 145, 146, 148, 157, 159, 160, 161, 163, 164, 166, 167, 168, 169, 170, 171, 172, 173, 174, 176, 177, 178, 179, 180, 181, 183, 184, 185, 187, 188], "custom_": 119, "custom_attribute_group": 129, "custom_bool": 181, "custom_crit": 42, "custom_data": 106, "custom_field": [59, 126, 181], "custom_field_int": 182, "custom_int": 65, "custom_mak": 42, "custom_model": 42, "custom_nam": 42, "custom_res_wf_addcom": 119, "custom_sever": 159, "custom_template_dir": 75, "custom_typ": 42, "customact": 102, "customassetnumb": 68, "customattribut": 129, "customattributegroup": 129, "customcategori": 153, "customer_detection_templ": 42, "customer_nam": 135, "customerpriority__c": 112, "customfield_10001": 63, "customfield_10002": 63, "customfield_10003": 63, "customfield_10004": 63, "customfield_10005": 63, "customfield_10006": 63, "customfield_10007": 63, "customfield_10008": 63, "customfield_10009": 63, "customfield_10010": 63, "customfield_10014": 63, "customfield_10015": 63, "customfield_10016": 63, "customfield_10017": 63, "customfield_10018": 63, "customfield_10019": 63, "customfield_10020": 63, "customfield_10021": 63, "customfield_10022": 63, "customfield_10023": 63, "customfield_10024": 63, "customfield_10025": 63, "customfield_10026": 63, "customfield_10027": 63, "customfield_10028": 63, "customfield_10029": 63, "customfield_10030": 63, "customfield_10031": 63, "customfield_10035": 63, "customfield_10041": 63, "customipsnumb": 116, "customis": 136, "customiz": [20, 110, 112], "customlist": 153, "customlist_url": 153, "customproperti": 78, "customurlscount": 153, "cuw": 135, "cv": [35, 145], "cve": [8, 36, 42, 48, 77, 80, 105, 150, 151, 154, 171], "cve_2017_12635": 42, "cve_2018_1111": 42, "cve_2018_13379": 42, "cve_2018_15961": 42, "cve_2018_7600": 42, "cve_2019_0193": 42, "cve_2019_0604": 42, "cve_2019_0708": 42, "cve_2019_10149": 42, "cve_2019_11510": 42, "cve_2019_11580": 42, "cve_2019_15846": 42, "cve_2019_17558": 42, "cve_2019_19781_exploit": 42, "cve_2019_19781_scan": 42, "cve_2019_2725": 42, "cve_2019_8394": 42, "cve_2019_9670": 42, "cve_2020_0601": 42, "cve_2020_0796": 42, "cve_2020_10189": 42, "cve_2020_11651": 42, "cve_2020_12695": 42, "cve_2020_1301": 42, "cve_2020_1350": 42, "cve_2020_1472": 42, "cve_2020_1472_exploit": 42, "cve_2020_15505": 42, "cve_2020_16898": 42, "cve_2020_16899": 42, "cve_2020_17051": 42, "cve_2020_1938": 42, "cve_2020_25577": 42, "cve_2020_25583": 42, "cve_2020_3952": 42, "cve_2020_5902": 42, "cve_2020_6207": 42, "cve_2020_6287": 42, "cve_2020_7247": 42, "cve_2021_1497": 42, "cve_2021_1498": 42, "cve_2021_21972_exploit": 42, "cve_2021_21972_scan": 42, "cve_2021_21974": 42, "cve_2021_21985": 42, "cve_2021_22005": 42, "cve_2021_22006": 42, "cve_2021_22205": 42, "cve_2021_22893": 42, "cve_2021_22986": 42, "cve_2021_22991": 42, "cve_2021_26084": 42, "cve_2021_26432": 42, "cve_2021_26877": 42, "cve_2021_26897": 42, "cve_2021_28324": 42, "cve_2021_31166": 42, "cve_2021_31181": 42, "cve_2021_34467": 42, "cve_2021_34473": 42, "cve_2021_34527": 42, "cve_2021_35394": 42, "cve_2021_35395": 42, "cve_2021_38647": 42, "cve_2021_42321": 42, "cve_2021_43798": 42, "cve_2021_44228_jndi_injection_attempt": 42, "cve_2021_44228_outbound_act": 42, "cve_2022_0543": 42, "cve_2022_1388": 42, "cve_2022_21907": 42, "cve_2022_22947": 42, "cve_2022_22963": 42, "cve_base_url": 33, "cve_browse_criteria": 33, "cve_data": 33, "cve_id": 33, "cve_product": 33, "cve_published_date_from": 33, "cve_published_date_to": 33, "cve_vendor": 33, "cvedescript": 150, "cvesearch": 8, "cvss": 102, "cvsssever": 150, "cvssv3": 77, "cwe": 150, "cxc9c21vzm9i5fmhse01": 34, "cxgrz1lhmckuhjt1bwtnlqlptloqw23vpmbfoiyx5vd0krolxavm9svt0hqskjrm": 97, "cxr": 135, "cy": 145, "cyan": [142, 186], "cyber": [58, 71, 81, 101, 118], "cyber_threat": 36, "cybercrimetrack": 71, "cybersecur": [17, 42, 114], "cybersecuritynord": 125, "cybl": [142, 186], "cycl": [101, 150], "cym": 135, "cymru": 148, "cyp": 135, "cypru": 135, "cyradar": [142, 186], "cze": 135, "czech": [135, 145], "c\u00f4te": 135, "d": [4, 23, 34, 35, 36, 38, 40, 42, 45, 46, 52, 58, 63, 83, 90, 95, 97, 103, 108, 112, 113, 116, 118, 134, 135, 141, 142, 150, 166, 177, 181, 190], "d0778d158e1c": 102, "d07bd1d1c542": 77, "d0fae7aa5267": 23, "d1": [34, 116], "d10a": 116, "d132f4ba85d64e9f941906c2ecbf3f5f": 116, "d1419415": 97, "d15766ead5d8ffe68fd96d4bda75c07378fc74f76e251ae6631f4ec8226d2bcb": 23, "d1ce3546": 77, "d2": 116, "d246430aba02": 23, "d24c": 105, "d290d93c7e38": 77, "d2b788a6": 185, "d2f71e8c": 84, "d3": 115, "d31aa16e0946c25d40c83823c500518b": 116, "d34bae779faf": 18, "d373": 97, "d3e01d28a716": 144, "d3e927678ab6e0f6f00eba36f137565ba945d311f694a40fd8d1998296d41391e7ff9b07269499346ad65bc8f9f27d79b46680b1dc5656ad9e213491c2e1523a": 126, "d42a": 97, "d4cbb29": 32, "d5": 23, "d5dd920be5bcfeb904e95da4b6d0ccca0727d692": 76, "d5e6b5c5eb01": 23, "d67dc4211cb83f014c33af976208cc601e35abf251e405e8841e1cb449a48b0": 107, "d6815ac62179797d87d21b942ed7c96f": 126, "d6ac50bb": 150, "d7": 107, "d716bb4b": 9, "d717": 97, "d7631510d34e": 23, "d770feb6": 73, "d859465ac0ccfadba558b6a4856f9517f3ab15ac3b338a96a815af7": 126, "d8d395f8744335fba53b0a4308e7b380a0aca86bfc8939ded9f4c8c5cb1e838a": 121, "d900b5f0": 58, "d9b13f24303c": 131, "d_base": 116, "d_gt": 18, "da": [135, 145], "da042c57": 34, "da39a3e": 34, "da637701781744658799_2045659800": 77, "da637727919412649530_": 78, "da637792709228082931_312545642": 77, "daemon": [10, 37, 77, 131], "daf0": 155, "dai": [7, 10, 18, 35, 42, 54, 77, 87, 97, 102, 103, 116, 129, 134, 136, 141, 146, 157, 166], "daili": [42, 95, 113, 151], "dalesandro": 87, "danc": 63, "dandbcompanyid": 112, "danish": 145, "dao": [142, 186], "daonoff": 116, "dark": [101, 183, 184, 190], "darkgoldenrod": 40, "darktrac": 154, "darktrace_aianalyst_incident_group_id": 34, "darktrace_associated_device_id": 34, "darktrace_associated_devices_dt": 34, "darktrace_base_url": 34, "darktrace_breach_link": 34, "darktrace_data_table_nam": 34, "darktrace_device_count": 34, "darktrace_device_dt_credenti": 34, "darktrace_device_dt_first_seen": 34, "darktrace_device_dt_hostnam": 34, "darktrace_device_dt_id": 34, "darktrace_device_dt_ip": 34, "darktrace_device_dt_label": 34, "darktrace_device_dt_last_seen": 34, "darktrace_device_dt_mac_address": 34, "darktrace_device_dt_o": 34, "darktrace_device_dt_tag": 34, "darktrace_device_dt_typ": 34, "darktrace_device_id": 34, "darktrace_device_tag": 34, "darktrace_group_categori": 34, "darktrace_group_scor": 34, "darktrace_incident_event_id": 34, "darktrace_incident_events_dt": 34, "darktrace_incident_events_dt_acknowledg": 34, "darktrace_incident_events_dt_ai_analyst_scor": 34, "darktrace_incident_events_dt_categori": 34, "darktrace_incident_events_dt_created_at": 34, "darktrace_incident_events_dt_event_id": 34, "darktrace_incident_events_dt_initiating_device_id": 34, "darktrace_incident_events_dt_summari": 34, "darktrace_incident_events_dt_titl": 34, "darktrace_incident_group_acknowledg": 34, "darktrace_incident_group_id": 34, "darktrace_incident_group_link": 34, "darktrace_incident_group_start_tim": 34, "darktrace_incident_last_modifi": 34, "darktrace_include_model_breach_data": 34, "darktrace_initiating_device_id": 34, "darktrace_model_breach_pbid": 34, "darktrace_model_breaches_dt": 34, "darktrace_model_breaches_dt_acknowledg": 34, "darktrace_model_breaches_dt_associated_ev": 34, "darktrace_model_breaches_dt_breach_id": 34, "darktrace_model_breaches_dt_nam": 34, "darktrace_model_breaches_dt_threat_scor": 34, "darktrace_model_breaches_dt_time_occur": 34, "darktrace_number_of_events_in_group": 34, "darktrace_soar_case_id": 34, "dartkrac": 34, "darussalam": 135, "dash": [84, 96, 113], "dashboard": [106, 159], "dat": [34, 152], "data": [7, 8, 9, 10, 11, 12, 16, 21, 27, 28, 29, 30, 31, 36, 38, 39, 45, 46, 47, 50, 52, 56, 57, 62, 64, 65, 69, 70, 71, 72, 74, 75, 78, 80, 83, 84, 85, 88, 89, 90, 91, 92, 93, 96, 99, 100, 104, 111, 112, 114, 119, 120, 121, 122, 125, 127, 129, 131, 132, 133, 134, 138, 139, 141, 142, 145, 146, 147, 148, 149, 151, 152, 154, 157, 160, 162, 164, 165, 166, 167, 172, 174, 183, 184, 185, 186, 187, 188, 189, 190], "data_compromis": [59, 126], "data_contain": [59, 126], "data_encrypt": [59, 126], "data_exfil_by_vpn": 42, "data_exfiltr": 42, "data_fe": 182, "data_feed": 182, "data_feeder_retri": 181, "data_feeder_sync": 181, "data_field": [23, 104], "data_flg": 97, "data_format": [59, 126], "data_list": 116, "data_set": 116, "data_sourc": [35, 101, 184], "data_source_id": [59, 126], "data_str": 106, "data_stream": 38, "data_t": [14, 35, 42], "data_table_api1": 108, "data_table_api2": 108, "data_table_api3": 108, "data_table_api_nam": [178, 179, 181, 182], "data_table_field": 14, "data_tbl_field": [15, 23, 42, 116, 153], "data_tbl_fields_comput": 23, "data_tbl_fields_dom": 116, "data_tbl_fields_evnt": 23, "data_tbl_fields_fil": 23, "data_tbl_fields_luak": 15, "data_tbl_fields_ni": 23, "data_tbl_fields_top": 23, "data_transfer_issu": 42, "databas": [7, 12, 33, 37, 38, 40, 42, 55, 61, 68, 71, 79, 88, 94, 102, 113, 121, 132, 142, 150, 154, 163, 165, 182, 186, 190], "database_brute_forc": 42, "database_enumer": 42, "database_issu": 42, "database_label1": 86, "database_nam": 54, "database_takeov": 42, "database_transaction_failur": 42, "database_typ": 55, "database_us": 54, "databl": 97, "datacent": 116, "datacenter_nam": 144, "dataclass": [56, 183], "datadog": 89, "datafil": 113, "dataflow": 184, "datalength": 185, "datalist": 189, "dataset": [38, 127], "datasourc": [54, 55], "datasourcenam": 150, "datastor": [38, 180, 190], "datastore_dir": 113, "datat": [14, 15, 19, 20, 23, 25, 26, 33, 40, 48, 54, 58, 63, 73, 76, 77, 79, 81, 87, 95, 96, 98, 103, 107, 109, 116, 118, 119, 124, 128, 136, 154, 158, 178, 179, 180, 181, 182, 184, 188, 189, 190], "datatable_api_nam": 35, "datatable_column_nam": 35, "datatable_column_names_list": 86, "datatable_id": 54, "datatable_nam": 73, "datatyp": [71, 165, 179], "datavolum": 34, "date": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 29, 30, 31, 32, 33, 34, 35, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 54, 55, 56, 57, 58, 59, 63, 64, 65, 66, 67, 68, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 121, 123, 125, 126, 128, 129, 131, 134, 135, 136, 141, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 165, 166, 176, 177, 178, 179, 180, 181, 182, 183, 185, 186, 187, 188, 189, 190], "date_ad": 150, "date_cr": [31, 102, 136], "date_created_t": 136, "date_format": [89, 105, 135], "date_last": 9, "date_rang": 95, "date_s": [87, 135], "date_sight": 80, "date_start": 181, "date_str": 101, "date_tim": [67, 126], "date_utc": 90, "dateformat": 103, "datepick": [35, 45, 59, 77, 126, 180], "datetim": [16, 17, 18, 20, 24, 32, 35, 37, 40, 41, 42, 78, 79, 95, 98, 101, 102, 103, 105, 106, 107, 113, 115, 118, 123, 124, 128, 134, 135, 142, 144, 150, 181], "datetimepick": [17, 18, 20, 21, 23, 24, 30, 34, 35, 40, 41, 42, 54, 58, 59, 63, 68, 73, 77, 79, 86, 87, 95, 97, 98, 102, 105, 106, 107, 109, 115, 118, 123, 124, 126, 128, 134, 135, 144, 146, 166, 180], "dateutil": 113, "davi": [56, 183], "davidonzo": 71, "davidonzo_hash": 71, "dax30": 71, "days_of_week": 89, "days_to_search": 164, "days_to_search_back": 103, "db": [33, 113, 120, 180, 190], "db1aec5222075800eda75d7205267569679b424e5c58a28102417f46d3b5790d": 76, "db222226gq11111": 18, "db5f6228a066": 97, "db7350fc": 131, "db_artifact_valu": 95, "db_infer": 95, "db_label": 86, "db_match": 95, "db_match_no": 95, "db_processing_spik": 42, "db_properti": 95, "db_sync_postgr": 181, "db_timestamp": 95, "db_url": 113, "db_user": [54, 55], "db_valu": 95, "dbeaver": 181, "dbq": 86, "dbt": 115, "dc": [34, 66, 97, 107, 117, 158, 190], "dc3c8a0ce1f2464897d8c1995d66e1e4": 128, "dc3d": 79, "dc765d0e5e68": 123, "dc7d24d6465566d2941f35bc8d17801e": 116, "dc968f62938179dc007bced955b9a27c1a9949e00f168868c5e68fbff5742f93": 107, "dc_impact_lik": [59, 126], "dca551c7dxxxx930aexxxxddxxxx930ae68d54b971xxxxxxxxx": 146, "dcec": 102, "dch": 71, "dcom": 42, "dcom_lateral_mov": 42, "dcshadow": 42, "dcsync": 42, "dd": [32, 35, 69, 97, 103, 113], "dd20": 97, "dd8aaae30c54": 32, "dd9e9": 90, "ddc30808cf5d06d3": 53, "ddc5": 23, "ddd": 79, "dddc": 106, "dddd": [18, 116], "ddo": 7, "ddt": 68, "de": [7, 15, 23, 37, 56, 71, 73, 81, 88, 107, 145, 148, 157, 165, 185], "de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c": 107, "de_identified_text": 46, "deactivated_mfa": 15, "deactivationreason": 48, "deal": 37, "deatch": 133, "death": 7, "debian": 116, "debounc": 181, "debug": [8, 10, 27, 29, 33, 67, 77, 81, 99, 109, 120, 126, 138, 149, 153, 155, 181], "debug_script": 15, "debugg": 190, "dec": [12, 116], "dec4dad8": 150, "decemb": [40, 106], "decid": [40, 120], "decis": [69, 101, 111, 114, 141], "declar": 190, "declin": 42, "decod": [15, 43, 45], "decreas": [34, 42], "decript": 20, "decrypt": [0, 110], "dedic": [15, 58, 106, 180, 188], "dedup": [7, 97], "dedup_sect": [71, 165], "dedup_verdict_sect": 71, "dedupl": 71, "deem": [91, 186], "deep": 102, "deep_security_adapt": 17, "def": [12, 14, 15, 17, 18, 23, 24, 32, 35, 42, 45, 52, 58, 63, 68, 71, 77, 78, 90, 95, 97, 98, 105, 107, 109, 115, 116, 123, 129, 135, 143, 144, 147, 150, 153, 165, 180, 185, 189, 190], "defang": 189, "defang_pattern": 135, "default": [4, 7, 8, 9, 10, 11, 12, 14, 15, 17, 18, 22, 23, 24, 28, 32, 34, 35, 38, 40, 41, 42, 43, 45, 48, 51, 54, 55, 58, 60, 63, 64, 65, 66, 67, 68, 72, 73, 75, 77, 78, 79, 84, 85, 87, 88, 89, 90, 94, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 110, 112, 113, 114, 115, 116, 117, 118, 119, 120, 122, 123, 124, 125, 126, 127, 129, 130, 131, 136, 139, 140, 141, 144, 148, 150, 151, 155, 157, 159, 165, 171, 176, 178, 179, 180, 181, 182, 187, 188, 189, 190], "default_branch": 45, "default_data_table_limit": 17, "default_environ": 123, "default_folder_path": 40, "default_from": 89, "default_nam": 42, "default_query_nam": 17, "default_query_str": 17, "default_token_typ": 110, "default_us": [42, 77, 79, 89, 106, 144], "defaultgroupnotificationfrequ": 112, "defaultkei": 15, "defaultlangid": 73, "defaultlocationid": 116, "defaultnetworkti": 48, "defaultpag": 105, "defaultprofil": 18, "defaultserviceaccount": 48, "defaultus": 15, "defend": [78, 107, 154], "defender_action_com": 77, "defender_alert": 77, "defender_alert_assigned_to": 77, "defender_alert_classif": 77, "defender_alert_determin": 77, "defender_alert_id": 77, "defender_alert_info": 77, "defender_alert_lastseen": 77, "defender_alert_lastupdatetim": 77, "defender_alert_result_max": 77, "defender_alert_sever": 77, "defender_alert_statu": 77, "defender_app_execution_act": 77, "defender_atp_machin": 77, "defender_classif": 77, "defender_com": 77, "defender_descript": 77, "defender_determin": 77, "defender_expiration_tim": 77, "defender_file_hash": 77, "defender_filter_nam": 77, "defender_filter_valu": 77, "defender_find_machines_by_fil": 77, "defender_get_related_alert_inform": 77, "defender_incident_createtim": 77, "defender_incident_id": 77, "defender_incident_lastupdatetim": 77, "defender_incident_statu": 77, "defender_incident_url": 77, "defender_ind": 77, "defender_indicator_act": 77, "defender_indicator_field": 77, "defender_indicator_filt": 77, "defender_indicator_id": 77, "defender_indicator_typ": 77, "defender_indicator_valu": 77, "defender_isolation_act": 77, "defender_isolation_typ": 77, "defender_lookback_timefram": 77, "defender_machin": 77, "defender_machine_id": 77, "defender_machine_scantyp": 77, "defender_restriction_typ": 77, "defender_sever": 77, "defender_tag": 77, "defender_titl": 77, "defender_update_alert_templ": 77, "defender_update_incid": 77, "defender_update_incident_templ": 77, "defender_user2": [42, 77], "defenderavstatu": 77, "defens": [58, 71, 98], "defer": 188, "defin": [5, 10, 12, 14, 15, 17, 20, 24, 29, 32, 35, 43, 45, 48, 52, 55, 58, 63, 65, 66, 69, 75, 77, 78, 79, 86, 87, 88, 90, 101, 102, 103, 105, 106, 107, 110, 112, 113, 115, 118, 124, 128, 129, 135, 136, 144, 146, 150, 155, 159, 162, 176, 178, 179, 180, 181, 182, 187, 190], "definit": [18, 43, 52, 69, 70, 87, 91, 95, 96, 97, 102, 107, 116, 118, 132, 153, 157, 161, 162, 164, 180, 181], "deflat": 110, "defusedxml": [46, 90, 116], "degre": 95, "dehash": 183, "delai": [34, 35, 42, 90, 97, 134, 144, 165], "delayed_citrix_data_transf": 42, "delayed_data_transf": 42, "delayed_database_data_transf": 42, "delayed_email_data_transf": 42, "delayed_ftp_data_transf": 42, "delayed_http_data_transf": 42, "delayed_ip_address_configur": 42, "delayed_kerberos_auth": 42, "delayed_kerberos_data_transf": 42, "delayed_ldap_auth": 42, "delayed_ldap_data_transf": 42, "delayed_memcache_data_transf": 42, "delayed_redis_data_transf": 42, "delayed_web_servic": 42, "delayed_wifi_auth": 42, "deleg": [41, 155], "delegatedapproverid": 112, "delet": [10, 20, 22, 25, 28, 29, 42, 48, 59, 60, 80, 84, 86, 97, 99, 100, 102, 105, 107, 108, 109, 110, 113, 114, 122, 123, 126, 127, 139, 141, 144, 151, 165, 166, 167, 171, 175, 178, 179, 180, 181, 182, 183, 184, 185, 186], "delete_attach": [59, 126], "delete_channel": 131, "delete_cr": 18, "delete_domain": 25, "delete_execution_tim": 23, "delete_group": 131, "delete_incid": 181, "delete_intel_item": 128, "delete_issu": 73, "delete_result": 41, "delete_runbook": 18, "delete_schedul": 18, "delete_system": 73, "deletealarm": 14, "deleted_cert": 15, "deleted_cr": 15, "deleted_kei": 15, "deleted_list": 41, "deleted_mfa": 15, "deleteddatetim": 131, "delimit": [119, 136], "deliv": 98, "deliver_exploit": 144, "deliveri": [90, 99], "delta": [10, 113, 134], "demand": 125, "demo": [17, 23, 105, 113, 116, 123, 150, 190], "demo_amp": 23, "demo_app": 135, "demo_low_prev_retro": 23, "demo_stabuniq": 23, "demo_tinba": 23, "demo_upatr": 23, "demo_wannacry_ransomwar": 23, "demo_zbot": 23, "demoasset": [18, 77, 78, 79], "democrat": 135, "demograph": 95, "demonstr": [62, 101, 103, 123, 132, 143], "demostr": 43, "deni": [15, 18, 22, 24, 42, 186, 188], "denial": [42, 112], "denmark": 135, "denot": [24, 112, 144], "deny_list": 188, "denyall_group": 15, "depart": [20, 112, 116], "depend": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 27, 31, 32, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 63, 64, 65, 66, 71, 73, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 119, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 140, 141, 142, 143, 144, 145, 146, 150, 151, 152, 153, 155, 165, 181, 182, 190], "deploi": [4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165, 166], "deploy": [4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 138, 142, 144, 145, 146, 149, 150, 151, 152, 153, 156, 165, 180], "deployment_id": 97, "deployment_typ": 144, "deploymentmessag": 116, "deploymentprevers": 116, "deploymentrunningvers": 116, "deployments_url": 45, "deploymentstatu": 116, "deploymenttargetvers": 116, "deprec": [56, 63, 101, 102, 110, 118, 154, 155], "dept": 17, "depth": [10, 151], "der": 186, "deregistered_tim": 144, "deregistr": 107, "deriv": [23, 42, 52, 116, 189], "dermotgroup": 66, "dermotgroup2": 66, "desc": [23, 42, 79, 97, 115, 116], "descend": [73, 97, 116], "descr": 87, "describ": [24, 41, 60, 62, 63, 68, 74, 75, 100, 103, 105, 110, 114, 120, 122, 127, 134, 139, 141, 151, 160, 180], "describeconfigurationrecorderstatu": 14, "describedbclust": 14, "describedbinst": 14, "describeinst": 14, "describemetricfilt": 14, "describeregion": 14, "describetrail": 14, "describevolum": 14, "descript": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 34, 35, 36, 37, 38, 40, 41, 42, 44, 45, 46, 48, 50, 51, 52, 54, 56, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 139, 140, 141, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 155, 157, 159, 160, 176, 178, 180, 181, 182, 187, 188, 189, 190], "descriptor": [142, 186], "desenmascara": [142, 186], "deseri": 42, "design": [10, 20, 37, 48, 71, 75, 80, 87, 90, 96, 97, 113, 118, 120, 149, 181, 189], "desir": [15, 28, 48, 69, 86, 106, 118, 120, 124, 144, 150], "desk": 20, "desktop": [17, 34, 42, 84, 123, 131, 155, 157, 190], "desouza": 98, "dest": 90, "dest_dir": 37, "destin": [4, 34, 37, 39, 40, 41, 43, 44, 49, 55, 59, 72, 78, 97, 103, 107, 108, 120, 122, 123, 126, 133, 136, 159, 160, 163, 164, 178, 179, 181, 182], "destination_byt": 102, "destination_ip": 102, "destination_network": 103, "destination_packet": 102, "destination_port": 102, "destinationaddress": 78, "destinationbyt": 102, "destinationdomain": [78, 123], "destinationip": 102, "destinationip_count": 102, "destinationloc": 78, "destinationpacket": 102, "destinationport": [78, 102], "destinationurl": [78, 123], "destruct": 161, "desync": 42, "det": [42, 81], "det_descript": 42, "det_id": 42, "det_typ": 42, "detach": [4, 37], "detached_polici": 15, "detail": [6, 9, 10, 15, 18, 19, 20, 23, 25, 29, 32, 36, 41, 42, 47, 48, 49, 57, 58, 63, 64, 73, 74, 75, 77, 86, 87, 89, 90, 97, 99, 101, 102, 104, 105, 106, 107, 110, 112, 117, 118, 120, 121, 123, 124, 126, 128, 131, 134, 137, 140, 143, 146, 150, 153, 154, 160, 162, 163, 177, 181, 185, 188, 189, 190], "detail_msg": 97, "detailblad": 78, "detailbladeinput": 78, "detailed_decript": 20, "detailednam": 150, "detecion": 42, "detect": [4, 12, 14, 19, 27, 55, 62, 64, 71, 77, 78, 81, 85, 98, 102, 103, 106, 107, 114, 115, 116, 123, 129, 144, 153, 154, 165, 184, 186], "detected_at": 135, "detected_malware_app": 144, "detected_url": 186, "detectedmalwar": 153, "detectedremediationstatu": 129, "detection_criteria": 105, "detection_data": 105, "detection_id": [23, 42], "detection_list": [42, 105], "detection_not": 42, "detection_relev": 105, "detection_row": 105, "detection_rule_rrn": 106, "detection_sha256": 23, "detection_timestamp": 144, "detection_typ": 42, "detection_url": 42, "detection_url_html": 42, "detectiond": 129, "detectionengin": 115, "detectionid": 78, "detectionmethod": 150, "detectionserverid": 129, "detectionservernam": 129, "detectionsourc": 77, "detectionst": 115, "detectionstatu": 77, "detectiontim": 123, "detectiontyp": 115, "detector": [14, 116], "detectorid": [14, 77], "determin": [1, 15, 29, 34, 35, 41, 42, 45, 66, 71, 77, 78, 85, 94, 98, 102, 104, 110, 118, 126, 134, 136, 144, 146, 165, 166, 181, 185, 188], "determination_valu": 144, "determinationtyp": 77, "determinationvalu": 77, "determined_d": [59, 126], "deu": [85, 135], "dev": [42, 66, 71, 89, 107, 112, 150, 190], "dev2": 159, "dev_id": 42, "develop": [0, 1, 6, 10, 13, 25, 26, 29, 43, 44, 72, 77, 82, 89, 104, 110, 111, 119, 122, 134, 141, 146, 152, 157, 160], "devic": [23, 24, 58, 77, 78, 83, 87, 88, 96, 97, 106, 110, 112, 115, 116, 131, 135, 190], "device_class": 42, "device_count": [17, 103], "device_descript": 34, "device_dis": 17, "device_dt": 68, "device_dt_nam": 34, "device_external_ip": 144, "device_group_id": 144, "device_id": [32, 34, 42, 68, 83, 135, 144], "device_installed_bi": 144, "device_internal_ip": 144, "device_ip": 58, "device_link": 135, "device_loc": 144, "device_meta_data_item_list": 144, "device_nam": [58, 144], "device_o": 144, "device_os_bit": 58, "device_os_nam": 58, "device_os_v": 58, "device_os_vers": 144, "device_owner_id": 144, "device_polici": [32, 144], "device_policy_id": 144, "device_row": 144, "device_search_result": 42, "device_sensor_vers": 144, "device_statu": [32, 144], "device_target_prior": 144, "device_target_valu": 144, "device_tim": 58, "device_timestamp": 144, "device_trajectori": 23, "device_typ": 83, "device_uem_id": 144, "device_url": [17, 42], "device_url_html": 42, "device_usernam": 144, "devicedefinit": 103, "devicednsnam": 77, "deviceeventclassid": 123, "devicegroupid": 68, "deviceid": [68, 77], "devicelabel": 34, "devicenam": 68, "deviceown": 68, "devices_id": 42, "devices_list": 68, "devices_output": 34, "devicesearch": 32, "devicestatu": 68, "devicesw": 68, "devicetyp": 68, "devicevalu": 77, "devs_descript": 42, "devs_id": 42, "df": 185, "df0f": 9, "df3ory5lrvf": 185, "df_create_d": 181, "df_host": 181, "df_inc_id": 181, "df_org_id": 181, "dfe1832e02888422f48d6896dc8e8f73": 121, "dff2": 97, "dfsr": 107, "dfssvc": 107, "dga": 42, "dgzsfhcjv": 35, "dhcp": [42, 103], "dhcp_decline_error": 42, "dhcp_error": 42, "dhcp_issu": 42, "dhcp_name": 42, "dhcp_restart_error": 42, "dhcpserver": 116, "di": 97, "diagnost": [50, 181], "diagram": 177, "dialinipaddress": 146, "dialog": [33, 105], "dict": [12, 17, 21, 24, 33, 35, 36, 42, 45, 52, 63, 71, 73, 76, 78, 90, 97, 101, 110, 115, 116, 128, 129, 144, 150, 153, 165, 180], "dict_el": 33, "dict_to_json_str": [35, 52, 58, 63, 118], "dictionari": [7, 10, 12, 14, 17, 18, 19, 20, 23, 24, 31, 34, 35, 38, 40, 41, 42, 45, 47, 48, 50, 52, 58, 63, 64, 65, 66, 71, 73, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 146, 150, 151, 152, 153, 165, 183, 184, 185, 186, 190], "did": [15, 17, 32, 34, 58, 86, 106, 115, 144], "didier": 90, "didiersteven": 90, "didn": [56, 101, 177], "diego": 117, "differ": [4, 8, 10, 23, 26, 28, 32, 33, 35, 37, 42, 47, 48, 58, 63, 65, 66, 68, 76, 77, 79, 80, 82, 84, 85, 86, 87, 88, 89, 96, 98, 102, 105, 106, 108, 110, 112, 116, 118, 131, 144, 157, 177, 178, 180, 181, 182, 188, 189], "differenti": 135, "dig": [84, 163], "digestfrequ": 112, "digicert": 142, "digicerttlsrsasha2562020ca1": 142, "digit": [37, 87, 110, 112, 119, 135, 153], "digitalcerif": 153, "digitalshadow": 36, "digitalsid": 71, "digitalside_it_hash": 71, "digitalside_it_url": 71, "digitalsignatur": [142, 186], "dioeav": 183, "dir": [40, 49, 84, 90], "direct": [14, 20, 23, 34, 35, 48, 49, 78, 79, 80, 87, 89, 101, 106, 112, 115, 116, 117, 123, 129, 135, 136, 148, 155, 166, 177, 181], "directconnect": 8, "direction_id": 116, "directions_link": 49, "directli": [20, 32, 35, 48, 75, 78, 85, 110, 119, 120, 131, 146, 148, 150, 165, 182], "directori": [0, 3, 4, 10, 28, 29, 37, 42, 52, 65, 66, 67, 69, 75, 80, 83, 84, 89, 90, 94, 100, 114, 116, 127, 131, 133, 139, 141, 143, 144, 155, 158, 159, 160, 161, 164, 166, 176, 177, 190], "directory_id": 131, "dirti": [23, 73], "dirty_url": 23, "dirtyid": 88, "disabl": [10, 14, 17, 18, 22, 34, 35, 38, 45, 48, 54, 55, 63, 65, 66, 71, 73, 77, 79, 88, 89, 97, 98, 102, 105, 106, 107, 112, 113, 115, 116, 117, 118, 123, 124, 128, 129, 131, 144, 150, 151, 160, 166, 180, 182, 186, 188, 189, 190], "disable_abac": 48, "disable_correl": 80, "disable_local_auth": 18, "disable_not": 113, "disable_onc": 116, "disablelocalauth": 18, "disablelocalauth_account": 18, "disapprov": 188, "discard": 110, "disclaim": 186, "disclosur": [56, 126, 183], "disconnect": 107, "disconnect_result": 115, "disconnection_lookup": 107, "disconnectionreason": 107, "discov": [14, 36, 42, 55, 116, 129, 131, 189], "discover_tim": 42, "discovercontentrootpath": 129, "discovered_d": [14, 34, 42, 48, 59, 63, 65, 77, 79, 89, 105, 106, 112, 126, 129, 131, 135, 144, 150, 181], "discoveri": [14, 42, 77, 78, 102, 116], "discovermillissincefirstseen": 129, "discovernam": 129, "discoverrepositoryloc": 129, "discoverscanid": 129, "discoverscanstartd": 129, "discoverserv": 129, "discovertargetid": 129, "discovertargetnam": 129, "discoverurl": 129, "discovery_id": 42, "discrep": 20, "discret": 155, "discuss": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 42, 45, 46, 48, 50, 52, 58, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 83, 84, 86, 87, 88, 89, 90, 91, 92, 93, 95, 97, 98, 101, 102, 103, 105, 106, 107, 109, 112, 113, 115, 116, 121, 123, 124, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153], "disk": [77, 144], "diskdriv": 116, "dismiss": [129, 144], "dispatch": 134, "displai": [3, 4, 9, 11, 12, 14, 15, 17, 24, 28, 29, 34, 40, 41, 42, 45, 48, 51, 60, 67, 68, 71, 78, 87, 90, 94, 95, 98, 99, 100, 102, 103, 105, 106, 108, 112, 113, 114, 115, 116, 120, 122, 124, 125, 127, 129, 130, 131, 135, 139, 141, 144, 148, 155, 159, 166, 181, 187, 190], "display_color": 115, "display_cont": 148, "display_intern": 95, "display_nam": [42, 48, 59, 97, 107, 108, 118, 124, 126], "display_str": [81, 184], "displaynam": [41, 63, 66, 131, 171], "displayord": 129, "displayvalu": 78, "dispos": [13, 95, 112], "disposit": [23, 106, 110], "disposition_map": 106, "disregard": 110, "dist": [4, 72, 111, 175, 190], "distinct": [71, 118, 165], "distinct_search": 164, "distinguish": [66, 101, 118], "distinguishednam": 66, "distribut": [4, 10, 13, 17, 25, 43, 56, 72, 80, 82, 96, 99, 104, 111, 132, 160], "div": [12, 17, 20, 24, 40, 42, 45, 63, 78, 84, 90, 105, 106, 107, 108, 115, 119, 123, 126, 129, 142, 144, 148, 150, 187], "div_ld2": 26, "div_ld2_1": 26, "div_ld2_2": 26, "div_ld3": 26, "diverse_behavior": 55, "divid": [110, 189], "divis": 112, "divtagdefaultwrapp": 40, "djee5vzfsos1xar6gn_s1a": 144, "dji": 135, "djibouti": 135, "djl": 123, "djxekiebhfwfcofngy18": 38, "dk0o3rwejtcxhletfg2f": 97, "dk0tzjrwtmzlapw4": 76, "dkim": [39, 90], "dkr": 1, "dll": 107, "dllhost": 107, "dlllist": 84, "dlp": [116, 126, 154], "dlp_create_case_templ": 129, "dm6pr08mb6060": 41, "dma": 135, "dmarc": 90, "dn": [8, 12, 14, 17, 23, 24, 26, 32, 34, 37, 40, 42, 48, 54, 55, 61, 64, 66, 71, 73, 77, 80, 82, 84, 88, 91, 97, 101, 103, 104, 105, 107, 116, 123, 128, 132, 142, 147, 148, 153, 154, 157, 158, 166, 171, 185, 186, 190], "dnk": 135, "dns64": 186, "dns8": [142, 186], "dns_and_host_appl": 116, "dns_and_host_blacklistrul": 116, "dns_block": 14, "dns_brute_forc": 42, "dns_domain_nam": 14, "dns_error": 42, "dns_internal_reverse_lookup_scan": 42, "dns_issu": 42, "dns_lookup_failur": 42, "dns_name": [42, 138], "dns_rebind": 42, "dns_record": 12, "dns_request_timeout": 42, "dns_rr_histori": 26, "dns_timeout": 42, "dns_tunnel": 42, "dns_zone": 148, "dns_zone_transf": 42, "dnsend": 185, "dnshostfil": 116, "dnsserver": [34, 116], "dnsstart": 185, "do": [4, 8, 32, 33, 37, 42, 46, 47, 55, 63, 66, 79, 80, 84, 87, 97, 110, 116, 118, 120, 124, 129, 131, 135, 140, 146, 174, 176, 177, 178, 179, 180, 181, 182, 184, 185, 190], "do7lscfih4jh5ttv74mo4xm99awxoxdl8": 97, "dob": 95, "doc": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 30, 31, 34, 35, 38, 40, 41, 42, 43, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165, 166, 177, 179, 181, 183, 185, 186, 190], "doc_typ": 38, "docgen": [81, 109, 153, 166], "docker": [1, 4, 29, 133], "docker_approved_imag": 37, "docker_artifact_typ": 37, "docker_artifact_valu": 37, "docker_attachment_nam": 37, "docker_container_id": 37, "docker_extra_": 37, "docker_imag": 37, "docker_input": 37, "docker_integration_invoc": 37, "docker_link": 37, "docker_oper": 37, "docker_remote_url": 37, "docker_timestamp": 37, "docker_use_remote_conn": 37, "dockerfil": [3, 10, 29, 85], "dockerhub": 37, "dockeris": 37, "document": [1, 2, 4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 32, 34, 35, 37, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 54, 57, 58, 59, 63, 64, 65, 66, 71, 72, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 120, 121, 123, 124, 125, 126, 128, 129, 131, 133, 134, 135, 137, 142, 144, 145, 146, 148, 150, 151, 152, 153, 154, 155, 160, 163, 165, 176, 177, 178, 179, 180, 181, 183, 185, 186, 190], "document_guid": 144, "document_id": [38, 178], "documentformat": 129, "documenturl": 185, "docx": 46, "doe": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 27, 29, 30, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 47, 50, 52, 54, 58, 59, 60, 63, 64, 65, 66, 71, 73, 75, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 139, 141, 142, 144, 145, 146, 150, 151, 152, 153, 165, 174, 179, 180, 190], "doesn": [78, 79, 110, 112, 116, 162, 177], "doh": 42, "dom": [135, 140, 142, 185], "domain": [7, 8, 12, 13, 14, 20, 23, 25, 26, 28, 32, 36, 40, 41, 42, 48, 54, 56, 66, 71, 73, 77, 80, 81, 82, 87, 88, 93, 95, 101, 102, 107, 109, 112, 115, 127, 128, 131, 132, 140, 142, 147, 153, 158, 165, 171, 172, 183, 185, 186], "domain1": 66, "domain2": 66, "domain_blacklist": 12, "domain_cont": 116, "domain_content_result": 116, "domain_detail": 147, "domain_details_kei": 147, "domain_details_valu": 147, "domain_front": 42, "domain_generation_algorithm": 42, "domain_generation_algorithm_resolv": 42, "domain_generation_algorithm_unresolv": 42, "domain_id": [103, 116], "domain_nam": [84, 116], "domain_trust_enumer": 42, "domain_trusts_enumer": 42, "domainallowlist": 189, "domainid": 116, "domainnam": [73, 77, 78, 101, 116], "domainorworkgroup": 116, "domainregistereddatetim": 78, "domainstat": 185, "domcontenteventfir": 185, "domid_exist": 116, "dominica": 135, "dominican": 135, "domurl": 185, "don": [81, 101, 106, 110, 116, 118, 184], "done": [37, 54, 55, 63, 71, 76, 84, 110, 177, 180, 189], "dont": 58, "dot_param": 42, "doubl": [59, 79, 84, 103, 119, 124, 126, 180], "doublepulsar": 42, "doublepulsar_rdp_impl": 42, "doublepulsar_rdp_scan": 42, "doublepulsar_smb_impl": 42, "doublepulsar_smb_scan": 42, "dovecot": 7, "down": [1, 15, 23, 31, 55, 75, 108, 116, 120, 177, 181], "download": [8, 9, 10, 11, 15, 23, 28, 29, 33, 36, 37, 42, 44, 45, 51, 54, 55, 60, 67, 70, 77, 84, 85, 94, 99, 100, 102, 107, 114, 116, 117, 122, 125, 127, 130, 136, 139, 140, 141, 143, 144, 148, 155, 157, 159, 165, 168, 178, 183, 184, 185, 186, 190], "downloads_url": 45, "downstream": [10, 150, 179], "dpendin": 165, "dpi": [101, 184], "dpuc8zkgcpgf4": 97, "dpznzwvss5jkox57cjlzx0xb7rn4mkifoni9": 97, "dqdrvmtxco55u49ac1w0tauas9y1g0nsox7iwx5qpxz2vy21sdz4s47t0i0dsbwl2zvo1roa31lv7manpgfjh": 97, "dr": [142, 186], "draft": [18, 40, 45, 59, 96, 97, 119, 126, 151], "drag": [24, 32, 33, 35, 36, 37, 42, 55, 74, 98, 112, 113, 114, 116, 120, 190], "dridex": 152, "drive": [17, 84], "driver": [42, 107, 180, 181, 190], "drop": [15, 23, 31, 42, 55, 57, 58, 102], "dropdown": [20, 23, 42, 116, 190], "dropper": 121, "drtpval4ipn5p56hqgl": 97, "drupal": 42, "drweb": 121, "ds_api_kei": 36, "ds_api_secret": 36, "ds_base_url": 36, "ds_datatable_api_nam": 36, "ds_link": 36, "ds_search_result": 36, "ds_search_valu": 36, "dsc": [18, 68], "dscmetaconfigur": 18, "dscorepropagationdata": 66, "dst": [42, 80, 105, 116, 171], "dst_folder": 40, "dstatzpy9ia": 41, "dt": [32, 42, 89, 105, 106, 144, 185], "dt_boolean_field": 35, "dt_col_nam": 35, "dt_col_name1": 35, "dt_col_name2": 35, "dt_col_name4": 35, "dt_col_namea": 35, "dt_col_nameb": 35, "dt_col_namec": 35, "dt_column_nam": 35, "dt_csv_data": 35, "dt_datable_nam": 35, "dt_date_time_format": 35, "dt_datetime_field": 35, "dt_has_head": 35, "dt_mapping_t": 35, "dt_max_row": 35, "dt_multi_select_field": 35, "dt_name_field": 35, "dt_now": [32, 79, 107, 115, 129], "dt_number_field": 35, "dt_relations_child_incid": 108, "dt_select_field": 35, "dt_start_row": 35, "dt_text_field": 35, "dt_utils_add_row": 35, "dt_utils_cells_to_upd": 35, "dt_utils_clear_datat": 35, "dt_utils_create_csv_t": 35, "dt_utils_datatable_api_nam": 35, "dt_utils_delete_all_row": 35, "dt_utils_delete_row": 35, "dt_utils_get_all_data_table_row": 35, "dt_utils_get_row": 35, "dt_utils_max_row": 35, "dt_utils_row_id": 35, "dt_utils_rows_id": 35, "dt_utils_search_column": 35, "dt_utils_search_valu": 35, "dt_utils_sort_bi": 35, "dt_utils_sort_direct": 35, "dt_utils_test_data_t": 35, "dtm": [59, 126], "dto": 75, "dtype": 110, "du": 185, "dublin": 40, "due": [37, 70, 73, 87, 96, 113, 125, 129, 180, 181], "due_dat": [59, 108, 112, 126], "dueat": 150, "duedat": [63, 73], "duedateunixtimeinm": 123, "dummi": [69, 89], "dummy_devic": 68, "dummy_fil": 34, "dummytestservic": 89, "dummytestservice2": 89, "dummytestservice3": 89, "dump": [17, 18, 88, 89, 92, 102, 103, 106, 110, 112, 118, 142, 144], "dunsnumb": 112, "dupe": 7, "duplic": [42, 71, 73, 77, 79, 101, 103, 107, 113, 114, 123, 129, 144, 165, 166, 178, 180, 181, 182, 190], "duplicate_cleanup": 144, "durat": [23, 146], "durationsecond": 36, "dure": [37, 72, 77, 89, 110, 116, 117, 144, 166, 178, 179, 181, 182], "during_support_hour": 89, "dutch": [135, 145], "dwm": 107, "dwmwdqyjkozihvcnaqelbqadggebaksulwf6bi": 84, "dwp_srid": 20, "dwp_srinstanceid": 20, "dx": 58, "dxl": [76, 170], "dxlclient": [75, 76], "dxlclient_config": [75, 76], "dylan": 90, "dynam": [71, 84, 111, 115, 141], "dyndn": 71, "dyndns_ponmocup": 71, "dyrmqrnmbtigrbxdgrju98r936mbk98vwikvlj1": 97, "dza": 135, "e": [0, 1, 4, 13, 20, 22, 23, 25, 31, 33, 34, 35, 37, 39, 42, 43, 52, 56, 59, 63, 64, 65, 71, 72, 79, 80, 82, 85, 87, 95, 101, 104, 110, 112, 116, 119, 126, 128, 131, 133, 136, 145, 150, 153, 157, 160, 166, 177, 180, 182, 190], "e026": 18, "e053": 58, "e0c553a8": 105, "e0f67b258a2c9d926fc8282f5c2a8c39": 185, "e1234567890": 98, "e1abb618": 73, "e1b09d9873174fd49cc622037c5f4ae4": 116, "e2b3b5adbdbc": 108, "e2e5": 126, "e2fa5296f88a0c4ad37e4f4652c221db": 151, "e313": 116, "e345e07a": 77, "e35c5a28": 150, "e3cd": 115, "e3dd": 116, "e4": 68, "e42f": 116, "e4463fba": 106, "e4767f763c59": 125, "e4a30fdb287f7b23f9bf22166fd54bf1": 116, "e4f8e6f8469": 131, "e530": 79, "e5868c93": 126, "e5b1": 97, "e60b061fdd844ebf9778d4bd2ac3942a": 116, "e644fdd8": 150, "e65d": 77, "e65e112aa417": 135, "e6aozt2vmh3fd": 97, "e6ca81c7a869": 123, "e6e0b5e2170a": 77, "e6gah": 151, "e715": [101, 184], "e773a9eb": 23, "e7h0m9zbc3op": 97, "e819": 18, "e8a1e8478c717a9cb724c8f1d05424976bab35af": 0, "e8aaa0qx": 41, "e8aaa0ucmsaaa": 41, "e8aaa0ucmtaaa": 41, "e8aaa0uetzaaa": 41, "e8aaa0ugb5aaa": 41, "e8aaaaaaejaadi5xky9khuq48uewaxv": 41, "e8aaaaaaekaadi5xky9khuq48uewaxv": 41, "e8aaaaaaemaadi5xky9khuq48uewaxv": 41, "e8aaaaaaenaadi5xky9khuq48uewaxv": 41, "e8aaaaaaetaadi5xky9khuq48uewaxv": 41, "e8aaab4l2o": 41, "e8aaab6qy8aaa": 41, "e8aaapet0k": 41, "e8aaapet0u": 41, "e8aaapett4": 41, "e8aaapett8": 41, "e8aaapetu": 41, "e8aaapetua": 41, "e8aaapetui": 41, "e8aaapetum": 41, "e8aaapetvn": 41, "e8aaapetyz": 41, "e8aaapetzf": 41, "e8aaapetzi": 41, "e8aaapggugaaa": 41, "e8aaapgguhaaa": 41, "e8aaapgk_jaaa": 41, "e8aaapgk_kaaa": 41, "e8aaapgk_laaa": 41, "e8aaapgk_maaa": 41, "e8aaapgk_naaa": 41, "e8aaapgk_oaaa": 41, "e8aaapgmcoaaa": 41, "e8aaapgmcpaaa": 41, "e8aaapgmcqaaa": 41, "e8aaapgmcraaa": 41, "e8aaapgtroaaa": 41, "e8aaavkuf9": 41, "e8aaavkuff": 41, "e8aaavkufh": 41, "e8aaavkugd": 41, "e8aaavkugu": 41, "e8aaavkuh7": 41, "e8aaavkuhc": 41, "e8aaavkuhn": 41, "e8aaavkuia": 41, "e8aaavnld2aaa": 41, "e8aaavnld3aaa": 41, "e8aaavnld4aaa": 41, "e8aaavnld5aaa": 41, "e8aaavnld6aaa": 41, "e8aaavnlomaaa": 41, "e8aaavnlonaaa": 41, "e8aaavnlooaaa": 41, "e8aaavnlopaaa": 41, "e8aaavnloqaaa": 41, "e8ecf": 97, "e9120574be8c45e1a92d1a0d34199b56": 89, "e9a5b16c2c36044270784bef3bf89a13": 185, "e_result": 87, "ea": [95, 116], "ea24520ef3d7": 23, "ea650b42": 116, "ea97227d34b8526055a543ade7d18587a927f6a3": 23, "eaa3aef168e8aeadfb606bf2637c21f": 135, "each": [1, 3, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 28, 29, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 63, 64, 65, 66, 67, 68, 71, 72, 73, 75, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 94, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 127, 128, 129, 130, 131, 134, 135, 136, 137, 139, 141, 142, 145, 146, 148, 150, 151, 152, 153, 154, 155, 158, 159, 165, 166, 176, 177, 178, 179, 180, 181, 182, 183, 187, 188, 189], "each_attribut": 95, "each_ent": 71, "each_item": [71, 165], "each_kei": 71, "each_sect": 71, "each_tag": 165, "ead9": 105, "eapol": 116, "earli": [116, 151], "earlier": 77, "eas": [140, 177], "easeu": 77, "easi": [4, 63, 67, 80, 110, 135], "easier": [110, 190], "easiest": [37, 112, 125], "easili": [4, 84, 110, 111, 113, 141, 180, 184], "east": [1, 14, 16, 18, 150], "eastern": 41, "eastu": 18, "eb3e11de3c9cefc2d9d70972350e2b28": 95, "eb55": 101, "eb82": 58, "eb976a7f": 75, "ebb4bywjrhwrpig2suj6z1xssirlvtuapraukv1ovtd5xnw7rw0t0yncjjkklx": 97, "ebc3a5ead531": 150, "ebt": 185, "ec": [38, 102, 103, 184], "ec2": [14, 102, 150], "ec2aaa": 116, "ec2amaz": 116, "ec_file_hash": 102, "ec_file_path": 102, "ec_filenam": 102, "ec_imp_hash": 102, "ec_md5_hash": 102, "ec_parentcommandlin": 102, "ec_process_commandlin": 102, "ec_sha1_hash": 102, "ec_sha256_hash": 102, "ecb2": 123, "ecbe47f05d3b47788529c89050c1bf56": 128, "ecc": [42, 90], "ecc0": 71, "echo": [10, 110], "ecr": 1, "ecu": 135, "ecuador": 135, "ed": 112, "eda45dbc": 79, "edar": 129, "edc6aa8fa3f211cfad7c12a0ba5b32f4": 95, "edg": [10, 12, 14, 15, 17, 18, 20, 23, 24, 31, 34, 40, 41, 45, 63, 64, 65, 66, 71, 73, 77, 78, 79, 80, 81, 84, 87, 88, 90, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 115, 116, 123, 129, 135, 142, 144, 150, 151, 153, 165], "edgarjohnson": 77, "edit": [1, 4, 9, 10, 11, 13, 15, 17, 18, 19, 24, 28, 29, 33, 34, 35, 41, 42, 43, 44, 48, 51, 54, 55, 59, 62, 63, 65, 66, 70, 72, 73, 74, 77, 78, 79, 80, 82, 84, 86, 87, 89, 90, 94, 96, 97, 99, 100, 102, 103, 105, 106, 108, 111, 112, 114, 115, 116, 119, 120, 122, 125, 127, 128, 129, 130, 133, 135, 136, 138, 139, 140, 141, 142, 143, 144, 150, 153, 159, 166, 170, 172, 173, 174, 176, 178, 179, 180, 181, 182, 188, 189, 190], "edit_groups_result": 88, "edit_users_result": 88, "editableincidentdetail": 129, "editmeta": 63, "editor": [119, 166, 190], "editortyp": 151, "editparamet": 102, "edm": 102, "edm_global_set": 102, "ednpoint": 116, "edr": 154, "edrstatu": 116, "edu": [71, 142, 165], "educ": [71, 95], "educateurl": 77, "ee": [42, 107], "ee616124": 18, "ee70ea8c": 97, "ee75b0850946c25d5287b58b5173a37c": 116, "eee": 79, "eeee": 116, "eeeee222": 106, "eeeeeeee": 106, "eeeeeeeee": 106, "eeeeeeeeee": 106, "eeeeeeeeeeee": 106, "ef": 15, "ef1dsgb6d": 97, "ef44473e1b4d09103351ca2b234bcbc6": 118, "ef8a52755cab287bdc95ade169daffb3": 185, "efe4db52": 18, "effect": [14, 101, 146, 150, 180, 181, 189], "effective_permiss": 14, "effectivesubscriptionid": 79, "effici": 52, "effort": [10, 48, 110], "egi": 135, "egypt": 135, "eh": 19, "ei": [148, 185], "eicar": [27, 116], "either": [12, 14, 17, 18, 20, 24, 29, 35, 37, 40, 42, 45, 46, 48, 52, 56, 57, 63, 66, 71, 72, 76, 77, 78, 79, 85, 87, 90, 96, 97, 102, 103, 105, 107, 110, 115, 117, 118, 119, 120, 125, 128, 129, 130, 131, 135, 144, 146, 148, 151, 155, 165, 166, 176, 180, 181, 182, 183, 187, 189], "ek": 150, "el": [95, 135, 145, 185], "el7": [53, 84, 115], "elamonoff": 116, "elaps": [84, 87, 110, 165, 166], "elapsed_tim": [12, 97], "elast": [38, 178], "elastic_fe": 178, "elasticsearch": [154, 177, 179, 181, 182], "elasticsearch_password": 38, "elasticsearch_url": 38, "elasticsearch_usernam": 38, "element": [12, 17, 24, 29, 45, 55, 71, 78, 90, 97, 103, 115, 124, 129, 144, 150, 181, 185, 187], "element_id": 97, "element_nam": 97, "element_typ": [97, 103], "element_valu": 97, "elementtre": 165, "elementtyp": 123, "eliast": 178, "elif": [12, 14, 15, 17, 18, 19, 20, 23, 24, 27, 33, 34, 35, 42, 45, 52, 58, 63, 71, 75, 76, 77, 78, 81, 87, 88, 89, 90, 98, 101, 105, 106, 107, 109, 115, 116, 129, 131, 135, 143, 144, 151, 153, 165, 184, 186], "elimin": 71, "els": [7, 9, 10, 12, 14, 15, 17, 18, 19, 20, 23, 24, 27, 30, 31, 32, 33, 34, 35, 36, 37, 40, 42, 45, 46, 48, 50, 52, 53, 54, 56, 58, 59, 62, 63, 65, 66, 68, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 87, 88, 89, 90, 91, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 135, 136, 137, 138, 142, 143, 144, 146, 147, 148, 149, 150, 152, 153, 157, 161, 165, 177, 180, 183, 184, 185, 186, 190], "em": [36, 56, 183, 185], "emaab68deqaab5ewkeaab5maeqaab6mokaaab6equaaab4cjeaaab6yseuaab48reeaab58ukeaab6sieuaab445keaab4qs0eaab7gnkqaab4i0faaab5kykcaab5kaeqaab5400aaab4mjeaaab5u6uaaab70n0qaab74peqaab7sguaaab5mi0aaab7saeqaab7yskqaab48z0qaab6aguaaab5ay1yaab4emfeaab5unkeaab60nueaab7m81aaab6ui0aaab4gdvqaab4evveaab6wtkeaab40": 116, "emaab68deqaab6sieuaab445keaab4qs0eaab7gnkqaab6mukeaab4i0faaab5ewkeaab6mokaaab6equaaab4cjeaaab6yseuaab48reeaab58ukeaab7unueaab4enkeaab70nueaab4yskeaab4oskeaab5yskeaab5unkeaab60nueaab5kykcaab5kaeqaab5400aaab4mjeaaab5u6uaaab70n0qaab74peqaab7sguaaab5mi0aaab7saeqaab7yskqaab48z0qaab6aguaaab5ay1yaab7m81aaab6ui0aaab6wtkeaab4gdvqaab40": 116, "email": [7, 11, 12, 13, 17, 21, 24, 30, 31, 36, 41, 42, 45, 56, 59, 63, 66, 68, 69, 71, 73, 77, 79, 80, 84, 89, 95, 97, 98, 99, 101, 102, 103, 106, 112, 114, 116, 118, 120, 124, 126, 128, 129, 131, 132, 142, 144, 146, 148, 151, 154, 155, 159, 161, 171, 181, 183, 186, 190], "email2": 87, "email_address": [40, 41, 45, 56, 66, 183], "email_alert": 116, "email_approv": 188, "email_approval_cc": 188, "email_approval_detail": 188, "email_approval_expir": 188, "email_approval_import": 188, "email_approval_to": 188, "email_cont": 135, "email_contents_json": 135, "email_convers": [87, 135, 189], "email_error": 42, "email_field_pres": 12, "email_header_validation_target_email": 39, "email_header_validation_using_dkimarc": 39, "email_host": 21, "email_id": 40, "email_intel": 128, "email_issu": 42, "email_list": 41, "email_mailbox_unavailable_error": 42, "email_message_id": [87, 135, 189], "email_nicknam": 21, "email_pars": 90, "email_password": 21, "email_port": 21, "email_provid": 95, "email_recipient__c": 112, "email_result": 41, "email_sender__c": 112, "email_service_unavailable_error": 42, "email_statu": 40, "email_usernam": 21, "emailaddress": [41, 63, 68], "emailapprovalcontactpack": 188, "emailapprovalcontentpack": 188, "emailbouncedd": 112, "emailbouncedreason": 112, "emailcont": [101, 189], "emailcount": [56, 183], "emailencodingkei": 112, "emailmessag": [116, 135, 189], "emailpreferencesautobcc": 112, "emailpreferencesautobccstayintouch": 112, "emailpreferencesstayintouchremind": 112, "emailprocessor": 135, "emailprotect": 87, "emailrol": 78, "embed": [12, 15, 17, 24, 35, 45, 78, 84, 90, 115, 124, 129, 144, 188], "embeddedfil": 90, "emergingthreat": [142, 186], "emir": 135, "eml": [41, 90], "eml_addr": 90, "eml_body_cont": 90, "eml_head": 90, "eml_subject": 90, "empir": 42, "empire_c2_http": 42, "empire_c2_tl": 42, "emploi": [71, 110, 165, 189], "employe": [20, 56, 129, 183], "employee_involv": [59, 126], "employeenumb": [112, 116], "employeestatu": 116, "empti": [15, 23, 33, 40, 42, 45, 48, 59, 63, 65, 68, 71, 90, 96, 102, 110, 116, 123, 124, 126, 128, 136, 178, 181, 182, 184], "empty_query_max": 102, "empty_query_skip_typ": 102, "empty_query_wait_sec": 102, "emsisoft": [142, 186], "emsp": 42, "en": [38, 63, 65, 79, 90, 95, 116, 131, 133, 145, 157, 180, 183], "en9h4xveq678opf": 97, "en_u": [34, 95, 112], "enabl": [4, 10, 14, 15, 17, 18, 20, 23, 24, 29, 34, 35, 37, 38, 40, 41, 42, 45, 54, 55, 58, 59, 63, 64, 65, 66, 68, 71, 73, 77, 79, 80, 81, 84, 87, 88, 89, 90, 96, 97, 98, 99, 101, 102, 103, 105, 106, 107, 110, 112, 113, 115, 116, 117, 118, 119, 120, 124, 125, 126, 129, 142, 144, 146, 150, 151, 153, 155, 157, 165, 166, 181, 182, 184, 186, 188, 189, 190], "enable_add_attachment_valu": 40, "enable_email_convers": 87, "enable_firewall_auth": [54, 55], "enable_team": 131, "enable_write_to_datat": 40, "enablealarmact": 14, "enabled": 15, "enabled_filt": 15, "enabledchat": 146, "enabledt": 42, "enclos": [29, 105, 110, 112, 144], "encod": [35, 40, 45, 57, 59, 84, 87, 90, 97, 107, 110, 126, 131, 140, 144, 149, 165, 178, 179, 185], "encodeddatalength": 185, "encodeds": 185, "encount": [71, 86, 188], "encrypt": [0, 14, 17, 18, 42, 68, 90, 110, 166], "encryptedappl": 115, "encrypteddevicepassword": 116, "encryption_statu": 17, "encryption_typ": 14, "encryptionstatu": 68, "end": [4, 10, 14, 15, 24, 29, 30, 32, 33, 34, 35, 40, 41, 42, 45, 55, 65, 66, 67, 73, 77, 78, 80, 84, 86, 87, 88, 89, 90, 95, 97, 98, 102, 103, 107, 110, 113, 116, 117, 123, 124, 128, 131, 134, 135, 142, 146, 151, 166, 181, 188, 190], "end_address": 148, "end_dat": [42, 59, 97, 126, 134], "end_filt": 78, "end_po": [81, 184], "end_t": 78, "end_tim": [40, 42, 89], "endev": 97, "endfor": [48, 63, 77, 79, 87, 129], "endif": [34, 42, 48, 63, 77, 79, 87, 89, 105, 106, 112, 129, 144], "endmacro": 87, "endobj": 90, "endpoint": [0, 12, 18, 19, 20, 32, 34, 41, 62, 63, 64, 77, 78, 87, 89, 97, 105, 106, 112, 114, 115, 118, 120, 123, 126, 127, 134, 135, 144, 146, 150, 152, 154, 160, 165, 166], "endpoint_3": 97, "endpoint_3_di": 97, "endpoint_hit": 19, "endpoint_nam": 107, "endpoint_notif": 116, "endpoint_notification_ask_messag": 116, "endpoint_notification_messag": 116, "endpoint_quarantine_statu": 116, "endpoint_url": [17, 105, 150], "endpointconnectionstatu": 129, "endpointid": 107, "endpointmachineipaddress": 129, "endpoints_matching_id": 116, "endpointst": 107, "endpointvers": 107, "ends_with": 105, "endstream": 90, "endswith": [58, 153], "endtim": [18, 34, 123], "endtimeutc": 79, "endtoendlat": 90, "enforc": [78, 116, 129, 154, 189], "enforced_rul": 116, "enforcement_id": 17, "enforcement_level": 45, "enforcement_nam": 17, "eng": [63, 85, 90], "engag": 186, "engin": [10, 12, 17, 48, 103, 115, 116, 131, 135, 185, 190], "engine_id": 38, "engine_nam": [142, 186], "engineering2": 131, "engineeringreqnumber__c": 112, "engineeringteam": 131, "enginestot": 185, "english": [85, 145], "enhanc": [10, 14, 24, 34, 35, 41, 42, 45, 65, 66, 73, 77, 79, 80, 88, 89, 90, 98, 103, 108, 110, 113, 116, 117, 124, 128, 131, 142, 151, 154, 181], "enough": [85, 118, 189], "enrich": [12, 17, 42, 54, 55, 58, 61, 71, 74, 77, 91, 95, 98, 101, 102, 116, 127, 139, 144, 147, 148, 150, 151, 153, 157, 165, 184], "enriched_event_typ": 144, "enrol": 68, "ensembl": 69, "ensp": 33, "ensur": [1, 5, 9, 10, 12, 15, 17, 23, 24, 29, 37, 42, 45, 48, 52, 63, 71, 72, 78, 87, 90, 109, 110, 115, 116, 117, 119, 128, 129, 144, 153, 155, 165, 176, 178, 179, 180, 181, 182, 183, 184, 185, 186, 188], "ensureoffens": 102, "ent": [42, 77, 79], "ent_trust_level": 76, "enter": [9, 20, 23, 27, 29, 30, 32, 33, 36, 37, 40, 41, 55, 63, 66, 69, 75, 81, 86, 88, 98, 103, 112, 114, 118, 119, 131, 150, 155, 182, 188, 190], "enterpris": [4, 10, 42, 45, 63, 66, 68, 73, 76, 79, 86, 88, 97, 102, 103, 112, 113, 116, 128, 129, 131, 182], "entir": [79, 86, 98, 108, 110, 125, 146], "entiti": [32, 34, 36, 41, 77, 78, 97, 105, 108, 131, 137, 148, 150], "entities_result": 79, "entitlementview": 73, "entity_id": [79, 123], "entity_list": 123, "entity_properti": 79, "entity_typ": [79, 123], "entity_url": [105, 106, 112, 150], "entity_valu": 79, "entitycard": 123, "entityid": 63, "entityidentifi": 123, "entitymap": 151, "entityrang": 151, "entitysnapshot": 150, "entitysummari": 36, "entitytyp": [77, 123], "entri": [4, 19, 20, 29, 32, 33, 35, 36, 37, 41, 52, 58, 63, 66, 67, 71, 76, 79, 86, 87, 88, 95, 103, 109, 113, 119, 121, 128, 136, 153, 158, 165, 181, 189, 190], "entrop": 121, "entry1_attribute2": 158, "entry1_attribute3": 158, "entry1_dn1_valu": 158, "entry2_attribute2": 158, "entry2_attribute3": 158, "entry2_dn2_valu": 158, "entry_to_datatable_map": [33, 66], "entrypoint": 37, "enumer": [42, 71, 105, 165], "env": 10, "env_3": 3, "environ": [0, 1, 2, 3, 4, 32, 75, 136, 148, 166, 170, 176, 178, 179, 180, 181, 182, 187, 188, 189], "environment2": 123, "environment_keys_pub": 0, "environment_keys_sec": 0, "envvar": 10, "eo": 145, "eoc": 97, "eopattributedmessag": 90, "ep": [89, 116], "ep_osnam": 116, "ephemeral_id": 38, "epmp": 58, "epo": [75, 76, 154, 170], "epo1": 75, "epo_adapt": 17, "epo_admin": 73, "epo_agent_guid": 73, "epo_allow_dupl": 73, "epo_allowed_ip": 73, "epo_delet": 73, "epo_delete_if_remov": 73, "epo_email": 73, "epo_flatten_tree_structur": 73, "epo_full_nam": 73, "epo_group_id": 73, "epo_id": 73, "epo_issue_assigne": 73, "epo_issue_descript": 73, "epo_issue_du": 73, "epo_issue_nam": 73, "epo_issue_prior": 73, "epo_issue_properti": 73, "epo_issue_resolut": 73, "epo_issue_sever": 73, "epo_issue_st": 73, "epo_issue_typ": 73, "epo_last_commun": 73, "epo_new_usernam": 73, "epo_not": 73, "epo_operating_system": 73, "epo_password": 73, "epo_phone_numb": 73, "epo_policy_id": 73, "epo_policy_type_id": 73, "epo_product_id": 73, "epo_push_ag": 73, "epo_push_agent_domain_nam": 73, "epo_push_agent_force_instal": 73, "epo_push_agent_install_path": 73, "epo_push_agent_package_path": 73, "epo_push_agent_password": 73, "epo_push_agent_skip_if_instal": 73, "epo_push_agent_suppress_ui": 73, "epo_push_agent_user_nam": 73, "epo_subject_dn": 73, "epo_system": 73, "epo_system_nam": 73, "epo_system_names_or_id": 73, "epo_tag": 73, "epo_ticket_id": 73, "epo_ticket_server_nam": 73, "epo_trust_cert": 73, "epo_uninstall_remov": 73, "epo_url": 73, "epo_user_dis": 73, "epo_user_password": 73, "epo_usernam": 73, "epo_windows_domain": 73, "epo_windows_usernam": 73, "epoagentmeta": 73, "epoassignedpolici": 73, "epobranchnod": 73, "epoch": [26, 35, 42, 59, 65, 84, 105, 126, 134, 166, 181], "epoch_now": 42, "epoch_tim": 78, "epochconvert": 181, "epocomputerproperti": 73, "epoleafnod": 73, "epp": [142, 186], "epsspercentil": 150, "epssprob": 150, "epsssever": 150, "epyc": 115, "eq": 78, "equal": [12, 14, 15, 17, 18, 23, 24, 32, 53, 59, 63, 66, 71, 79, 88, 90, 97, 101, 102, 105, 106, 107, 109, 112, 115, 118, 126, 129, 134, 135, 144, 153, 165, 166], "equat": 118, "equatori": 135, "equip": 112, "equiv": [40, 41], "equival": [42, 84, 180], "erad": [114, 119], "eri": 135, "eritrea": 135, "err": [12, 17, 24, 45, 54, 78, 90, 115, 129, 135, 144, 181], "err_msg_ascii": 15, "err_msg_valid": 15, "errmsg": 119, "error": [9, 11, 12, 14, 15, 17, 18, 23, 24, 27, 28, 29, 32, 34, 35, 37, 41, 42, 51, 54, 55, 59, 60, 62, 63, 67, 68, 70, 71, 72, 76, 77, 78, 80, 84, 86, 89, 90, 94, 98, 99, 100, 101, 103, 105, 106, 107, 110, 112, 113, 114, 115, 119, 120, 122, 123, 126, 127, 130, 135, 139, 140, 141, 142, 144, 148, 153, 159, 160, 177, 178, 179, 181, 182, 189, 190], "error_cod": 153, "error_messag": 136, "error_outli": 55, "error_tag": 34, "errorcod": [107, 116, 123], "errorhresult": 77, "errormessag": 123, "es7q": 97, "es_auth_password": 38, "es_auth_usernam": 38, "es_cafil": 38, "es_datastore_schem": 38, "es_datastore_url": 38, "es_doc_typ": 38, "es_index": 38, "es_queri": 38, "es_use_http": 38, "es_verify_cert": 38, "es_veryify_cert": 38, "esamtrad": [110, 165], "esc_valu": 109, "escal": [22, 34, 48, 58, 74, 79, 89, 102, 105, 106, 107, 112, 114, 115, 120, 129, 144, 150, 159, 184], "escalation_interv": 22, "escalation_polici": 89, "escalation_policy_refer": 89, "escalation_queri": 22, "escap": [42, 79, 84, 112, 124, 141], "eset": [121, 142, 186], "esh": 135, "esixa4962hljmlj": 97, "esm": [116, 154], "esm_password": 74, "esm_polling_interv": 74, "esm_url": 74, "esm_usernam": 74, "esn": 96, "esp": 135, "especi": [34, 48, 63, 89, 106, 112, 144, 150], "esperanto": 145, "est": 135, "establish": [37, 58, 77, 84, 86, 108, 131, 135, 146], "estim": 20, "estimated_queri": 12, "estonia": 135, "estonian": 145, "estsecur": [142, 186], "esx_host_nam": 144, "esx_host_uuid": 144, "esxi": 42, "et": [145, 165, 185], "etag": [18, 41, 45, 79, 110, 131, 185], "etc": [4, 8, 10, 11, 12, 17, 18, 24, 36, 40, 42, 54, 63, 66, 73, 75, 78, 80, 82, 84, 85, 90, 96, 110, 113, 115, 116, 123, 140, 144, 161, 176, 177, 178, 179, 180, 181, 182, 188, 189], "eternalblu": 42, "eternalblue_exploit": 42, "eth": 135, "eth0": 115, "eth1": 115, "ether": 42, "ether_type_id": 116, "ethernet": 77, "ethiopia": 135, "ethnic": 95, "etre": 165, "etw": 107, "etweventdescript": 107, "etwipaddress": 107, "etwipport": 107, "etwtargetdomainnam": 107, "etwtargetusernam": 107, "etwworkstationnam": 107, "eu": [18, 106, 145], "eu1": 150, "eu2": 150, "eur2": 147, "eur5": 147, "europ": [20, 40, 185], "eustatiu": 135, "eval": 128, "even": [40, 71, 101, 102, 110, 113, 150, 184], "event": [14, 20, 25, 38, 41, 45, 48, 54, 65, 74, 75, 76, 89, 97, 98, 113, 117, 123, 135, 144, 148, 160, 182, 190], "event_attack_stag": 144, "event_count": [101, 102, 103, 184], "event_creator_email": 80, "event_descript": 144, "event_dt_nam": 34, "event_first_seen": 14, "event_host": 182, "event_id": [23, 58, 80, 128, 144], "event_last_seen": 14, "event_nam": 102, "event_received_at": 135, "event_sourc": 182, "event_source_typ": 182, "event_threat_scor": 144, "event_tim": [48, 102], "event_titl": 34, "event_transformer_api_inbound_integration_refer": 89, "event_typ": [23, 106, 144], "event_type_descript": 23, "event_type_id": 23, "event_type_nam": 23, "eventannot": 102, "eventcount": 102, "eventdatetim": [78, 116], "eventdescript": 36, "eventdetail": 131, "evented_at": 106, "eventfirstseen": 14, "eventid": [116, 123], "eventlastseen": 14, "eventnam": 123, "eventreport": 80, "events_actor": 148, "events_api_v2_inbound_integration_refer": 89, "events_url": 45, "eventtyp": [36, 107], "eventu": [87, 155], "everi": [0, 22, 32, 40, 58, 71, 86, 97, 113, 166, 177, 189], "everyth": [37, 70, 108], "evid": [77, 98, 116], "evidence_data": 106, "evidencecreationtim": 77, "evidenceid": 123, "evidencenam": 123, "evidencethumbnailbase64": 123, "ew": [65, 185], "ex": [3, 9, 12, 17, 23, 24, 35, 45, 52, 54, 55, 59, 65, 67, 76, 77, 78, 84, 87, 90, 102, 107, 113, 115, 116, 118, 121, 123, 126, 129, 136, 144, 146, 178, 179, 180, 181, 182, 187], "exact": [68, 105, 110], "exampl": [0, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 56, 57, 58, 59, 61, 62, 63, 64, 65, 69, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 99, 100, 101, 103, 104, 105, 106, 107, 108, 109, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 137, 138, 139, 140, 141, 142, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 157, 159, 163, 165, 166, 167, 176, 177, 178, 179, 180, 181, 182, 186, 190], "example1": 68, "example2": 68, "example_apivoid_dns_lookup": 12, "example_apivoid_domain_reput": 12, "example_apivoid_email_verifi": 12, "example_apivoid_ip_reput": 12, "example_apivoid_ssl_info": 12, "example_apivoid_threatlog": 12, "example_apivoid_url_reput": 12, "example_calendar_invit": 21, "example_clamav_scan_artifact_attach": 27, "example_clamav_scan_attach": 27, "example_close_incid": 59, "example_create_incid": 59, "example_create_pastebin": 92, "example_create_webex_meet": 30, "example_create_zoom_meeting_incid": 31, "example_elasticsearch_query_from_artifact": 38, "example_elasticsearch_query_from_incid": 38, "example_execute_netdevice_command": 83, "example_execute_netdevice_configuration_command": 83, "example_geocoding_get_address": 44, "example_geocoding_get_coordin": 44, "example_grpc_communication_interfac": 52, "example_grr_search_by_ip": 190, "example_html2pdf": 57, "example_icdx_get_event_data": 58, "example_icdx_get_event_datat": 58, "example_icdx_search_for_ev": 58, "example_icdx_search_for_events_from_archives_other_than_system": 58, "example_icdx_search_for_events_related_to_device_nam": 58, "example_icdx_search_for_events_related_to_ip": 58, "example_invoke_aws_lambda_python_addit": 16, "example_invoke_step_function_asynchron": 16, "example_invoke_step_function_synchron": 16, "example_isitphishing_analyze_html_docu": 62, "example_isitphishing_analyze_html_document_artifact": 62, "example_isitphishing_analyze_url": 62, "example_maas360_basic_search": 68, "example_maas360_cancel_pending_wip": 68, "example_maas360_delete_app": 68, "example_maas360_get_software_instal": 68, "example_maas360_locate_devic": 68, "example_maas360_lock_devic": 68, "example_maas360_stop_app_distribut": 68, "example_maas360_wipe_devic": 68, "example_mcafee_publish_to_dxl_set_tie_reput": 75, "example_mcafee_publish_to_dxl_tag_system": 75, "example_microsoft_security_graph_alert_search": 78, "example_microsoft_security_graph_get_alert_detail": 78, "example_microsoft_security_graph_resolve_alert": 78, "example_microsoft_security_graph_update_alert": 78, "example_odbc_delete_postgresql": 86, "example_odbc_insert_postgresql": 86, "example_odbc_select_postgresql": 86, "example_odbc_update_postgresql": 86, "example_of_email_header_validation_using_dkimarc_artifact": 39, "example_of_email_header_validation_using_dkimarc_attach": 39, "example_phishai_scan_url": 93, "example_pipl_search_funct": 95, "example_search_incid": 59, "example_send_email": 87, "example_send_incident_email_html": 87, "example_send_incident_email_html2": 87, "example_send_incident_email_text": 87, "example_send_sms_incid": 16, "example_send_task_email_html": 87, "example_send_task_email_html2": 87, "example_shodan_host_lookup": 122, "example_snow_update_record_on_severity_chang": 118, "example_soar_utilities_artifact_attachment_to_base64": 126, "example_soar_utilities_artifact_hash": 126, "example_soar_utilities_attachment_hash": 126, "example_soar_utilities_attachment_to_base64": 126, "example_soar_utilities_close_incid": 126, "example_soar_utilities_create_incid": 126, "example_soar_utilities_get_incident_contact_info": 126, "example_soar_utilities_get_task_contact_info": 126, "example_soar_utilities_search_incid": 126, "example_soar_utilities_soar_search": 126, "example_soar_utilities_string_to_attach": 126, "example_soar_utilities_zip_extract": 126, "example_soar_utilities_zip_extract_to_artifact": 126, "example_soar_utilities_zip_list": 126, "example_staxx_indicator_import": 9, "example_staxx_indicator_search": 9, "example_url_to_dn": 138, "example_urlscanio": 140, "example_us": [20, 109], "example_wiki_create_pag": 149, "example_wiki_get_cont": 149, "example_wiki_lookup": 149, "exampleuser1": 40, "examplewww": 26, "exce": 58, "exceed": 106, "exceededmaximum": 36, "excel": [33, 126, 180], "except": [12, 15, 17, 18, 23, 24, 37, 42, 45, 46, 55, 56, 58, 78, 80, 84, 86, 87, 90, 110, 115, 120, 129, 135, 142, 143, 144, 148, 153, 177, 186, 190], "exceptioninstruct": 48, "excess": 55, "excessive_ip_fragment": 42, "exchang": [1, 8, 10, 33, 42, 55, 58, 75, 76, 87, 90, 99, 102, 110, 117, 120, 154, 155, 167, 183, 185, 186, 188, 190], "exchange2016": 40, "exchange_date_of_retriev": 40, "exchange_delete_source_fold": 40, "exchange_destination_folder_path": 40, "exchange_dt_count_attach": 40, "exchange_dt_created_tim": 40, "exchange_dt_email_statu": 40, "exchange_dt_end_tim": 40, "exchange_dt_mandatory_attende": 40, "exchange_dt_meeting_inform": 40, "exchange_dt_meeting_loc": 40, "exchange_dt_meeting_subject": 40, "exchange_dt_message_id": 40, "exchange_dt_message_subject": 40, "exchange_dt_optional_attende": 40, "exchange_dt_recipient_email": 40, "exchange_dt_sender_email": 40, "exchange_dt_start_tim": 40, "exchange_email": 40, "exchange_email_id": 40, "exchange_email_information_dt": 40, "exchange_email_oper": 40, "exchange_email_recipi": 40, "exchange_end_d": 40, "exchange_folder_path": 40, "exchange_force_delete_subfold": 40, "exchange_get_email": 40, "exchange_hard_delet": 40, "exchange_has_attach": 40, "exchange_is_online_meet": 40, "exchange_meeting_bodi": 40, "exchange_meeting_end_tim": 40, "exchange_meeting_loc": 40, "exchange_meeting_start_tim": 40, "exchange_meeting_subject": 40, "exchange_message_bodi": 40, "exchange_message_id": 40, "exchange_message_subject": 40, "exchange_num_email": 40, "exchange_optional_attende": 40, "exchange_order_by_rec": 40, "exchange_required_attende": 40, "exchange_search_subfold": 40, "exchange_send": 40, "exchange_start_d": 40, "exchangelab": 41, "exchangelib": 40, "exchangeprovisioningflag": 131, "exclud": [12, 17, 18, 24, 34, 40, 41, 45, 58, 78, 86, 87, 90, 97, 107, 108, 112, 115, 129, 144, 180, 181, 182, 187, 189, 190], "exclude_did": 34, "exclude_incident_field": 181, "exclude_incident_fields_fil": [180, 182], "excludedtag": 73, "excludehost": 116, "excludepassword": 146, "exclus": [23, 34, 71, 118, 155, 165, 177, 180], "exclusion_fil": [180, 182], "exclusion_set": 23, "excut": 116, "exec": 77, "execut": [4, 9, 10, 11, 14, 15, 19, 22, 23, 26, 28, 29, 34, 42, 51, 52, 55, 58, 60, 64, 67, 68, 83, 84, 86, 90, 94, 96, 97, 99, 100, 105, 107, 110, 113, 114, 115, 116, 120, 121, 122, 124, 127, 128, 130, 131, 133, 134, 135, 139, 141, 143, 144, 148, 153, 155, 157, 158, 159, 162, 165, 177, 178, 179, 181, 182, 184, 189], "execute_cal": 111, "execute_call_v2": 111, "execution_arn": 16, "execution_d": [15, 97], "execution_detail": 16, "execution_tim": 58, "execution_time_m": [7, 9, 10, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 30, 32, 34, 35, 37, 40, 41, 42, 45, 46, 48, 50, 54, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 79, 80, 83, 84, 85, 86, 87, 88, 90, 91, 95, 96, 97, 102, 103, 105, 106, 107, 108, 110, 112, 113, 115, 116, 118, 121, 123, 125, 126, 128, 129, 131, 134, 135, 136, 144, 146, 148, 150, 151, 152, 157, 183, 184], "executionarn": 16, "executor": 113, "exempt": 110, "exfil": 42, "exfiltr": 42, "exhibit": [71, 165], "exim": 42, "exist": [1, 7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 22, 23, 24, 26, 27, 28, 29, 31, 34, 35, 37, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 54, 55, 56, 57, 58, 59, 60, 63, 64, 65, 66, 70, 71, 72, 73, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 121, 123, 124, 125, 126, 128, 129, 130, 131, 134, 135, 136, 140, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 155, 163, 165, 174, 176, 177, 178, 179, 180, 181, 182, 184, 188, 189, 190], "existing_descript": [80, 157], "exit": [20, 37, 63, 97, 104, 109, 155], "exit_address": 104, "exitcod": 84, "exmypb": 51, "exo_attachment_nam": 41, "exo_destination_mailfolder_id": 41, "exo_dt_email_address": 41, "exo_dt_has_attach": 41, "exo_dt_message_fold": 41, "exo_dt_message_id": 41, "exo_dt_message_subject": 41, "exo_dt_query_d": 41, "exo_dt_received_d": 41, "exo_dt_sender_email": 41, "exo_dt_statu": 41, "exo_dt_web_link": 41, "exo_email_address": 41, "exo_email_address_send": 41, "exo_end_d": 41, "exo_has_attach": 41, "exo_mail_fold": 41, "exo_mailfolders_id": 41, "exo_meeting_bodi": 41, "exo_meeting_email_address": 41, "exo_meeting_end_tim": 41, "exo_meeting_loc": 41, "exo_meeting_optional_attende": 41, "exo_meeting_required_attende": 41, "exo_meeting_start_tim": 41, "exo_meeting_subject": 41, "exo_message_bodi": 41, "exo_message_query_results_dt": 41, "exo_message_subject": 41, "exo_messages_id": 41, "exo_query_messages_result": 41, "exo_query_output_format": 41, "exo_recipi": 41, "exo_start_d": 41, "exp": 102, "expand": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165, 184], "expand_argument_var": 10, "expand_list": [12, 17, 24, 45, 78, 90, 115, 129, 144, 147], "expand_list_result": [12, 17, 24, 45, 78, 90, 115, 129, 144], "expanded_list": [12, 17, 24, 45, 78, 90, 115, 129, 144, 147], "expans": 84, "expansion_list": 84, "expect": [20, 34, 47, 72, 110, 134, 160, 161, 166, 180, 189, 190], "experi": [102, 103, 134, 135, 188], "experiment": 42, "experimentalmetr": 42, "experimentalmetricanomali": 42, "experimentalsourc": 42, "expir": [0, 12, 18, 42, 77, 84, 90, 92, 98, 105, 107, 110, 116, 134, 142, 185, 188, 190], "expiration_d": 147, "expiration_statu": 90, "expirationdatetim": 131, "expirationinterv": 90, "expirationintervalreason": 90, "expirationstarttim": 90, "expirationstarttimereason": 90, "expirationstatu": 123, "expirationtim": 77, "expirationtime_t": 77, "expired_cert": 42, "expires_in": 87, "expiri": [18, 34, 90, 142, 186], "expirytim": 18, "expirytimeoffsetminut": 18, "explain": 177, "explan": [48, 69, 82], "explic": 37, "explicit": 189, "explicitli": [35, 84, 112, 120, 179, 189], "exploit": [7, 34, 42, 56, 77, 105, 116, 183], "exploitabilityscor": 150, "exploitinkit": 77, "exploittyp": 77, "exploituri": 77, "exploitverifi": 77, "explor": [23, 77, 150], "expon": [142, 186], "export": [3, 42, 46, 77, 124, 126, 154, 159, 180, 181, 187, 190], "expos": [4, 20, 37, 47, 48, 56, 58, 79, 109, 110, 120, 131, 133, 157, 166, 177, 183], "exposedmachin": 77, "exposedservic": 48, "exposur": [33, 59, 77, 98, 112, 123, 126], "exposure_dept_id": [59, 126], "exposure_individual_nam": [59, 126], "exposure_type_id": [59, 126], "exposure_vendor_id": [59, 126], "exposurelevel": 77, "express": [14, 15, 23, 34, 42, 63, 101, 112, 116, 149, 153, 161, 189], "extend": [7, 40, 90, 97, 106, 110, 118, 131, 146, 161], "extended_key_usag": [142, 186], "extendedkeyusag": 87, "extends_uuid": 80, "extens": [4, 5, 12, 20, 78, 84, 87, 90, 102, 112, 116, 118, 141, 142, 143, 151, 154, 170, 176, 178, 179, 180, 182, 186, 188, 190], "extension_list": 116, "extensionel": 97, "extern": [4, 12, 23, 34, 37, 42, 66, 77, 79, 87, 105, 106, 107, 110, 115, 116, 123, 141, 144, 150, 155, 156, 181, 184], "external_attr": 126, "external_db_req": 42, "external_exec_file_download": 42, "external_hostnam": 190, "external_ip": [23, 32], "external_ldap_req": 42, "external_network_scan": 150, "external_nfs_req": 42, "external_refer": [81, 184], "external_sourc": 106, "external_ssh_new_devic": 42, "external_system": 48, "external_uri": 48, "externalid": [77, 115, 150], "externalip": 115, "externalreferenceid": 116, "externalticketexist": 115, "externalticketid": 115, "externaltrigg": 34, "extfil": 87, "extra": [21, 37, 42, 57, 85, 99, 109, 110, 120, 190], "extra_packag": 4, "extract": [8, 33, 40, 43, 55, 60, 71, 81, 90, 97, 101, 107, 116, 132, 135, 153, 166, 184, 189], "extract_vers": 126, "extracted_fil": 126, "extragop": 42, "extrahop": 154, "extrahop_active_from": 42, "extrahop_active_until": 42, "extrahop_activitymap": 42, "extrahop_activitymap_id": 42, "extrahop_always_return_bodi": 42, "extrahop_artifact_typ": 42, "extrahop_assign": 42, "extrahop_assigne": 42, "extrahop_bpf": 42, "extrahop_cafil": 42, "extrahop_cloud_api_url": 42, "extrahop_console_url": 42, "extrahop_detect": 42, "extrahop_detection_assigne": 42, "extrahop_detection_categori": 42, "extrahop_detection_id": 42, "extrahop_detection_link": 42, "extrahop_detection_resolut": 42, "extrahop_detection_risk_score_min": 42, "extrahop_detection_statu": 42, "extrahop_detection_ticket_id": 42, "extrahop_detection_typ": 42, "extrahop_detection_upd": 42, "extrahop_devic": 42, "extrahop_device_field": 42, "extrahop_device_id": 42, "extrahop_device_oper": 42, "extrahop_device_operand": 42, "extrahop_end_tim": 42, "extrahop_id": 42, "extrahop_ip1": 42, "extrahop_ip2": 42, "extrahop_limit": 42, "extrahop_limit_byt": 42, "extrahop_limit_search_dur": 42, "extrahop_mod_tim": 42, "extrahop_not": 42, "extrahop_offset": 42, "extrahop_output": 42, "extrahop_particip": 42, "extrahop_port1": 42, "extrahop_port2": 42, "extrahop_risk_scor": 42, "extrahop_rx_api_kei": 42, "extrahop_rx_api_vers": 42, "extrahop_rx_cloud_console_url": 42, "extrahop_rx_host_url": 42, "extrahop_rx_key_id": 42, "extrahop_rx_key_secret": 42, "extrahop_search_filt": 42, "extrahop_search_typ": 42, "extrahop_site_nam": 42, "extrahop_site_uuid": 42, "extrahop_sort": 42, "extrahop_statu": 42, "extrahop_tag": 42, "extrahop_tag_id": 42, "extrahop_tag_nam": 42, "extrahop_ticket_id": 42, "extrahop_unassign": 42, "extrahop_update_notif": 42, "extrahop_update_tim": 42, "extrahop_valu": 42, "extrahop_watchlist": 42, "extrahop_watchlist_act": 42, "eyj0exaioijkv1qilcjzdii6ijawmdawmsisinptx3nrbsi6inptx28ybsisimfszyi6ikhtmju2in0": 31, "eyjhdwqioijjbgllbnrzbsisinvpzci6inhwdnpidfpju29hvkvusxe2vhhqsleilcjpc3mioij3zwiilcjzayi6ijailcjzdhkiojewmcwid2nkijoidxmwnsisimnsdci6mcwibw51bsi6ijg5otiymje2nza5iiwizxhwijoxnjc5otywndgzlcjpyxqioje2nzk5ntmyodmsimfpzci6ikxtvjjvshzvu3ftd0nmevptcxppcwcilcjjawqioiiifq": 31, "eyxn": 131, "ez": 185, "f": [10, 12, 14, 15, 17, 18, 20, 23, 24, 25, 34, 35, 37, 40, 42, 45, 65, 66, 71, 73, 78, 79, 80, 84, 85, 88, 90, 102, 103, 112, 115, 116, 118, 125, 128, 129, 131, 142, 144, 150, 151, 153, 165, 166, 190], "f0": [42, 53, 115], "f058a82542e8": 105, "f09a9e37d125": 97, "f0dc3f88": 77, "f1": 42, "f138": 12, "f1568e3bac1f211b397e2dac71fd6bf7": 116, "f1988": 151, "f2": [23, 42], "f23eedc71476022c0fffe53ac794688f0227afc207e20091adf47b304777b92": 45, "f2baedb0ac74f8f42fc929e15f56da6a": 14, "f3": 23, "f31bb1cf": 23, "f35ad45a1f57b45713d7": 45, "f390": 105, "f4": [42, 116], "f408": 144, "f41b": 103, "f4241202": 97, "f5": [23, 42], "f5ee89bb1e4a0b1c3c7f1e8d05d0677f2b2b5919": 77, "f5firepass": 103, "f5network": 103, "f6": 42, "f605": 102, "f617": 77, "f62ab0f7": 105, "f6b6cba4": 80, "f6ec44f025c67ab18170da47c1c610a94a9c84741f3cdfceb20cee565579868a": 144, "f6f5835d41d48d27a1ed7101ae0e21dc3548aab452f5c5d9a634f68c09b50b3ec062f086296628f8d226566637887e5c7be815c83abe2dc8b2746e324b70ac5c": 126, "f70c369a77320d54c042f0c632ee29c69c1f11899c4d5fe20b4cfaeda89d21ac": 185, "f765": 79, "f7e3b66a064c": 131, "f7z0me0oseguuarcvdl9xw": 38, "f814e5ef": 105, "f8a6a244138cb1e2f044f63f3dc42beeb555da892bbd7a121274498cbdfc9ad5": 23, "f95e": 23, "f9d2": 97, "f9e12dde6f68": 105, "f9e1983f24e1": 106, "f9e19e19e1": 106, "f9e1e1e1e1e1e1e1": 106, "f9e1e1e1e1ee1": 106, "f9ebc106951f": 105, "f9ed69326ca1": 144, "f9efe1e1e1e1e1": 106, "f9wohrng": 98, "f_base": 116, "f_hash": 144, "fa": [12, 17, 24, 45, 78, 90, 115, 129, 144, 145], "fa059989": 150, "fa89897771d8": 79, "fa8e": 58, "face": 105, "facebook": [56, 95, 183], "facilit": [20, 42, 116, 135, 153], "fact": 131, "factor": [15, 41, 56, 183], "faf1d0b6": 80, "fail": [7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 24, 29, 34, 35, 42, 45, 48, 50, 52, 59, 63, 64, 70, 76, 77, 78, 79, 80, 84, 88, 89, 90, 91, 96, 97, 102, 103, 104, 106, 107, 109, 110, 112, 113, 115, 116, 118, 119, 121, 123, 124, 126, 128, 129, 131, 136, 138, 142, 144, 150, 152, 180, 181, 183, 185, 186], "fail_reason": [30, 40, 131, 146], "failed_attach": 41, "failedact": 115, "failur": [9, 11, 15, 19, 28, 40, 42, 51, 59, 60, 67, 83, 84, 87, 94, 96, 99, 100, 103, 104, 106, 110, 114, 122, 123, 126, 127, 130, 139, 141, 148, 159, 181, 188], "failure_count": 128, "fake": [36, 48], "falcon": [84, 115], "falconapi": 32, "falkland": 135, "fals": [7, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 22, 23, 24, 34, 35, 36, 37, 38, 40, 41, 42, 45, 48, 52, 53, 54, 55, 56, 58, 59, 63, 64, 65, 66, 68, 71, 72, 73, 74, 75, 77, 78, 79, 80, 83, 84, 87, 88, 89, 90, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 118, 120, 123, 124, 126, 128, 129, 131, 135, 136, 137, 142, 144, 146, 148, 150, 151, 153, 157, 158, 165, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 190], "falseposit": [65, 77, 79], "falsi": 185, "famili": [18, 40, 57, 87, 95, 98, 101, 116, 128, 135, 171], "familiar": 55, "families_list": 98, "faro": 135, "fashion": [40, 110], "faso": 135, "fast": [77, 96], "fasten": 98, "faster": [114, 124, 168, 182], "fatal": 58, "father": 95, "fault": 23, "favorit": 84, "fax": [112, 186], "faxg59hr0v9fx8vlyxcxf25tbutk5hfxcqwlpyfdqiiiiujo6nzc3jexl7e3t6ioqdu1ndfx13t7e1pywizbqfscattu1erbqtiymjc3n4ehh8xfxs8vl7m5udbw1hsbg2mmt7ozs1gymkqe5p8ebmwaagiqkreaai0iclu7u80aaouaajucav4aaoqaad8": 185, "fb": 90, "fb33": 97, "fb5360be": 79, "fb94": 105, "fb9442f5411f": 80, "fbca0cd6": 80, "fbf657a616e211efaf639b4554e04742": 144, "fbgvfpajzirdeh3ua1": 110, "fbwf": 116, "fc3cdac565b676f3b5f5610fcf58160617fe83dfd691ee20d72a98990a058808": 98, "fc67": 116, "fc8c": 23, "fcd21bbeec66b34322c57b50478014ef": 106, "fd046ede": 97, "fd1a1e9e50fa": 38, "fd94": 77, "fdadb5a8": 97, "fdasfdjhk76876gshkf": 92, "fdf4c7f9": 23, "fe4b8cbd": 77, "fe80": [77, 116], "fe83": 116, "featur": [11, 26, 32, 51, 55, 67, 69, 70, 99, 126, 134, 136, 154, 158], "feature_nam": 58, "feature_path": 58, "feature_typ": 58, "feature_uid": 58, "featureid": 73, "featurenam": 73, "feb": [103, 113], "februari": [40, 183], "fec0": 116, "fec765d91888d9bbf6847953304233b8": 14, "fed": 37, "feder": 135, "federationidentifi": 112, "fedora": 116, "fee": 56, "feed": [4, 71, 110, 154, 180, 181], "feed_data": [176, 178, 179, 180, 181, 182], "feed_data_resili": 181, "feed_directori": 176, "feed_fe": 176, "feed_item_typ": 135, "feed_nam": [9, 176, 178, 179, 180, 181, 182], "feed_site_netloc": 9, "feedback": [78, 135], "feeder": [154, 178, 182], "feel": 96, "fegcxb3rdkim5dfog6sccfwia4yayv0rdgnlerbqntkyt14": 110, "feodo": 71, "feodo_id": 71, "ferrari": 105, "fetch": [23, 54, 55, 86, 102, 110, 116], "few": [4, 9, 29, 40, 48, 86, 120, 134, 164, 181], "fewer": 34, "ff": 116, "ff00": 116, "ff00ff": 101, "ff402b": [27, 66, 90], "ffdf57": 87, "fff": 79, "ffff": 116, "fgshdsgfjn": 35, "fgzfdhgxj": 35, "fi": [23, 145], "fiberlink": 68, "fident": 23, "field": [8, 10, 12, 13, 15, 19, 21, 23, 24, 30, 32, 33, 35, 40, 41, 45, 52, 59, 62, 65, 67, 68, 69, 71, 72, 73, 76, 82, 86, 88, 89, 90, 95, 97, 99, 100, 104, 109, 110, 113, 114, 116, 117, 119, 120, 124, 126, 128, 134, 138, 142, 146, 153, 157, 159, 160, 162, 164, 166, 177, 181, 182, 184, 186, 187, 188, 189, 190], "field_guardium_insights_config_id": 54, "field_guardium_insights_global_id": 54, "field_guardium_insights_what": 54, "field_guardium_insights_when": 54, "field_guardium_insights_wher": 54, "field_guardium_insights_whi": 54, "field_guardium_insights_who": 54, "field_mask": 48, "field_nam": [17, 59, 87, 118, 126], "field_typ": 97, "field_type_handl": 97, "field_uuid": 97, "field_valu": [59, 126], "fieldlabel": [59, 126], "fieldnam": [59, 112, 126], "fieldvalu": [59, 126], "fife": 186, "fiji": 135, "file": [1, 3, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 30, 31, 33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 46, 48, 50, 51, 52, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 108, 109, 111, 112, 113, 114, 115, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 136, 138, 139, 140, 141, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 155, 157, 158, 159, 160, 162, 163, 164, 165, 166, 167, 170, 171, 176, 177, 178, 179, 180, 181, 183, 184, 185, 186, 187, 188, 189], "file_access_failur": 42, "file_cr": 144, "file_descript": 23, "file_fe": [176, 178, 179, 181, 182], "file_hash": 128, "file_id": 116, "file_intel": 128, "file_list": 23, "file_list_guid": 23, "file_nam": [23, 27, 45, 47, 76, 106, 116, 126, 128, 180], "file_path": [23, 116], "file_path_list": 116, "file_s": 126, "file_scan_result": 144, "file_sha256": 23, "file_signature_state_sign": 144, "file_signature_state_verifi": 144, "file_typ": [12, 23], "file_upload_statu": 116, "fileaccessd": 129, "filebase64prefix": 77, "filebeat": 38, "filecreated": 129, "fileextens": 115, "fileextensiontyp": 115, "filehash": [71, 102], "fileidentifi": 77, "fileidentifiertyp": 77, "fileinfector": 121, "fileinfo": 126, "filemod": 144, "filemod_act": 144, "filemod_hash": 144, "filemod_issu": 144, "filemod_nam": 144, "filemod_publish": 144, "filemod_publisher_st": 144, "filemod_reput": 144, "filenam": [19, 23, 25, 34, 39, 45, 56, 62, 72, 77, 80, 84, 90, 97, 102, 104, 107, 123, 126, 133, 142, 144, 171, 186], "fileown": 129, "filepath": [77, 115], "fileprior": 72, "fileproductnam": 77, "fileproperti": 153, "filepublish": 77, "files": [115, 121, 153], "files_match": 10, "filesha1": 77, "filesha256": 77, "filest": 78, "filesystem": 116, "filesytem": 116, "filetyp": [77, 123, 153], "fileusag": 180, "fileverificationtyp": 115, "fill": [17, 31, 34, 40, 48, 63, 69, 89, 96, 105, 106, 112, 120, 135, 144, 150], "filter": [9, 11, 14, 15, 23, 28, 32, 34, 40, 42, 51, 55, 58, 59, 60, 63, 65, 66, 67, 68, 69, 78, 85, 87, 89, 90, 94, 97, 98, 99, 100, 102, 107, 114, 116, 122, 123, 126, 127, 129, 130, 136, 139, 141, 148, 150, 153, 159, 181, 189], "filter_by_nam": 77, "filter_prop": 42, "filterbi": 150, "filtertyp": 34, "fin": [42, 135], "final": [4, 20, 58, 71, 80, 87, 97, 181], "final_status": 116, "finance_go": 54, "find": [4, 7, 8, 10, 12, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 31, 33, 34, 35, 36, 38, 41, 42, 45, 46, 50, 52, 54, 57, 59, 62, 63, 64, 65, 66, 68, 70, 71, 74, 75, 76, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 138, 142, 144, 145, 146, 149, 150, 151, 152, 153, 154, 165, 181, 184, 190], "find_sync_row": 181, "findal": [12, 17, 24, 45, 78, 90, 108, 115, 116, 129, 135, 144, 189], "finder": 40, "findincid": 135, "finding_class": 48, "finding_id": 48, "finding_nam": 48, "finding_payload_as_str": 14, "finding_url": 48, "findings_filt": 48, "findings_list": 48, "finfo": 119, "finger": 116, "fingerprint": [42, 97, 171], "fingerprintlist_id": 116, "finish": [19, 37, 72, 131], "finish_tim": 144, "finland": 135, "finnish": 145, "fire": 102, "firebrick": 40, "fireey": 43, "firefox": [116, 125, 190], "firepass": 103, "firewal": [48, 54, 55, 79, 83, 117, 120, 163], "firewall_1": 24, "firewall_group_pair": 24, "firewall_group_pair_list": 24, "firewall_id": 24, "firewall_nam": 24, "firewall_scann": 48, "firewallen": 115, "firewallonoff": 116, "first": [2, 14, 17, 18, 20, 24, 34, 35, 36, 37, 40, 42, 48, 58, 66, 67, 72, 76, 77, 79, 84, 87, 89, 91, 95, 96, 97, 98, 103, 105, 106, 107, 112, 115, 118, 120, 123, 124, 129, 134, 135, 144, 150, 151, 157, 160, 184, 185, 188, 189, 190], "first_alert_tim": 106, "first_event_tim": 106, "first_event_timestamp": 144, "first_nam": [20, 59, 86, 109, 126, 144], "first_packet_tim": 102, "first_parti": 135, "first_persisted_tim": 103, "first_seen": [32, 71, 77, 80, 93, 103, 105, 121, 152], "first_ten_subdomain": 91, "first_trigger_log_entri": 89, "firstact": 77, "firstactivitytimeutc": [65, 79], "firstdetectedat": 150, "firsteventtim": 77, "firstfullmodetim": 115, "firstli": 190, "firstnam": [40, 112], "firstpackettim": 102, "firstpag": 116, "firstregisteredinepochm": 68, "firstseen": [34, 36, 77, 91, 165], "firstseen_t": 77, "firstseenat": 53, "firstwipd": 20, "fish": 116, "fist": [86, 190], "fit": [2, 119, 134, 183], "five": 116, "fix": [7, 10, 11, 14, 19, 23, 24, 35, 40, 41, 42, 44, 48, 56, 63, 64, 65, 66, 73, 74, 76, 77, 78, 79, 80, 87, 88, 89, 90, 94, 95, 97, 98, 99, 101, 102, 103, 109, 111, 113, 116, 117, 124, 126, 128, 129, 131, 139, 140, 141, 142, 148, 149, 151, 167, 171, 177, 180, 181, 182, 187, 188, 189], "fixed_time_per_dai": 89, "fixedvers": 150, "fixlet": 19, "fixvers": 63, "fji": 135, "fl": 23, "flag": [4, 15, 20, 23, 33, 41, 65, 68, 78, 87, 89, 104, 106, 116], "flag_bit": 126, "flagstatu": 41, "flare": 43, "flask": 155, "flaticon": [101, 184], "flatten": [71, 73, 165], "flaw": 77, "fleetspeaken": 53, "flexibl": [37, 80, 123, 140, 146, 180, 188], "flk": 135, "float": [12, 17, 24, 45, 78, 90, 95, 115, 128, 129, 144], "floss_opt": 43, "flow": [97, 110, 131, 146, 155, 177, 184], "flow_6b7udwv": 97, "flow_6b7udwv_di": 97, "flow_9af41ea": 97, "flow_9af41ea_di": 97, "flow_count": [101, 102, 103, 184], "flow_gvkozkt": 97, "flow_gvkozkt_di": 97, "flow_hbegkz1": 97, "flow_hbegkz1_di": 97, "flow_qgvwubw": 97, "flow_qgvwubw_di": 97, "flow_y10ymbl": 97, "flow_y10ymbl_di": 97, "flowcount": 102, "flynhzpctx3spvawqcruf3d": 110, "fn": [7, 8, 9, 10, 11, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 28, 30, 32, 33, 34, 35, 37, 40, 41, 42, 44, 45, 46, 48, 50, 51, 54, 55, 58, 59, 60, 62, 63, 64, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 79, 80, 83, 84, 85, 86, 87, 88, 90, 91, 94, 95, 97, 99, 100, 103, 105, 106, 107, 108, 110, 111, 112, 113, 114, 115, 116, 118, 120, 121, 122, 123, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 136, 139, 140, 141, 143, 146, 148, 150, 151, 152, 157, 159, 184, 185], "fn_abuseipdb": 3, "fn_alienvault_otx": [3, 8], "fn_amp_delete_computer_trajectori": 23, "fn_amp_delete_file_list": 23, "fn_amp_delete_file_list_fil": 23, "fn_amp_get_act": 23, "fn_amp_get_comput": [23, 116], "fn_amp_get_computer_trajectori": 23, "fn_amp_get_ev": 23, "fn_amp_get_event_typ": 23, "fn_amp_get_file_list": 23, "fn_amp_get_file_list_fil": 23, "fn_amp_get_group": [23, 116], "fn_amp_move_comput": 23, "fn_amp_set_file_list_fil": 23, "fn_anomali_staxx": [3, 9], "fn_ansibl": [3, 10, 29], "fn_ansible_tow": [3, 11, 54], "fn_api_void": 3, "fn_apil": [3, 13], "fn_aws_guardduti": [3, 154], "fn_aws_iam": [3, 15], "fn_aws_iam_add_user_to_group": 15, "fn_aws_iam_attach_user_polici": 15, "fn_aws_iam_deactivate_mfa_devic": 15, "fn_aws_iam_delete_access_kei": 15, "fn_aws_iam_delete_login_profil": 15, "fn_aws_iam_delete_mfa_devic": 15, "fn_aws_iam_delete_ss_cr": 15, "fn_aws_iam_delete_ssh_kei": 15, "fn_aws_iam_delete_us": 15, "fn_aws_iam_detach_user_polici": 15, "fn_aws_iam_list_mfa_devic": 15, "fn_aws_iam_list_service_specific_credenti": 15, "fn_aws_iam_list_signing_cert": 15, "fn_aws_iam_list_signing_certif": 15, "fn_aws_iam_list_ssh_public_kei": 15, "fn_aws_iam_list_us": 15, "fn_aws_iam_list_user_access_kei": 15, "fn_aws_iam_list_user_group": 15, "fn_aws_iam_list_user_polici": 15, "fn_aws_iam_remove_user_from_group": 15, "fn_aws_iam_update_access_kei": 15, "fn_aws_iam_update_login_profil": 15, "fn_aws_util": [3, 16], "fn_axoniu": 3, "fn_azure_automation_util": 3, "fn_bigfix": 3, "fn_bluecoat_site_review": [156, 157], "fn_bmc_helix": 3, "fn_calendar_invit": [3, 21], "fn_call_rest_api": 141, "fn_cb_protect": [3, 22], "fn_cisco_amp4ep": 3, "fn_cisco_asa": [3, 24], "fn_cisco_enforc": [3, 25], "fn_cisco_umbrella_inv": [3, 29], "fn_clamav": [3, 27], "fn_cloud_foundri": [3, 28], "fn_compon": [3, 29], "fn_create_webex_meet": [3, 30], "fn_create_zoom_meet": [3, 31], "fn_crowdstrike_falcon": [3, 32], "fn_cve_search": [3, 33], "fn_darktrac": 3, "fn_datatable_util": 3, "fn_digital_shadows_search": [3, 36], "fn_docker": 3, "fn_docker_": 37, "fn_docker_volatil": 37, "fn_elasticsearch": 3, "fn_email_header_valid": [3, 39], "fn_exchang": 3, "fn_exchange_onlin": [3, 41], "fn_extrahop": 3, "fn_floss": [3, 43], "fn_geocod": [3, 44], "fn_github": 3, "fn_google_cloud_dlp": [3, 46], "fn_google_cloud_funct": [3, 47], "fn_google_cloud_scc": 3, "fn_google_maps_direct": 3, "fn_googlesafebrows": [3, 50], "fn_greynois": [3, 51], "fn_grpc_interfac": 3, "fn_grr": 190, "fn_grr_search": [3, 53], "fn_guardium_insights_integr": [3, 54], "fn_guardium_integr": [3, 55], "fn_hibp": [3, 56, 183], "fn_html2pdf": 3, "fn_icdx": 3, "fn_incident_util": 3, "fn_ioc_parser_v2": [3, 60], "fn_ipinfo": [3, 61], "fn_isitphish": [3, 62], "fn_jira": [3, 63], "fn_joe_sandbox_analysi": 3, "fn_kafka": 3, "fn_ldap_search": 158, "fn_ldap_util": [3, 66, 190], "fn_log_captur": [3, 67], "fn_maas360": 3, "fn_machine_learn": 3, "fn_machine_learning_nlp": [3, 70], "fn_mandiant": 3, "fn_mcafee_atd": [3, 72], "fn_mcafee_epo": 3, "fn_mcafee_esm": [3, 74], "fn_mcafee_opendxl": [3, 75], "fn_mcafee_ti": [3, 75, 76], "fn_mcafeee_atd": 72, "fn_microsoft_defend": [3, 77], "fn_microsoft_security_graph": 3, "fn_microsoft_sentinel": [3, 79], "fn_misp": 3, "fn_mitre_integr": [3, 81], "fn_mxtoolbox": [3, 82], "fn_name": [14, 15, 42, 116, 153], "fn_netdevic": [3, 83], "fn_network_util": [3, 84], "fn_ocr": 3, "fn_odbc_queri": [3, 180, 190], "fn_outbound_email": [3, 87, 155, 189], "fn_pa_panorama": [3, 88], "fn_pagerduti": [3, 89], "fn_parse_util": 3, "fn_passivetot": 3, "fn_pastebin": 3, "fn_phish_ai": [3, 93], "fn_phish_tank": [3, 94], "fn_pipl": 3, "fn_playbook_mak": 3, "fn_playbook_util": [3, 97], "fn_proofpoint_tap": 3, "fn_proofpoint_trap": [3, 99], "fn_pulsed": [3, 100], "fn_qradar_advisor": 3, "fn_qradar_enhanced_data": 3, "fn_qradar_integr": [3, 102, 103, 156], "fn_query_tor_network": [3, 104], "fn_randori": 3, "fn_rapid7_insight_idr": 3, "fn_reaqta": 3, "fn_relat": 3, "fn_remedi": [3, 109], "fn_res_to_icd": [156, 159], "fn_rest_api": [3, 165], "fn_risk_fabr": [156, 160], "fn_rsa_netwit": [3, 111], "fn_salesforc": 3, "fn_schedul": [3, 113], "fn_secureworks_ctp": [3, 114], "fn_send_to_staxx": 9, "fn_sentinelon": 3, "fn_sep": 3, "fn_sep_add_fingerprint_list": 116, "fn_sep_assign_fingerprint_list_to_group": 116, "fn_sep_delete_fingerprint_list": 116, "fn_sep_get_command_statu": 116, "fn_sep_get_comput": 116, "fn_sep_get_domain": 116, "fn_sep_get_file_content_as_base64": 116, "fn_sep_get_fingerprint_list": 116, "fn_sep_get_group": 116, "fn_sep_move_cli": 116, "fn_sep_quarantine_endpoint": 116, "fn_sep_scan_endpoint": 116, "fn_sep_update_fingerprint_list": 116, "fn_sep_upload_file_to_sepm": 116, "fn_service_now": [3, 117, 118], "fn_set_move_cli": 116, "fn_shadowserv": 3, "fn_shodan": [3, 122], "fn_siemplifi": 3, "fn_slack": [3, 126], "fn_snapshot_url": 3, "fn_soar_util": 3, "fn_spamhaus_queri": [3, 127], "fn_splunk_integr": [3, 128, 156], "fn_symantec_dlp": 3, "fn_symc_sep_get_group": 116, "fn_task_util": [3, 130], "fn_team": [0, 3], "fn_threatmin": [3, 132], "fn_threatmind": 132, "fn_thug": [3, 133], "fn_timer": [3, 126], "fn_trusteer_ppd": 3, "fn_twilio": [3, 136], "fn_twilio_send_sm": 136, "fn_twitter_most_popular": 3, "fn_url_to_dn": [3, 138], "fn_urlhau": [3, 139], "fn_urlscan": 185, "fn_urlscanio": [3, 140, 185], "fn_util": [1, 3, 10, 16, 47, 57, 110, 140, 141, 156, 190], "fn_virustot": [3, 186], "fn_vmray_analyz": [3, 143], "fn_vmware_cbc": 3, "fn_watson_transl": [3, 145], "fn_watson_translate_api": 145, "fn_watson_translate_source_lang": 145, "fn_watson_translate_source_text": 145, "fn_watson_translate_target_lang": 145, "fn_watson_translate_url": 145, "fn_watson_translate_vers": 145, "fn_webex": 3, "fn_whoi": 3, "fn_whois_rdap": [3, 148], "fn_wiki": 3, "fn_wiz": 3, "fn_xforc": [1, 3, 151], "fn_yeti": 3, "fn_zia": [3, 153], "fname": [59, 126], "fngwii9anc0z3": 97, "fo": 18, "focus": 41, "fold": 12, "folder": [3, 4, 45, 48, 69, 70, 76, 155, 156, 175, 177, 188, 190], "follow": [5, 7, 8, 10, 12, 13, 14, 16, 17, 18, 19, 20, 21, 23, 24, 25, 26, 27, 29, 30, 31, 33, 34, 35, 38, 39, 40, 41, 42, 43, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 133, 134, 135, 136, 139, 140, 142, 143, 144, 145, 146, 150, 151, 152, 153, 155, 157, 158, 160, 161, 164, 165, 166, 169, 170, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "follow_up": 103, "followedurl": 157, "followers_url": 45, "following_url": 45, "font": [40, 57, 87, 101, 107], "font_color": 143, "fontdrvhost": 107, "foo": 109, "forbidden": [29, 42, 77], "forc": [7, 37, 42, 73, 79, 87, 112, 155, 190], "forcepoint": [142, 186], "fordbmigr": 123, "forecasten": 112, "forefront": 90, "foreign": 180, "forens": [84, 99, 106], "forensics_templ": 98, "forest": 69, "forexpack": 101, "forextrahop": 42, "forg": 107, "forgot": 190, "fork": 45, "forks_count": 45, "forks_url": 45, "form": [15, 17, 20, 38, 40, 48, 87, 106, 109, 112, 113, 120, 134, 135, 153, 166, 186, 188], "formal": [107, 157], "format": [1, 7, 8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 30, 31, 32, 33, 34, 35, 37, 38, 39, 40, 41, 42, 45, 46, 47, 48, 49, 50, 52, 53, 54, 57, 58, 59, 61, 62, 63, 64, 65, 66, 67, 68, 69, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 112, 113, 115, 116, 117, 118, 119, 121, 123, 124, 125, 126, 128, 129, 131, 132, 134, 135, 136, 137, 140, 141, 142, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 157, 158, 160, 165, 166, 175, 178, 179, 180, 182, 183, 184, 185, 186, 188, 189, 190], "format_input_param": 42, "format_lin": 77, "format_link": [12, 17, 24, 45, 78, 90, 115, 129, 144], "formatted_d": 32, "formatted_item": [12, 17, 24, 45, 78, 90, 115, 129, 144], "formerli": [12, 20, 23, 31, 34, 40, 41, 45, 63, 64, 71, 73, 77, 84, 87, 98, 103, 107, 108, 112, 115, 116, 118, 135, 142, 151, 165], "formula": 85, "forq8jee9f": 97, "fort": 78, "forth": 181, "fortinet": [42, 121, 142, 186], "fortio": 42, "forum": 148, "forward": [58, 99, 110, 116, 189], "forwardsnsnotificationrol": 14, "found": [3, 4, 9, 10, 12, 15, 17, 18, 19, 24, 27, 32, 34, 35, 36, 37, 40, 41, 42, 45, 46, 48, 53, 58, 59, 60, 63, 66, 68, 71, 72, 73, 75, 77, 78, 79, 80, 81, 85, 87, 90, 94, 98, 100, 101, 103, 104, 105, 106, 107, 115, 116, 118, 124, 126, 128, 129, 133, 137, 144, 147, 149, 150, 152, 153, 165, 166, 180, 181, 183, 184, 185, 187, 188, 189, 190], "found_app": 68, "foundat": 105, "foundri": 154, "four": [63, 101], "fp": 116, "fpl_content": 116, "fpl_content_result": 116, "fpl_exist": 116, "fqdn": [1, 24, 53, 71, 78, 88, 102], "fqdn_analysi": 71, "fr": [12, 145, 157], "fr6k2kn2k": 144, "fra": [85, 135], "fragment": [23, 42, 106, 116], "frame": [12, 41, 63], "frameid": 185, "framenavig": 185, "framestartedload": 185, "framestoppedload": 185, "framework": [8, 10, 26, 29, 31, 33, 37, 55, 84, 110, 136, 158, 162, 176, 178, 179, 180, 182], "franc": 135, "francisco": 90, "frankfurt": 185, "franki": 66, "fraud": [7, 135], "fraud_mo": 135, "fraudul": 135, "free": [56, 84, 93, 96, 113, 183], "free_space_of_drive_c": 73, "freebsd": 42, "freedisk": 116, "freediskspac": 73, "freemail": 13, "freemem": 116, "freememori": 73, "freetaxii": [101, 184], "freetd": [86, 180], "freetn": 180, "french": [85, 135, 145], "frequenc": [18, 97], "frequent": 97, "frequentprofiledapisaccountprofil": 14, "frequentprofiledapisuseridentityprofil": 14, "frequentprofiledasnsaccountprofil": 14, "frequentprofiledasnsuseridentityprofil": 14, "frequentprofileduseragentsaccountprofil": 14, "frequentprofileduseragentsuseridentityprofil": 14, "frequentprofiledusernamesaccountprofil": 14, "frequentprofiledusertypesaccountprofil": 14, "fresh": [55, 152], "friend": 95, "friendlynam": 79, "friyzadn2k": 144, "fro": 135, "from": [1, 4, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 19, 20, 21, 22, 25, 26, 27, 29, 30, 31, 32, 33, 34, 35, 37, 38, 40, 43, 44, 45, 46, 47, 48, 49, 50, 52, 54, 56, 57, 58, 59, 60, 62, 63, 64, 65, 67, 68, 69, 71, 72, 74, 76, 78, 79, 80, 81, 83, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 107, 108, 109, 110, 113, 114, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 128, 129, 130, 131, 132, 134, 136, 137, 138, 140, 142, 145, 146, 150, 151, 152, 155, 157, 158, 159, 162, 165, 166, 167, 177, 178, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "from_email": 89, "from_email_address": 87, "fromentityhead": 90, "fromisoformat": 78, "fromstr": 165, "fromtimestamp": [42, 142], "fromtyp": 180, "front": 42, "frontend": 185, "froobl": 110, "frozen": [59, 126], "fry": 190, "frzadn2kik": 144, "fsaab7knueaab6sblmaab4wxfqaab7kyleaab7w8f0aab5aav4aab48bf4aab7kfv4aab78w14aab6ukl4aab60kl4aab4qnl4aab4myv4aab6s114aab7m114aab5g4l4aab6a4l4aab7s5l4aab7ie18aab7iz18aab7qd18aab6e1l8aab5iamaaab4mdgaaab4aggaaab7cjmaaab78jmaaab6mk2aaab4urmaaab6a71kaab7kskeaab6gruaaab7uze0aab74ye0aab5m5u0aab5cc04aab4o8keaab5um1qaab68n1qaab6gf1uaab6orluaab6io1uaab7qrluaab4w1esaab78e0waab6uvu4aab4u2u8aab4emfeaab5aukeaab64flcaab50f1caab5ghvcaab7iylgaab6chegaab44keaaab78pucaab6eokcaab5o1ecaab5i7ucaab4kn0caab4q": 116, "fsm": 135, "fsname": 107, "fti": 90, "ftp": [7, 42, 135], "ftp3": 190, "ftp_access_denied_error": 42, "ftp_bad_syntax_error": 42, "ftp_brute_forc": 42, "ftp_error": 42, "ftp_file_transfer_issu": 42, "ftp_not_logged_in_error": 42, "fuction1": 96, "full": [10, 13, 34, 35, 37, 45, 59, 68, 73, 77, 79, 80, 94, 95, 101, 106, 115, 116, 118, 126, 131, 144, 153, 166, 180], "full_finding_nam": 48, "full_nam": [45, 73], "full_path_nam": 116, "full_scan": 116, "full_search_period": 101, "full_search_tim": 101, "full_search_timeout": 101, "fulli": [29, 87, 101, 110, 117, 118, 120, 160], "fullnam": [45, 66, 73, 102, 116], "fullpathnam": 116, "fullphotourl": 112, "fulluserag": 14, "fumik0": 71, "func": 113, "func_aws_guardduty_archive_find": 14, "func_aws_guardduty_refresh_find": 14, "funciton": 185, "funct_extrahop_rx_add_detection_not": 42, "funct_extrahop_rx_assign_tag": 42, "funct_extrahop_rx_create_tag": 42, "funct_extrahop_rx_get_activitymap": 42, "funct_extrahop_rx_get_devic": 42, "funct_extrahop_rx_get_tag": 42, "funct_extrahop_rx_get_watchlist": 42, "funct_extrahop_rx_search_detect": 42, "funct_extrahop_rx_search_devic": 42, "funct_extrahop_rx_search_packet": 42, "funct_extrahop_rx_update_detect": 42, "funct_extrahop_rx_update_watchlist": 42, "funct_mcafee_epo_find_a_system": 73, "funct_zia_add_to_allowlist": 153, "funct_zia_add_to_blocklist": 153, "funct_zia_add_to_url_categori": 153, "funct_zia_add_url_categori": 153, "funct_zia_get_allowlist": 153, "funct_zia_get_blocklist": 153, "funct_zia_get_sandbox_report": 153, "funct_zia_get_url_categori": 153, "funct_zia_remove_from_allowlist": 153, "funct_zia_remove_from_blocklist": 153, "funct_zia_remove_from_url_categori": 153, "funct_zia_url_lookup": 153, "function": [4, 11, 28, 29, 43, 44, 51, 60, 67, 69, 70, 72, 74, 94, 99, 100, 114, 117, 119, 120, 122, 127, 130, 139, 140, 141, 154, 156, 157, 158, 159, 160, 162, 178, 180, 181, 182, 184, 187, 188, 189], "function2": 96, "function_api_nam": 96, "function_nam": [23, 116], "functioncompon": 190, "functionerror": 190, "functionresult": 190, "fundament": [40, 90], "further": [4, 17, 20, 50, 52, 57, 71, 77, 79, 105, 110, 118, 151, 155, 180, 182], "fusioncor": [77, 151], "futex": 71, "futuna": 135, "futur": [10, 12, 14, 17, 24, 35, 41, 42, 45, 65, 66, 70, 73, 77, 78, 79, 80, 87, 88, 89, 90, 98, 102, 103, 110, 113, 115, 117, 118, 124, 128, 129, 131, 134, 142, 144, 151, 155, 180, 181, 187, 188, 190], "fuzzi": [128, 171], "fvjxbv": 186, "fw": 116, "fwlink": 79, "fxk41q1iqzarejgepzjiizvyb": 110, "fydibohf23spdlt": 41, "fyooyo": 97, "fyre": [89, 107, 115], "fze6vzt2c0ojg": 84, "g": [1, 4, 18, 22, 23, 35, 37, 59, 63, 80, 85, 101, 116, 119, 126, 136, 142, 153, 177, 180, 186], "g0032": 81, "g2vqdsa7oopo": 185, "g53091596": 34, "ga": [45, 145], "gab": 135, "gabon": 135, "gain": [84, 101, 110, 114, 152], "galaxi": 80, "galwai": 14, "gambia": 135, "gambl": 153, "game": 84, "gap": 1, "gari": 66, "gary1": 66, "gatewai": [10, 12, 14, 15, 17, 18, 20, 23, 24, 31, 34, 40, 41, 42, 45, 63, 64, 65, 66, 71, 73, 77, 78, 79, 80, 81, 84, 87, 88, 90, 98, 101, 102, 103, 106, 107, 108, 109, 110, 112, 115, 116, 123, 129, 135, 142, 144, 150, 151, 153, 165], "gatewayip": 115, "gatewaymacaddress": 115, "gather": [14, 37, 42, 46, 48, 58, 71, 78, 81, 84, 101, 103, 109, 114, 148, 151, 153, 165], "gathered_info": 71, "gaussian": 69, "gaussiannb": 69, "gb": [7, 93], "gbr": 135, "gc": 97, "gcc": 180, "gconf": 90, "gcp": [46, 71], "gcp_artifact_input": 46, "gcp_dlp_deidentify_artifact": 46, "gcp_dlp_deidentify_attach": 46, "gcp_dlp_info_typ": 46, "gcp_dlp_inspect_attach": 46, "gcp_dlp_masking_char": 46, "gcp_function_nam": 47, "gcp_http_proxi": 47, "gcp_https_proxi": 47, "gcp_project": 46, "gcp_project_id": 47, "gcp_region": 47, "gcp_region_id": 47, "gcp_url": 47, "gd_access_key_detail": 14, "gd_action_detail": 14, "gd_finding_overview": 14, "gd_instance_detail": 14, "gd_resource_affect": 14, "gd_s3_bucket_detail": 14, "gda042c57": 34, "gdpr": [59, 126, 180, 181, 182], "gdpr_": 182, "gdpr_breach_circumst": [59, 126], "gdpr_breach_typ": [59, 126], "gdpr_breach_type_com": [59, 126], "gdpr_consequ": [59, 126], "gdpr_consequences_com": [59, 126], "gdpr_final_assess": [59, 126], "gdpr_final_assessment_com": [59, 126], "gdpr_harm_risk": [59, 126], "gdpr_identif": [59, 126], "gdpr_identification_com": [59, 126], "gdpr_lawful_data_processing_categori": [59, 126], "gdpr_personal_data": [59, 126], "gdpr_personal_data_com": [59, 126], "gdpr_subsequent_notif": [59, 126], "gear": 119, "gecko": [93, 185], "gen": 121, "gen8": 121, "gender": [46, 95, 183], "gener": [4, 8, 14, 21, 25, 32, 34, 37, 42, 48, 49, 52, 54, 58, 63, 64, 66, 67, 68, 71, 73, 75, 76, 77, 81, 85, 87, 88, 95, 96, 101, 102, 109, 110, 116, 118, 121, 123, 124, 129, 131, 142, 143, 146, 148, 149, 150, 153, 155, 160, 166, 178, 181, 189, 190], "generate_incident_url": 87, "generate_oauth2_refresh_token": 87, "generate_task_url": 87, "generatealert": 77, "generatecredentialreport": 14, "generated_cas": 103, "generatedfindingapinam": 14, "generatedfindingapiservicenam": 14, "generatedfindingasnorg": 14, "generatedfindingcitynam": 14, "generatedfindingcountrynam": 14, "generatedfindingisp": 14, "generatedfindingorg": 14, "generatedfindingprivatenam": 14, "generatedfindingpublicdnsnam": 14, "generationd": 18, "generationhost": 18, "generic_email_inbound_integration_refer": 89, "generic_events_api_inbound_integration_refer": 89, "generickd": 121, "geo": [8, 59, 126, 135], "geo_count": [59, 126], "geo_loc": 12, "geocod": 154, "geocodeaccuraci": 112, "geograph": [102, 183], "geographi": 102, "geoip": [13, 185], "geoloc": [14, 61], "georgia": 135, "georgian": 145, "german": [85, 145], "germani": [71, 135, 185], "gerri": 66, "get": [7, 8, 9, 10, 12, 13, 14, 15, 19, 20, 21, 22, 25, 26, 28, 30, 33, 36, 37, 44, 46, 47, 49, 50, 52, 54, 55, 62, 63, 65, 66, 74, 75, 76, 80, 82, 83, 84, 85, 86, 87, 89, 90, 95, 96, 99, 101, 109, 110, 111, 113, 114, 117, 118, 119, 120, 128, 131, 134, 137, 138, 139, 141, 142, 146, 150, 155, 165, 166, 180, 184, 185, 186, 190], "get_activitymap_result": 42, "get_addresses_result": 88, "get_alert_by_id_result": 144, "get_alert_evident_result": 106, "get_alert_notes_result": 144, "get_alerts_result": 106, "get_all_runbook": 18, "get_artifact": 87, "get_attachments_result": 112, "get_categories_result": 153, "get_children": 87, "get_column_typ": 180, "get_comment_result": 112, "get_comments_result": 106, "get_comput": 116, "get_computers_cont": 116, "get_computers_result": [23, 116], "get_current_not": 42, "get_datat": 87, "get_details_result": 24, "get_detection_note_cont": 42, "get_detection_note_result": 42, "get_device_by_id_result": 144, "get_device_count_result": 17, "get_device_result": 17, "get_devices_result": 42, "get_domain": 25, "get_domains_result": 116, "get_file_lists_respons": 23, "get_file_lists_result": 23, "get_fingerprintlist_result": 116, "get_formatted_timestamp": 32, "get_given_runbook": 18, "get_groups_result": [23, 88, 116], "get_incident_valu": 87, "get_message_id": 135, "get_network_objects_result": 24, "get_non_null_item_from_list": 17, "get_not": 87, "get_paramet": 180, "get_project": 150, "get_prop": 42, "get_properti": [12, 17, 24, 45, 78, 90, 115, 129, 144], "get_reputation_result": 115, "get_result": [12, 17, 24, 78, 90, 115, 144], "get_row": 87, "get_schedul": 18, "get_select_param": 190, "get_tags_cont": 42, "get_tags_result": 42, "get_threat_result": 115, "get_trusteer_ppd_puid": 135, "get_user_result": 112, "get_users_result": 88, "get_watchlist_result": 42, "getaccountpublicaccessblock": 14, "getattr": [10, 17, 18, 20, 40, 45, 66, 73, 88, 102, 113, 118, 125, 128], "getbodyhtmlraw": 135, "getbucketlifecycl": 14, "getbucketloc": 14, "getbucketpolici": 14, "getchoicevalu": 119, "getdat": 32, "getfind": 14, "gethidpag": 116, "gethour": 32, "getjournalentri": 119, "getlogg": 190, "getminut": 32, "getmonth": 32, "getpass": 2, "getresourc": 14, "getscreendetail": 185, "getsecond": 32, "gettim": [35, 77, 97], "gettrailstatu": 14, "getvalu": 119, "getyear": 32, "gf": 97, "gftubqtilvmskv0": 185, "ggbsavvln5qc5pcwvnut": 93, "ggggggggggg": 106, "ggy": 135, "gha": 135, "ghana": 135, "ghijk": 16, "ghostcat": 42, "gi": 54, "gi_dt_cl_catalog": 54, "gi_dt_cl_categori": 54, "gi_dt_cl_classification_nam": 54, "gi_dt_cl_classification_rul": 54, "gi_dt_cl_column": 54, "gi_dt_cl_comprehens": 54, "gi_dt_cl_datasource_ip": 54, "gi_dt_cl_datasource_nam": 54, "gi_dt_cl_datasource_typ": 54, "gi_dt_cl_date_cr": 54, "gi_dt_cl_descript": 54, "gi_dt_cl_port": 54, "gi_dt_cl_schema": 54, "gi_dt_cl_service_nam": 54, "gi_dt_cl_start_datelocal_tim": 54, "gi_dt_cl_tabl": 54, "gib": 135, "gibraltar": 135, "gin": 135, "gist": 45, "gist_id": 45, "gists_url": 45, "git": [3, 37, 45, 77], "git_commits_url": 45, "git_refs_url": 45, "git_tags_url": 45, "git_url": 45, "github": [3, 12, 26, 37, 43, 56, 75, 83, 90, 105, 106, 110, 112, 144, 152, 154, 159, 160, 165, 166, 170, 171, 175, 177, 180, 183, 190], "github3": 45, "github_based_on_branch_or_sha": 45, "github_branch": 45, "github_commit_messag": 45, "github_committ": 45, "github_file_cont": 45, "github_file_path": 45, "github_filter_nam": 45, "github_limit": 45, "github_optional_file_path": 45, "github_own": 45, "github_prereleas": 45, "github_ref": 45, "github_release_descript": 45, "github_release_draft": 45, "github_release_nam": 45, "github_release_tag": 45, "github_repo": 45, "github_repo_typ": 45, "github_return_base64": 45, "github_sha": 45, "github_since_d": 45, "github_until_d": 45, "githubusercont": [101, 184], "gitlab": 42, "give": [16, 32, 50, 79, 88, 96, 107, 112, 118, 131, 134, 135, 151, 155, 162, 190], "given": [3, 4, 8, 17, 18, 30, 32, 33, 34, 35, 36, 40, 41, 45, 48, 49, 54, 55, 56, 57, 63, 64, 66, 69, 71, 72, 73, 77, 79, 80, 86, 88, 90, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 110, 112, 113, 116, 118, 120, 126, 127, 128, 131, 144, 150, 165, 181, 183, 184, 188], "given_filt": 48, "givennam": 66, "gjxdrwyw008": 68, "glass": [112, 190], "glide": [118, 120], "global": [14, 15, 22, 23, 29, 33, 36, 41, 42, 54, 73, 107, 114, 116, 129, 135, 140, 153, 185, 190], "global_artifact": [107, 108, 126], "global_device_id": 135, "global_info": [107, 108, 126], "global_set": 63, "globalcallinnumb": 146, "globalfirstobserv": 77, "globallastobserv": 77, "globalpreval": 77, "glp": 135, "gmail": [21, 68, 71, 87], "gmb": 135, "gmbh": 32, "gmt": [12, 30, 40, 97, 110, 123, 146, 181, 185], "gmx": 90, "gnb": 135, "gnq": 135, "go": [9, 11, 12, 14, 15, 28, 29, 31, 32, 33, 36, 37, 44, 48, 54, 71, 79, 97, 100, 102, 114, 118, 120, 133, 140, 143, 144, 153, 155, 160, 182, 183, 184, 185, 186, 190], "goal": 63, "gocspx": 155, "goe": 110, "gog": 84, "golden": 42, "golden_devic": 144, "golden_device_id": 144, "gonra": 76, "good": [14, 36, 37, 116, 144, 166], "goodnewseveryon": 190, "goog": [185, 186], "googl": [12, 32, 52, 56, 61, 71, 80, 87, 88, 105, 107, 126, 135, 142, 154, 183, 185, 186, 190], "google_api_token": 52, "google_application_credenti": 46, "google_application_credentials_path": 48, "google_cloud_organization_id": 48, "google_maps_destin": 49, "google_maps_origin": 49, "google_mdm_adapt": 17, "google_safe_browsing_url_lookup": 50, "google_scc_add_finding_source_property_in_scc": 48, "google_scc_auto_update_severity_in_scc": 48, "google_scc_categori": 48, "google_scc_class": 48, "google_scc_close_case_on_chang": 48, "google_scc_close_finding_in_scc": 48, "google_scc_compliance_standard": 48, "google_scc_delete_security_mark": 48, "google_scc_field_mask": 48, "google_scc_filt": 48, "google_scc_finding_nam": 48, "google_scc_finding_source_properties_dt": 48, "google_scc_id": 48, "google_scc_list_asset": 48, "google_scc_nam": 48, "google_scc_next_step": 48, "google_scc_project_display_nam": 48, "google_scc_project_nam": 48, "google_scc_recommend": 48, "google_scc_refresh_find": 48, "google_scc_remediation_link": 48, "google_scc_resource_display_nam": 48, "google_scc_resource_nam": 48, "google_scc_search_filt": 48, "google_scc_security_mark": 48, "google_scc_security_mark_kei": 48, "google_scc_source_properti": 48, "google_scc_source_property_valu": 48, "google_scc_st": 48, "google_scc_typ": 48, "google_scc_update_finding_source_property_in_scc_from_dt": 48, "google_scc_update_kei": 48, "google_scc_update_next_steps_in_scc": 48, "google_scc_update_security_mark": 48, "google_scc_update_severity_in_scc": 48, "google_scc_update_state_in_scc": 48, "google_scc_update_valu": 48, "google_scc_url": 48, "google_scc_vulner": 48, "googleapi": [44, 48, 50], "googlebot": 71, "googlecrashhandl": 107, "googlecrashhandler64": 107, "googlesafebrows": [50, 126], "googlesafebrowsing_api_kei": 50, "googlesafebrowsing_artifact_typ": 50, "googlesafebrowsing_artifact_valu": 50, "googlesafebrowsing_url": 50, "googleusercont": 155, "googleweblight": 98, "gorinfotech": 101, "got": [14, 15, 27, 90, 116, 190], "gov": [71, 150], "govern": 150, "gp": 0, "gpg": 0, "gplv2": 10, "gpo": 42, "grab": 58, "grafana": [42, 177], "grai": 63, "grammat": 189, "grant": [18, 41, 48, 110, 129, 131, 144, 146, 155, 166, 180], "grant_typ": [87, 110], "grantdeni": 129, "graph": [41, 71, 131, 154, 155], "graphic": [101, 184], "graphql": 150, "gravatar": 63, "gravatar_id": 45, "grc": 135, "grd": 135, "grd_id": 54, "grd_outlier_detail": 55, "grd_sensitive_object": 55, "great": 7, "greater": [10, 14, 24, 35, 41, 42, 46, 48, 52, 63, 65, 66, 73, 77, 79, 80, 85, 86, 87, 88, 89, 90, 97, 98, 101, 102, 103, 105, 112, 113, 117, 124, 128, 131, 134, 142, 151, 170, 180, 181, 188, 189], "greater_or_equ": 105, "greater_or_equal_utc_seconds_ago": 105, "greater_utc_seconds_ago": 105, "greec": 135, "greek": 145, "green": [9, 24, 66, 115, 119, 143, 190], "greenland": 135, "greensnow": [142, 186], "greer": 17, "greet": 52, "greeter": 52, "grenada": 135, "grenadin": 135, "greynois": 154, "grl": 135, "group": [10, 14, 18, 20, 41, 42, 54, 55, 65, 68, 78, 79, 97, 102, 107, 114, 115, 118, 129, 135, 177, 181, 189], "group1": 88, "group2": 23, "group_categori": 34, "group_cont": 34, "group_descript": [23, 116], "group_guid": 23, "group_id": [65, 73, 116], "group_list": 15, "group_nam": [23, 54, 58, 88, 116], "group_path": 73, "group_result": 144, "group_row": 81, "groupa": 107, "groupb": 107, "groupbyact": 34, "groupcategori": 34, "groupid": [15, 73, 115, 116, 131], "groupinfo": 73, "groupingid": 34, "groupingtyp": 114, "groupip": 115, "groupmemb": 131, "groupnam": [15, 73, 115, 123], "grouppath": 73, "grouppreviousgroup": 34, "groups_alias": 81, "groups_descript": 81, "groups_dn": 66, "groups_id": 81, "groups_mitr": 81, "groups_nam": 81, "groups_par": 20, "groups_techniqu": 81, "groupscor": 34, "groupsresult": 73, "grouptyp": 131, "groupupdateprovid": 116, "groupurl": 34, "grp": 15, "grp_stat": 15, "grpc": 154, "grpc_channel": 52, "grpc_function": 52, "grpc_function_data": 52, "grpc_response_data": 52, "grpcio": 52, "grr_3": 190, "grr_api_cli": 190, "grr_pwd": [53, 190], "grr_search": 190, "grr_search_typ": [53, 190], "grr_search_valu": [53, 190], "grr_server": [53, 190], "grr_test": 190, "grr_user": [53, 190], "grrapi": 190, "grrdocker": 190, "grybnnlmrgcsxwceflvayw4o2ob5suxrmchimxbxzdflmamnwbhehkkyjvvm": 97, "gsb": 168, "gserviceaccount": 48, "gssapi": 179, "gt": [98, 185, 186], "gte": [38, 59, 126], "gti": 76, "gti_trust_level": 76, "gtm": 135, "gtrotman": 14, "gts1c3": 186, "gu": 145, "guadeloup": 135, "guarante": 81, "guardium": 154, "guardium_cert": 55, "guardium_host": 55, "guardium_id": 54, "guardium_insights_classification_report": 54, "guardium_insights_event_id": 54, "guardium_password": 55, "guardium_search_report_data": 55, "guardium_system_refer": 55, "guardium_us": 55, "guardum": 54, "guatemala": 135, "guernsei": 135, "guess": [79, 145], "guf": 135, "gui": [24, 121, 135, 142], "guiana": 135, "guid": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 138, 139, 141, 142, 143, 144, 145, 146, 149, 150, 151, 152, 153, 159, 162, 165, 166, 182, 189], "guidanc": [105, 119], "guidelin": 153, "guinea": 135, "gujarati": 145, "gum": 135, "guradium": 55, "guyana": 135, "gw": 12, "gwbrww": 98, "gxrhul1y9ccxq4ho5uudhfyznksuxd": 97, "gz": [4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 28, 29, 30, 31, 33, 34, 35, 38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 50, 51, 52, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 71, 72, 73, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 136, 139, 140, 141, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 155, 157, 159, 160, 165, 167, 169, 170, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182, 190], "gzaam3kp4sy2dbabu": 97, "gzip": [110, 185], "gztar": [160, 175], "h": [35, 40, 42, 63, 84, 89, 90, 95, 103, 105, 113, 116, 134, 135, 141, 142, 150, 155, 166, 190], "h1": 81, "h2": [87, 90, 185], "h3": [81, 87, 101, 185], "h3a": 97, "h3x": 71, "h3x_1dai": 71, "h4epvvbqv5946aun1u9qg7kqp6tu5c1j": 155, "h5": [20, 109], "ha": [7, 10, 14, 16, 17, 18, 20, 21, 22, 23, 24, 29, 31, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 48, 49, 50, 52, 55, 56, 57, 63, 65, 66, 71, 72, 73, 76, 77, 78, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 118, 119, 120, 121, 123, 124, 126, 128, 129, 131, 134, 135, 136, 137, 142, 143, 144, 146, 148, 149, 150, 151, 153, 155, 156, 158, 165, 166, 174, 177, 180, 181, 183, 184, 186, 187, 188, 189], "hack": [7, 42], "hacking_tool": 42, "had": [116, 177, 183], "haiti": 135, "haitian": 145, "hamburg": 120, "hand": [112, 119, 131, 190], "handl": [11, 12, 17, 20, 24, 34, 58, 63, 66, 69, 71, 78, 90, 101, 110, 115, 144, 148, 150, 153, 177, 182], "handle_list": 135, "handler": 73, "handshak": [65, 87, 110], "hap": 20, "happen": [41, 58, 74, 107, 177], "happened_at": 107, "happenedat": [106, 107], "happenedat_t": 107, "happi": 40, "hard": [17, 40, 112, 189], "hard_driv": 17, "hard_liabl": [59, 126], "hard_limit": 58, "harden": [42, 48, 78, 79], "hardwar": 116, "hardware_info": 190, "hardwareinfo": 53, "hardwarekei": 116, "harmless": [142, 186], "harmstatus_id": [59, 126], "has_a_valu": [14, 15, 18, 23, 24, 78, 79, 80, 90, 102, 106, 107, 112, 115, 118, 123, 129, 144, 150, 153], "has_active_mfa": 15, "has_defect": 90, "has_download": 45, "has_ibm_default": [101, 184], "has_incid": 107, "has_issu": 45, "has_kei": 105, "has_logical_error": 97, "has_pag": 45, "has_project": 45, "has_sign_cert": 15, "has_srv_cr": 15, "has_ssh_public_kei": 15, "has_wiki": 45, "hasattach": 41, "hasattr": [31, 42, 135], "hascisakevexploit": 150, "hasepiclinkfielddepend": 63, "hasexploit": 150, "hasextrainfo": 185, "hash": [8, 23, 26, 32, 37, 56, 59, 71, 77, 80, 101, 102, 107, 108, 112, 116, 121, 128, 132, 142, 144, 150, 153, 168, 171, 173, 183, 185, 186, 188, 189], "hash_in_list": 116, "hash_is_md5": 144, "hash_is_sha1": 144, "hash_is_sha256": 144, "hash_length": 116, "hash_typ": [76, 116], "hash_valu": [115, 116], "hashlib": 87, "hashtag": [41, 137], "hashtyp": 116, "hasincid": [107, 123], "haslimitedinternetexposur": 150, "hassuspiciousent": 123, "hasusergestur": 185, "hasverdict": 185, "hasvot": 63, "haswideinternetexposur": 150, "hasworkflow": 123, "hat": [4, 10, 42], "have": [0, 3, 4, 10, 12, 13, 14, 15, 20, 21, 24, 29, 32, 34, 35, 36, 37, 40, 41, 42, 46, 47, 48, 55, 58, 63, 64, 65, 66, 67, 69, 71, 73, 77, 79, 80, 82, 84, 86, 87, 88, 89, 90, 95, 96, 97, 98, 101, 103, 105, 106, 107, 110, 112, 113, 116, 117, 118, 119, 120, 123, 124, 126, 128, 131, 135, 140, 142, 144, 147, 150, 151, 153, 154, 155, 163, 165, 166, 170, 174, 176, 177, 178, 179, 180, 181, 182, 184, 185, 187, 188, 189, 190], "have_i_been_pwned_threat_servic": 169, "haveibeenpwn": [56, 169, 183], "hc": 183, "hdr": [12, 17, 24, 45, 78, 90, 115, 129, 144], "hdr1": 35, "hdr2": 35, "hdr4": 35, "hdr_boolean": 35, "hdr_datetim": 35, "hdr_multiselect": 35, "hdr_number": 35, "hdr_select": 35, "hdr_text": 35, "he": [145, 185], "head": [32, 40, 41, 42, 45, 63, 85, 101, 110, 165, 166], "header": [12, 17, 24, 31, 34, 35, 36, 41, 45, 55, 63, 66, 71, 78, 86, 87, 88, 89, 90, 102, 103, 106, 110, 112, 115, 128, 129, 135, 140, 142, 144, 151, 153, 154, 165, 166, 171, 179, 185, 187, 189], "header_kei": 135, "header_offset": 126, "headers_uuid": 105, "headless": [47, 85], "heal": [142, 186], "health": [77, 114, 116, 183], "healthstatu": 77, "hear": 177, "heard": 135, "heart": 90, "heartbeart": 116, "heavili": 48, "hebrew": 145, "hec": 182, "height": [97, 101, 116, 125, 184], "heimdal": [142, 186], "heirarchi": [59, 126], "hejxjrzji": 157, "helena": 135, "helix": 154, "helix_assigned_support_organ": 20, "helix_assigned_to": 20, "helix_compani": 20, "helix_created_d": 20, "helix_descript": 20, "helix_host": 20, "helix_impact": 20, "helix_incident_nam": 20, "helix_incident_numb": 20, "helix_organ": 20, "helix_password": 20, "helix_payload": 20, "helix_port": 20, "helix_prior": 20, "helix_request_id": 20, "helix_statu": 20, "helix_urg": 20, "helix_us": 20, "hello": [10, 20, 40, 52, 73, 79, 92, 131, 137], "hello_world": 18, "hellorepli": 52, "hellorequest": 52, "helloword": 52, "helloworld": 52, "helloworldproto": 52, "helo": [73, 90], "help": [32, 35, 37, 42, 52, 63, 66, 68, 81, 86, 87, 88, 98, 102, 103, 105, 118, 119, 128, 135, 148, 153, 155, 189], "helper": [8, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 32, 33, 35, 37, 38, 40, 45, 46, 49, 52, 53, 58, 59, 61, 62, 63, 66, 71, 75, 76, 77, 78, 79, 80, 81, 83, 84, 87, 90, 92, 93, 96, 97, 98, 101, 103, 105, 106, 107, 109, 112, 113, 115, 116, 119, 123, 124, 126, 128, 129, 131, 135, 136, 137, 142, 143, 144, 146, 147, 148, 151, 153, 184, 188, 190], "helvetica": 40, "henri": 41, "here": [9, 10, 20, 23, 24, 27, 29, 32, 33, 35, 37, 40, 42, 43, 46, 47, 48, 52, 55, 57, 58, 63, 68, 71, 75, 79, 81, 83, 85, 86, 87, 89, 92, 96, 97, 98, 101, 105, 106, 109, 112, 115, 116, 117, 118, 126, 131, 133, 135, 136, 140, 144, 153, 160, 170, 177, 180, 181, 184, 186, 189, 190], "herzegovina": 135, "hexdigest": 87, "hh": [32, 103, 113], "hi": [102, 116, 145], "hi_fail": 116, "hiafags3egw5dkmijyxgkubydkqvy0l0dtjmd3lciywu2utbatguu0tpimarebf8n5g3kmaca1zawvuv": 97, "hibern": 150, "hibp": [56, 126, 183], "hibp_api_kei": 56, "hibp_proxy_http": 56, "hickori": 95, "hid": 116, "hidden": 77, "hide_o": 116, "hideattende": 41, "hidegroupinoutlook": 131, "hierarch": [12, 17, 24, 45, 78, 90, 115, 129, 144, 166, 187], "hierarchi": 40, "hierarchylevel": 63, "high": [20, 23, 24, 34, 42, 48, 59, 63, 65, 71, 77, 78, 79, 80, 87, 89, 95, 101, 102, 103, 105, 106, 107, 112, 116, 118, 119, 123, 126, 129, 135, 144, 150, 168, 184, 186, 188], "high_citrix_lat": 42, "high_value_asset": [101, 184], "high_value_us": [101, 184], "high_volume_outli": 55, "higher": [37, 48, 102, 116, 165, 166, 178, 182], "highest": 63, "highli": [20, 48, 110, 112], "highlight": [92, 106, 123, 190], "hijklmn89123456": 87, "hindi": 145, "hint": [35, 59, 105, 126], "hipaa": [59, 126, 181], "hipaa_acquir": [59, 126], "hipaa_acquired_com": [59, 126], "hipaa_additional_misus": [59, 126], "hipaa_additional_misuse_com": [59, 126], "hipaa_advers": [59, 126], "hipaa_adverse_com": [59, 126], "hipaa_breach": [59, 126], "hipaa_breach_com": [59, 126], "hipaa_misus": [59, 126], "hipaa_misused_com": [59, 126], "histori": [26, 45, 87, 124, 164], "historicaldetect": 77, "historyst": 78, "hit": [7, 17, 19, 50, 59, 63, 71, 80, 84, 90, 91, 107, 108, 112, 121, 126, 135, 144, 152, 166, 174, 190], "hit_list": 121, "hits_count": 19, "hits_over_limit": 19, "hive": [97, 107], "hive_label1": 107, "hive_label2": 107, "hjpw6pq2ffo": 97, "hkg": 135, "hllw": 121, "hltwau9567d2fdczjuwzp4ctyo9garwz44bma": 97, "hlw": 52, "hmd": 135, "hnd": 135, "hoc": [10, 11, 84], "hokjyaqxwfeqh96pv1xbz0t8aey3nhwqeo8dckxc": 97, "hold": [12, 17, 18, 24, 45, 54, 63, 69, 78, 90, 115, 118, 119, 129, 144, 184], "holder": [84, 86, 102], "holi": 135, "holist": 81, "home": [3, 37, 75, 84, 95, 150, 190], "home_phon": 95, "homepag": 45, "homephon": [66, 112, 116], "hondura": 135, "honeycli": 133, "hong": 135, "hook": 45, "hooks_url": 45, "hop": [84, 90], "host": [2, 7, 8, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 30, 31, 32, 34, 35, 36, 37, 38, 40, 41, 42, 45, 48, 50, 51, 52, 53, 55, 56, 57, 58, 59, 62, 63, 64, 65, 66, 68, 69, 71, 73, 74, 75, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 91, 92, 93, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 118, 119, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 138, 141, 142, 144, 145, 146, 147, 149, 150, 151, 152, 153, 154, 157, 165, 166, 179, 183, 184, 185, 190], "host0": 42, "host1": 42, "host_categori": 99, "host_dn": 54, "host_integrity_check": 116, "host_nam": [10, 54, 104, 120], "host_nowww": 12, "host_url": [30, 31], "hostdisplaynam": 146, "hostednam": 30, "hostemail": 146, "hostil": 102, "hostingphishurl": 36, "hostip": 52, "hostkei": 146, "hostnam": [7, 12, 17, 18, 20, 23, 24, 32, 34, 38, 42, 46, 58, 61, 65, 67, 73, 79, 80, 88, 91, 105, 106, 109, 120, 144, 148, 153, 161, 165, 171, 185], "hostname_id": 105, "hostname_pref": 17, "hoststat": 78, "hostuserid": 146, "hostuserid123": 146, "hot": 112, "hotfix": 38, "hotter": 87, "hour": [35, 54, 73, 99, 103, 113, 134, 136, 141, 146, 166], "hous": 95, "how": [1, 12, 14, 17, 24, 29, 32, 35, 37, 38, 40, 41, 43, 45, 46, 47, 48, 57, 58, 60, 62, 65, 71, 72, 74, 76, 78, 81, 85, 87, 90, 92, 93, 100, 101, 114, 115, 116, 118, 119, 122, 127, 129, 139, 141, 143, 144, 146, 149, 162, 166, 179, 180, 181, 182, 184, 186, 187], "howev": [4, 20, 48, 110, 112, 113, 120, 129, 131, 134, 143, 144, 177, 180, 181, 190], "hpd": [20, 109], "hpd_ci": 20, "hpd_ci_formnam": 20, "hpd_ci_reconid": 20, "hr": [87, 101, 145], "href": [12, 17, 20, 24, 30, 31, 33, 34, 36, 37, 40, 42, 45, 48, 49, 56, 59, 63, 64, 77, 78, 79, 81, 87, 89, 90, 92, 93, 95, 96, 97, 102, 105, 106, 107, 108, 112, 113, 115, 116, 118, 119, 123, 124, 126, 129, 131, 135, 142, 143, 144, 146, 183, 184], "hrv": 135, "hs256": 110, "hsd1": 95, "ht": 145, "hta": 42, "hti": 135, "html": [12, 17, 24, 32, 34, 38, 40, 41, 42, 45, 48, 52, 55, 56, 63, 64, 65, 72, 75, 78, 84, 87, 90, 94, 95, 98, 101, 104, 105, 106, 108, 112, 115, 116, 117, 118, 119, 120, 126, 129, 133, 135, 143, 144, 150, 153, 154, 183, 185, 186, 187], "html2": 87, "html2pdf": 57, "html2pdf_data": 57, "html2pdf_data_typ": 57, "html2pdf_stylesheet": 57, "html_bodi": 90, "html_form": 12, "html_note": 101, "html_url": [45, 89], "htmld": 98, "http": [1, 2, 3, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 59, 60, 62, 63, 64, 65, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 87, 88, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 100, 101, 102, 104, 105, 106, 107, 109, 110, 111, 112, 114, 115, 116, 118, 120, 121, 122, 123, 124, 125, 127, 128, 129, 130, 131, 132, 133, 135, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 157, 158, 159, 160, 165, 166, 167, 168, 170, 171, 172, 173, 174, 175, 178, 180, 181, 182, 183, 184, 185, 186, 188, 190], "http_400_status_cod": 42, "http_bad_request": 42, "http_desync_attack": 42, "http_error": 42, "http_forbidden": 42, "http_gateway_timeout_error": 42, "http_intel": 128, "http_internal_error": 42, "http_method_scan": 42, "http_not_found": 42, "http_path_travers": 42, "http_plaintext_password_cli": 42, "http_plaintext_password_serv": 42, "http_proxi": [9, 14, 15, 21, 24, 25, 26, 28, 33, 41, 42, 44, 45, 63, 74, 77, 79, 80, 81, 88, 99, 107, 122, 127, 140, 148, 153, 182], "http_referr": 128, "http_scan": 8, "http_server": 42, "http_service_unavailable_error": 42, "http_str": [81, 184], "http_user_ag": 128, "httponli": 110, "https_proxi": [9, 14, 15, 18, 20, 21, 24, 25, 26, 28, 33, 41, 42, 44, 45, 63, 74, 77, 79, 80, 81, 88, 99, 107, 109, 116, 122, 127, 140, 148, 153, 182], "https_str": [81, 184], "hu": 145, "hub": [58, 102, 188, 190], "human": [23, 110], "human_url": 152, "hun": 135, "hungari": 135, "hungarian": 145, "hunt": [115, 116], "hunt_results_limit": 19, "hv": 116, "hvstatu": 107, "hw_kei": 116, "hx": 42, "hy": 145, "hy000": 86, "hybridonprem": 90, "hychuang": 103, "hydra": [0, 89], "hyperflex": 42, "hyperlink": 48, "hypervisorvendorid": 116, "hyphen": 124, "hywij2": 97, "hz73oqbyqay0maglhjz4iw": 58, "i": [1, 2, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 50, 51, 52, 53, 54, 55, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 154, 155, 157, 158, 159, 160, 161, 162, 164, 165, 166, 167, 170, 171, 172, 174, 175, 176, 178, 179, 180, 181, 182, 184, 185, 186, 187, 188, 189], "i0000v": 63, "i0u": 97, "i440fx": 115, "iaaaaaaaaaaaaaaaaabaaadalnrscwaaaaaaeaaaahajaaacaaaayieaaaaaaaaaaaaaaaaaqaaawc5yzgf0yqaaabaaaacaiwaaagaaamwhaaaaaaaaaaaaaaaaaeaaafauawrhdgeaaabaaaaakcmaadwaaadoiqaaaaaaaaaaaaaaaabaaabalmrpzgf0yqaaeaaaanajaaaiaaaaciiaaaaaaaaaaaaaaaaaqaaawc5lzgf0yqaaabaaaadgiwaaagaaabiiaaaaaaaaaaaaaaaaaeaaaeaucnnyywaaaacgaaaa8cmaaj4aaaauigaaaaaaaaaaaaaaaabaaabalnjlbg9jaaaaoaiaajakaaceagaasiiaaaaaaaaaaaaaaaaaqaaauaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabyo8waaaacw6gaaaaoe8gaaaccs8gaaab6chegaab44keaaab6eokcaab5o1ecaab5i7ucaab4kn0caab78pucaab4q": 116, "iam": [14, 48, 154], "iam_bind": 48, "iam_polici": 48, "iam_test_us": 15, "iam_test_user_1": 15, "iam_test_user_10": 15, "iam_test_user_2": 15, "iam_us": 14, "iamus": 14, "ian": 20, "ian_ag": 20, "iana": [142, 186], "iawpuewdqyjkozihvcnaqelbqaw": 84, "iazurecontextcontain": 18, "ibm": [0, 1, 4, 7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 34, 35, 36, 38, 39, 40, 41, 42, 45, 46, 47, 48, 49, 50, 51, 52, 54, 57, 58, 60, 62, 63, 64, 65, 67, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 136, 138, 139, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 152, 155, 157, 159, 165, 166, 178, 180, 181, 182, 183, 185, 186, 190], "ibm_cloud_sdk_cor": 145, "ibm_default": [101, 102, 184], "ibm_resilient_integr": 120, "ibm_soar_case_id": 129, "ibm_soar_case_url": 129, "ibm_soar_id": 48, "ibmc4": 112, "ibmcloud": [84, 102, 151, 188, 190], "ibmexpert": 151, "ibmresili": [105, 106, 112, 118, 120, 144, 159, 160, 180], "ibmsecur": 118, "ibmserviceengag": 159, "ibmsoar": 123, "ibpb": 115, "ic": 21, "icaluid": 41, "icann": [26, 142, 186], "icd_email": 159, "icd_field_sever": 159, "icd_pass": 159, "icd_prior": 159, "icd_severity_valu": 159, "icd_url": 159, "icdaa": 159, "icdx": 154, "icdx_amqp_host": 58, "icdx_amqp_password": 58, "icdx_amqp_port": 58, "icdx_amqp_usernam": 58, "icdx_amqp_vhost": 58, "icdx_device_ip": 58, "icdx_device_nam": 58, "icdx_ev": 58, "icdx_forwarder_inc_own": 58, "icdx_forwarder_toggl": 58, "icdx_search_limit": 58, "icdx_search_request": 58, "icdx_severity_id": 58, "icdx_typ": 58, "icdx_uuid": 58, "iceland": [135, 145], "ichat": 116, "icload": 151, "icmp": [42, 82], "icmp_cod": 116, "icmp_code_rang": 116, "icmp_tunnel": 42, "icmp_typ": 116, "icmp_type_rang": 116, "icmpv6": 116, "icnj3l5ewtra5krkgokclntu3kr3snjyw6n3glqassrk5ycnppt7fn6": 185, "icon": [63, 101, 112, 119, 166, 184, 190], "icontain": 105, "iconurl": 63, "id": [2, 8, 9, 12, 14, 16, 18, 19, 20, 21, 22, 23, 24, 27, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 47, 48, 54, 55, 56, 58, 59, 62, 63, 64, 65, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 85, 86, 87, 89, 90, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 118, 119, 120, 123, 124, 125, 126, 128, 129, 131, 135, 136, 140, 142, 143, 145, 146, 149, 150, 152, 153, 155, 160, 171, 177, 180, 181, 183, 184, 185, 186, 188, 189, 190], "id1": 40, "id3810": 54, "id_epmp_dx": 58, "id_in": 129, "id_str": 137, "idea": 189, "ident": [15, 18, 23, 58, 87, 101, 110, 116, 131, 135, 155, 184], "identif": [81, 101, 113, 145, 182], "identifi": [12, 14, 16, 17, 18, 23, 24, 26, 34, 36, 42, 45, 58, 65, 68, 71, 73, 78, 80, 81, 84, 87, 89, 90, 96, 98, 102, 105, 106, 107, 110, 112, 114, 115, 116, 123, 129, 131, 135, 144, 145, 146, 150, 155, 165, 166, 181, 186, 187, 188], "identifiedat": 115, "identity_class": [101, 184], "idn": [40, 135], "idr": 106, "idschecksum": 116, "idsserialno": 116, "idsvers": 116, "idx": [71, 165], "ie": [14, 15, 75, 77, 88, 96, 116], "ieee802": 116, "ienoyw5uzww6igz1bmn0aw9ucy5mbl90aw1lcgoymdiylta5lta5ide4oja4ojm1ldqyosbjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifzhbglkyxrlzcbmdw5jdglvbibpbnb1dhmkmjaymi0wos0wosaxodowodoznsw0mzagsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibtdgfydgluzybbchagrnvuy3rpb246icdmbl90aw1lcickmjaymi0wos0wosaxodowodoznsw0mzagsu5gtybbznvuy3rfzm5fdgltzxjdihrpbwvyx3rpbwu6idjtcjiwmjitmdktmdkgmtg6mdg6mzusndmzielork8gw2z1bmn0x2zux3rpbwvyxsb0aw1lcl9lcg9jadogtm9uzqoymdiylta5lta5ide4oja4ojm1ldqzmibjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifzhbglkyxrlzcbmdw5jdglvbibpbnb1dhmkmjaymi0wos0wosaxodowodoznsw0mzugsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibtdgfydgluzybbchagrnvuy3rpb246icdmbl90aw1lcickmjaymi0wos0wosaxodowodoznsw0mzygsu5gtybbznvuy3rfzm5fdgltzxjdihrpbwvyx3rpbwu6idntcjiwmjitmdktmdkgmtg6mdg6mzusndm2ielork8gw2z1bmn0x2zux3rpbwvyxsb0aw1lcl9lcg9jadogtm9uzqoymdiylta5lta5ide4oja4ojm1lduxnibjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6ifnszwvwaw5nigzvciazmhmuidavmtiwcybjb21wbgv0zs4kmjaymi0wos0wosaxodowodoznsw1mjkgsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibtbgvlcgluzybmb3igndvzliawlze4mhmgy29tcgxldguucjiwmjitmdktmdkgmtg6mdk6mdusnjmwielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gu3rhdhvztwvzc2fnztogv29ya2zsb3cgd2fzihrlcm1pbmf0zwqucjiwmjitmdktmdkgmtg6mdk6mdusnjmyielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gu3rhdhvztwvzc2fnztogvg90ywwgc2xlzxagdgltzsazmcbzzwnvbmrzignvbxbszxrllgoymdiylta5lta5ide4oja5oja1ldyzmybjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifjldhvybmluzybyzxn1bhrzcjiwmjitmdktmdkgmtg6mdk6mdusnjm2ielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gu3rhdhvztwvzc2fnztogrmluaxnozwqgcnvubmluzybbchagrnvuy3rpb246icdmbl90aw1lcickmjaymi0wos0wosaxodowotoymcw2mzugsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibxb3jrzmxvdyb3yxmgdgvybwluyxrlzc4kmjaymi0wos0wosaxodowotoymcw2mzygsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibub3rhbcbzbgvlccb0aw1lidq1ihnly29uzhmgy29tcgxldguucjiwmjitmdktmdkgmtg6mdk6mjasnjm5ielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gumv0dxjuaw5nihjlc3vsdhmkmjaymi0wos0wosaxodowotoymcw2ndagsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibgaw5pc2hlzcbydw5uaw5niefwccbgdw5jdglvbjogj2zux3rpbwvyjwoymdiylta5lta5ide4oje5ojuxldk3ncbjtkzpifthy3rpb25zx2nvbxbvbmvudf0grxzlbnq6idxmbl90aw1lcltdichpzd00mswgd29ya2zsb3c9cgxhewjvb2tfntdmnmm1njlfnwuxzv80ztm4xzgwnjjfm2mzzdg2oty1otu3lcb1c2vypwfkbwluqgv4yw1wbguuy29tksaymdiylta5lta5ide4oje5ojuxljy5nzawmd4gq2hhbm5lbdogznvuy3rpb25zlmzux3rpbwvycjiwmjitmdktmdkgmtg6mtk6ntismtgwielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gvmfsawrhdgvkigz1bmn0aw9uigluchv0cwoymdiylta5lta5ide4oje5ojuylde4msbjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6ifn0yxj0aw5niefwccbgdw5jdglvbjogj2zux3rpbwvyjwoymdiylta5lta5ide4oje5ojuylde4mibjtkzpiftmdw5jdf9mbl90aw1lcl0gdgltzxjfdgltztognw0kmjaymi0wos0wosaxodoxoto1miwxodigsu5gtybbznvuy3rfzm5fdgltzxjdihrpbwvyx2vwb2nooibob25lcjiwmjitmdktmdkgmtg6mtk6ntismtgyifdbuk5jtkcgw2nvm10gvw52zxjpzmllzcbivfrquybyzxf1zxn0cyaoy2fmawxlpwzhbhnlks4kmjaymi0wos0wosaxodoxoto1miwyodcgsu5gtybby28zymfzzv0gvxnpbmcgb3jnig5hbwu6ifrlc3qgt3jnyw5pemf0aw9ucjiwmjitmdktmdkgmtg6mtk6ntisndy3ielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gu3rhdhvztwvzc2fnztogu2xlzxbpbmcgzm9yidc1cy4gmc8zmdbzignvbxbszxrllgoymdiylta5lta5ide4ojixoja3ldyxmsbjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6ifdvcmtmbg93ihdhcyb0zxjtaw5hdgvklgoymdiylta5lta5ide4ojixoja3ldyxmibjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6ifrvdgfsihnszwvwihrpbwugnzugc2vjb25kcybjb21wbgv0zs4kmjaymi0wos0wosaxodoymtownyw2mtygsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbszxr1cm5pbmcgcmvzdwx0cwoymdiylta5lta5ide4ojixoja3ldyxnibjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6iezpbmlzagvkihj1bm5pbmcgqxbwiez1bmn0aw9uoianzm5fdgltzxin": 126, "ifoilvzfugqzinet1jgqqafoxjdoarubejtu2vyxq": 97, "igmp": 116, "ignor": [40, 41, 63, 86, 87, 102, 116, 118, 124, 144], "ignore_parent_rul": 116, "ignore_white_list": [7, 167], "ignorecas": 135, "ignorerul": 150, "ih3o": 97, "iiac": 14, "iiop": 42, "ijkl1mno2p3q4rs5tuv6wxyzabc": 14, "ikaru": 121, "illustr": [35, 65], "ima": 98, "imac": 17, "imag": [4, 63, 65, 84, 95, 101, 115, 126, 140, 150, 153, 154, 178, 183, 184, 185, 189], "imageid": 150, "imageinfo": 84, "imagenam": [37, 102], "imbal": 69, "imbalanc": 69, "imbalance_upsampl": 69, "imd": 42, "imei": 68, "imeiesn": 68, "imeimeid": 68, "immedi": [113, 124], "immin": 71, "immut": [151, 182], "imn": 135, "imp": 102, "impact": [20, 56, 97, 107, 109, 118, 177, 180, 183], "impact_lik": [59, 126], "impact_or_root": 20, "impact_scor": 105, "impact_sv": 107, "impactdescript": 36, "impacted_servic": 89, "impactscor": 150, "imperson": [40, 107], "imphash": 171, "implant": 42, "implement": [7, 17, 23, 24, 28, 31, 33, 34, 37, 38, 40, 42, 44, 45, 48, 50, 63, 65, 71, 82, 83, 85, 89, 91, 98, 101, 105, 106, 107, 110, 112, 113, 114, 115, 116, 120, 121, 123, 124, 125, 129, 131, 134, 135, 142, 144, 150, 153, 162, 166, 167, 168, 169, 171, 172, 174, 189, 190], "implicit": [10, 110], "import": [3, 4, 8, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 24, 28, 32, 33, 34, 35, 38, 39, 40, 41, 42, 44, 45, 51, 54, 55, 60, 63, 67, 68, 72, 73, 76, 77, 78, 79, 81, 82, 83, 84, 86, 87, 88, 89, 90, 94, 95, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 118, 120, 122, 123, 127, 128, 129, 130, 131, 133, 134, 135, 136, 139, 140, 141, 142, 143, 144, 148, 150, 153, 155, 159, 165, 176, 178, 179, 180, 181, 182, 187, 188, 189, 190], "import_hash": 121, "importantli": 134, "impostor": 98, "improp": 112, "improv": [4, 41, 63, 73, 79, 115, 117, 124, 126, 141, 153, 177, 180, 182], "impsum": 145, "in0sicjjb250zw50x3zlcnnpb24ioia1lcaizgvzy3jpchrpb24ioiaiug9zdcbtzxnzywdligzyb20gysbuyxnrihrvihlvdxigu2xhy2sgy2hhbm5lbc4gu2vuzcbzcgvjawzpy3mgywjvdxqgdghlifrhc2sgd2l0acbhbibvchrpb25hbcbjdxn0b20gdgv4dcbtzxnzywdlliisicjlehbvcnrfa2v5ijoginnsywnrx2v4yw1wbgvfcg9zdf9tzxnzywdlx3rvx3nsywnrx190yxnriiwgimxhc3rfbw9kawzpzwrfynkioiaiywrtaw5azxhhbxbszs5jb20ilcaibgfzdf9tb2rpzmllzf90aw1lijogmty1otu1ndmxnzi0mswgim5hbwuioiairxhhbxbsztogug9zdcbuyxnrihrvifnsywnriiwgim9iamvjdf90exblijoginrhc2silcaichjvz3jhbw1hdgljx25hbwuioiaic2xhy2tfzxhhbxbszv9wb3n0x21lc3nhz2vfdg9fc2xhy2tfx3rhc2silcaidgfncyi6ift7inrhz19oyw5kbguioiaizm5fc2xhy2silcaidmfsdwuioibudwxsfv0sicj1dwlkijogimviythmmjcwltjkmdmtngrhoc1hodeyltjjodc4mzc0mjq1ncisicj3b3jrzmxvd19pzci6idm2fv0sicj3b3jrc3bhy2vzijogw119": 126, "in_progress": [42, 115, 144], "in_reply_to": [87, 135], "inaccuraci": [148, 186], "inaccuracy_report": 148, "inaccuratedata": 79, "inact": [15, 48, 77, 103], "inb": 90, "inbound": [24, 42, 78, 87, 136, 181, 188, 189], "inbound_cobalt_strike_connect": 42, "inbound_id": [87, 135], "inbound_mailbox": 135, "inbound_tor_connect": 42, "inbox": [40, 41, 98, 189], "inc": [59, 90, 97, 118, 119, 126, 142, 144, 147, 186], "inc000000005009": 20, "inc000000018070": 20, "inc123456": 119, "inc_create_field": [59, 126], "inc_filter_condit": 59, "inc_id": [35, 59, 87, 97, 107, 108, 126, 176, 177, 180], "inc_last_modified_d": [59, 126], "inc_nam": [35, 59, 107, 108, 126], "inc_own": [35, 59, 107, 108, 126], "inc_owner_id": [59, 126], "inc_search_field": 59, "inc_sort_field": 59, "inc_start": [59, 126], "inc_train": [59, 126], "inc_url": 87, "incas": [37, 46], "inch": 41, "incid": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 35, 38, 40, 41, 42, 43, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 56, 58, 60, 61, 62, 63, 64, 66, 67, 68, 70, 71, 72, 73, 74, 75, 76, 78, 80, 81, 83, 84, 85, 86, 88, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 103, 105, 106, 107, 110, 111, 112, 113, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 127, 128, 130, 131, 132, 134, 136, 137, 138, 139, 140, 141, 142, 144, 146, 147, 148, 149, 150, 151, 152, 153, 154, 159, 162, 163, 164, 165, 166, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 190], "incident_": 176, "incident_close_templ": [77, 129], "incident_creation_templ": [77, 79, 129], "incident_data": 179, "incident_data_top": 179, "incident_el": 97, "incident_ev": 34, "incident_events_output": 34, "incident_field": [12, 17, 24, 45, 78, 90, 115, 129, 140, 144, 187], "incident_group": 34, "incident_group_output": 34, "incident_id": [5, 14, 20, 27, 35, 37, 41, 42, 46, 47, 54, 59, 62, 63, 64, 72, 73, 79, 87, 89, 90, 97, 98, 105, 108, 109, 110, 112, 113, 115, 118, 124, 126, 129, 131, 135, 140, 142, 143, 157, 178, 181, 185, 186], "incident_id_str": 124, "incident_kei": 89, "incident_memb": [16, 54], "incident_nam": 97, "incident_numb": 89, "incident_predict": 69, "incident_properties_given": 81, "incident_propery_given": 81, "incident_status": 115, "incident_templ": 78, "incident_top": 179, "incident_typ": 181, "incident_type_id": [59, 69, 87, 112, 116, 118, 126, 129, 131, 181, 189], "incident_update_templ": [77, 129], "incident_urgency_rul": 89, "incident_url": 97, "incident_utils_close_field": 59, "incidentdetail": 129, "incidentev": 34, "incidenteventurl": 34, "incidentid": [77, 78, 79, 89, 119, 129], "incidentinterfac": 20, "incidentinterface_cr": [20, 109], "incidentnam": 77, "incidentnumb": 79, "incidents_respond": 89, "incidents_return": 113, "incidentstatu": 115, "incidentstatus": 115, "incidentstatusdescript": 115, "incidentstatusid": 129, "incidentstatusnam": 129, "incidenturi": 77, "incidenturl": 79, "incidetn": 55, "incient": 123, "includ": [7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 28, 29, 30, 31, 34, 35, 37, 38, 40, 41, 42, 43, 45, 46, 47, 48, 50, 52, 54, 56, 57, 58, 59, 62, 63, 64, 65, 66, 69, 71, 73, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 99, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 119, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 140, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 154, 161, 162, 163, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 189], "include_attachment_data": [178, 179, 180, 181, 182], "incom": [63, 97, 176, 178, 180, 181, 188, 189], "incompat": 73, "incomplet": [20, 109], "inconclus": [114, 123], "inconsist": 118, "incorpor": [37, 40, 56, 87, 110, 181, 188], "incorrect": 149, "incorrectli": [79, 108, 150], "increas": [17, 100, 102], "increment": 36, "incur": 97, "ind": 135, "ind_act": 77, "ind_created_bi": 77, "ind_creation_d": 77, "ind_descript": 77, "ind_expiration_d": 77, "ind_id": 77, "ind_sever": 77, "ind_titl": 77, "ind_typ": 77, "ind_valu": 77, "indefinit": 110, "indent": [12, 17, 18, 24, 45, 78, 88, 89, 90, 106, 112, 115, 129, 142, 144, 190], "independ": 110, "index": [12, 23, 38, 62, 63, 71, 102, 106, 116, 129, 133, 153, 165, 178, 182, 185, 189, 190], "index_d": 38, "index_prefix": 178, "indexerror": [86, 153, 190], "india": 135, "indian": [95, 135], "indianr": 40, "indic": [8, 9, 12, 14, 15, 17, 20, 23, 24, 34, 38, 41, 42, 45, 48, 60, 68, 72, 78, 79, 80, 84, 87, 88, 90, 97, 98, 101, 102, 105, 106, 110, 112, 114, 115, 116, 119, 124, 129, 135, 144, 151, 153, 176, 178, 180, 181, 182, 184, 187], "indicator_act": 77, "indicator_descript": 77, "indicator_expir": 77, "indicator_occurr": 106, "indicator_sever": 77, "indicator_titl": 77, "indicator_typ": 9, "indicatorofcompromisecount": 36, "indicatortyp": 77, "indicatorvalu": 77, "indict": 15, "individu": [24, 54, 63, 96, 98, 101, 106, 108, 111, 131, 135, 141, 144, 177, 178, 184, 189], "individualid": 112, "indonesia": 135, "industri": [36, 81, 95, 112, 151], "inet": 115, "inet6": 115, "infect": [34, 98, 115, 116, 135], "infer": 95, "infer_person": 95, "inferenceclassif": 41, "infinit": [110, 181], "influenc": 150, "info": [8, 12, 18, 26, 29, 32, 33, 36, 52, 58, 61, 67, 73, 77, 80, 85, 87, 90, 97, 101, 102, 107, 118, 121, 129, 135, 136, 137, 141, 143, 147, 152, 158, 166, 170, 175, 181, 185, 190], "info_typ": [46, 71, 165], "infolist": 126, "infomap": 129, "inform": [0, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39, 41, 42, 44, 45, 46, 47, 48, 50, 51, 52, 54, 55, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 71, 73, 75, 76, 78, 79, 80, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 108, 109, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 139, 140, 141, 142, 144, 145, 146, 147, 148, 150, 151, 152, 153, 155, 159, 160, 166, 168, 170, 173, 175, 176, 177, 178, 179, 180, 181, 182, 184, 185, 186, 188, 189, 190], "infosec": 107, "infrastructur": [20, 71, 148, 190], "infrastructure_provid": 144, "infrastructureeventtyp": 20, "infrequentprofiledapisaccountprofil": 14, "infrequentprofiledapisuseridentityprofil": 14, "infrequentprofiledasnsaccountprofil": 14, "infrequentprofiledasnsuseridentityprofil": 14, "infrequentprofileduseragentsaccountprofil": 14, "infrequentprofileduseragentsuseridentityprofil": 14, "infrequentprofiledusernamesaccountprofil": 14, "infrequentprofiledusertypesaccountprofil": 14, "ingest": [182, 189], "ingress_tim": 144, "inherit": [23, 73, 116, 162], "ini": [129, 180], "inicd": 21, "inifil": 180, "init_d": [59, 126], "init_snow_note_text": 118, "inithttp": 190, "initi": [7, 9, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 28, 29, 30, 31, 34, 35, 40, 41, 42, 44, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 118, 119, 121, 122, 123, 125, 126, 127, 128, 129, 132, 134, 135, 138, 139, 140, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 159, 165, 166, 167, 177, 178, 179, 180, 184, 185, 188, 189], "initial_not": 118, "initialaccess": 79, "initialdevic": 34, "initialis": 36, "initialprior": 185, "initiate_scan_result": 115, "initiatedbi": 115, "initiatedbydescript": 115, "initiatinguserid": 115, "initiatingusernam": 115, "initiatorinfo": 185, "initsnnot": 119, "inject": [7, 42, 86, 107, 123, 150], "inlin": [15, 87, 135, 188, 189], "inlinestylerang": 151, "inner": [103, 180], "inner_item": 103, "inner_kei": 103, "innererror": 41, "innerexcept": 123, "innerexceptiontyp": 123, "innotek": 32, "innov": 98, "inoffens": [102, 103], "inprogress": 77, "input": [7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 69, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 112, 113, 115, 116, 118, 120, 121, 123, 124, 125, 126, 128, 129, 131, 133, 134, 135, 138, 140, 141, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 157, 158, 160, 165, 166, 180, 182, 183, 184, 185, 186, 190], "input_disposit": 106, "input_field_guardium_insights_config_id": 54, "input_field_guardium_insights_fetch_s": 54, "input_field_guardium_insights_from_d": 54, "input_field_guardium_insights_guardium_id": 54, "input_field_guardium_insights_to_d": 54, "input_field_guardium_insights_what": 54, "input_field_guardium_insights_who": 54, "input_full_url": 47, "input_param": [23, 42], "input_paramet": 18, "input_params_comput": 23, "input_params_format": 42, "input_params_group": 23, "input_statu": 106, "input_typ": 180, "input_url": 47, "inputdetail": 16, "inputobject": 18, "inputobjectlowcpuexcludeparameterset": 18, "inputobjectrgexcludeparameterset": 18, "inputs_data": 54, "inputs_str": 17, "inqw": 110, "inremoteshellsess": 115, "insecur": [87, 88, 185], "insecure_registri": 1, "insensit": [106, 110], "insert": [58, 86, 103, 120, 180, 190], "insert_link": 48, "insid": [24, 80, 92], "insight": [71, 97, 101, 106, 116, 123, 154, 184], "insightidr": 154, "insights_ca_fil": 54, "insights_encoded_token": 54, "insights_host": 54, "inspect": 126, "inspector": 102, "instal": [0, 2, 3, 4, 13, 22, 26, 47, 56, 82, 118, 119, 154, 158, 161, 162, 167, 168, 175, 177, 184], "install_d": [23, 97], "install_princip": 97, "installedd": 68, "installeddateinepochm": 68, "installertyp": 115, "installtyp": 116, "instanc": [20, 22, 26, 27, 28, 34, 38, 42, 47, 55, 63, 66, 67, 68, 77, 79, 80, 88, 97, 101, 102, 103, 105, 107, 109, 110, 113, 117, 118, 119, 120, 128, 129, 136, 145, 150, 152, 153, 160, 175, 177, 178, 180, 181], "instance_id": [14, 134], "instance_private_dn": 14, "instance_private_ip": 14, "instance_public_dn": 14, "instance_public_ip": 14, "instance_st": 14, "instance_typ": 14, "instancedetailsid": 150, "instanceid": 20, "instancetyp": 66, "instant": 146, "instanti": [119, 135], "instead": [1, 10, 37, 42, 47, 68, 87, 110, 113, 119, 124, 162, 180, 189, 190], "institut": 71, "instr_text": [59, 119, 126], "instruct": [7, 10, 12, 14, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 57, 58, 59, 62, 63, 64, 65, 66, 70, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 142, 144, 145, 146, 150, 151, 152, 153, 181, 183, 185, 186, 190], "insuffici": 29, "insur": 40, "int": [11, 12, 14, 15, 17, 18, 20, 24, 28, 33, 35, 42, 45, 51, 52, 58, 60, 63, 67, 68, 71, 73, 74, 75, 77, 78, 87, 90, 94, 97, 99, 100, 102, 103, 105, 108, 110, 114, 115, 116, 118, 120, 122, 127, 128, 129, 130, 134, 135, 138, 139, 141, 143, 144, 149, 159, 165], "int32": 18, "integ": [97, 102, 124], "integer01": 20, "integer02": 20, "integr": [0, 4, 5, 7, 8, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 29, 30, 31, 32, 33, 34, 35, 38, 40, 41, 42, 45, 47, 48, 50, 51, 52, 56, 57, 58, 59, 61, 62, 63, 64, 65, 66, 67, 68, 71, 73, 74, 75, 76, 77, 79, 80, 81, 83, 84, 86, 87, 88, 89, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 105, 106, 107, 108, 109, 110, 111, 112, 115, 116, 117, 118, 119, 121, 123, 124, 128, 129, 130, 131, 132, 134, 135, 136, 137, 138, 141, 142, 144, 145, 146, 147, 149, 150, 151, 152, 153, 154, 158, 159, 160, 161, 162, 163, 165, 166, 167, 174, 175, 176, 177, 183, 184, 185, 186, 189, 190], "integratio": 146, "integration_us": 120, "intel": [19, 107, 116, 121, 165], "intel64": 116, "intel_collect": 128, "intel_field": 128, "intel_kei": 128, "intel_valu": 128, "intellig": [8, 9, 12, 42, 76, 78, 80, 89, 97, 98, 101, 114, 128, 135, 142, 148, 154, 171, 177, 186], "intend": [37, 48, 118, 150, 176, 178, 179, 180, 181, 182, 189], "intended_effect": 36, "intens": 116, "intent": [37, 107], "inter": 189, "interact": [18, 22, 28, 42, 47, 72, 88, 112, 131, 150, 166, 177], "interactive_traffic_remote_desktop": 42, "interactive_traffic_shel": 42, "interactive_traffic_ssh": 42, "interest": [88, 90], "interesting_sect": 90, "interfac": [20, 24, 48, 53, 71, 94, 110, 114, 131, 146, 154, 163], "interface_dir": 52, "intermediateca": 71, "intermix": 181, "intern": [10, 14, 17, 23, 34, 35, 42, 63, 68, 76, 97, 106, 112, 136, 144, 155, 159, 190], "internal_attr": 126, "internal_axon_id": 17, "internal_customizations_field": [59, 126], "internal_ip": 23, "internal_url": 63, "internal_vol": 37, "internet": [20, 24, 63, 71, 101, 106, 142, 148, 154, 165, 190], "internet4": 14, "internetmessageid": 41, "interrupt": [42, 177, 180], "interrupted_citrix_data_transf": 42, "interv": [14, 18, 22, 34, 42, 54, 63, 72, 78, 98, 99, 105, 106, 112, 113, 115, 123, 129, 142, 144], "intranet": 190, "intric": 110, "introduc": [4, 38, 42, 63, 77, 84, 85, 87, 118, 180, 181, 182, 189], "introduct": 26, "intrus": [81, 112, 116], "intrust": 116, "intun": 131, "invalid": [40, 42, 59, 106, 116, 126, 189], "inventori": 10, "invertori": 3, "investig": [34, 42, 55, 71, 78, 79, 97, 101, 105, 112, 116, 123, 150, 154, 184], "investigationid": 77, "investigationsecurityst": 78, "investigationst": 77, "invit": [40, 41, 124, 154], "invite": 21, "invoc": [10, 113, 128], "invok": [4, 8, 14, 15, 27, 32, 37, 47, 55, 62, 75, 77, 81, 102, 109, 110, 113, 118, 119, 130, 138, 146, 149, 153, 183, 184, 185, 186], "involv": [34, 77, 110, 151], "io": [1, 51, 52, 63, 65, 68, 75, 87, 98, 105, 106, 112, 122, 126, 133, 144, 150, 152, 154, 158, 166, 175], "io_merged_recurs": 37, "io_queue_recurs": 37, "io_service_bytes_recurs": 37, "io_service_time_recurs": 37, "io_serviced_recurs": 37, "io_time_recurs": 37, "io_wait_time_recurs": 37, "ioc": [19, 42, 101, 102, 116, 154], "ioc_parser_v2": 60, "ioc_typ": 32, "ioc_valu": 32, "iocpars": 60, "iot": [7, 42, 115, 135], "ip": [1, 7, 8, 9, 12, 13, 14, 17, 19, 20, 22, 23, 24, 26, 32, 34, 36, 38, 40, 42, 47, 48, 51, 53, 54, 55, 56, 58, 59, 61, 64, 65, 66, 71, 73, 75, 78, 79, 80, 82, 83, 87, 88, 90, 91, 97, 99, 101, 103, 104, 105, 107, 108, 109, 112, 115, 116, 118, 120, 122, 123, 126, 127, 128, 129, 132, 133, 135, 140, 142, 144, 147, 148, 151, 153, 159, 161, 163, 165, 167, 171, 172, 183, 184, 185, 186, 190], "ip4": 90, "ip_address": [48, 93, 102, 165, 186], "ip_address__c": 112, "ip_end": 116, "ip_fragmented_onli": 116, "ip_id": 105, "ip_info_unavailable_templ": 165, "ip_inform": 165, "ip_intel": 128, "ip_list": 23, "ip_nam": 88, "ip_rang": 116, "ip_start": 116, "ip_str": 105, "ip_vers": 148, "ipaddr": 42, "ipaddr4": 42, "ipaddr6": 42, "ipaddress": [7, 36, 58, 73, 77, 86, 101, 116, 150, 157, 184], "ipaddressv4": 14, "ipf": 98, "ipgeoinfo": 36, "iphon": 68, "iphostnam": 73, "ipie0g1vgmzhefq3lf": 97, "ipincidenthistori": 36, "ipinfo": 154, "ipinfo_access_token": 61, "ipinfo_query_ip": 61, "iprang": 189, "ipreg": 148, "ipreputationhistori": 36, "ips_pref": 17, "ipsec": 123, "ipset": 123, "ipstat": 185, "ipsubnet": 73, "ipsubnetmask": 73, "ipsum": [81, 142, 186], "ipthreathistori": 36, "ipv": 90, "ipv4": [23, 24, 36, 71, 101, 116, 184, 189], "ipv4address": [18, 24], "ipv4allowlist": 189, "ipv4fqdn": 24, "ipv4network": 24, "ipv4rang": 24, "ipv4x": 73, "ipv6": [24, 71, 73, 116, 185, 189], "ipv6_subnet": 116, "ipv6address": [18, 24], "ipv6allowlist": 189, "ipv6fqdn": 24, "ipv6network": 24, "ipv6percentag": 185, "ipv6rang": 24, "ipvers": 7, "ipvoid": 12, "ipwhoi": 148, "ipxaddress": 73, "ipython": 63, "iq": 42, "iqmtk6ixatsv6lhez7xjcmkoazkxjgafhnczmjv6mcscvqwytgmwrsfgykm0nb45pqsiinqasvunbhv3xbqrf8tmbxzshvom6p0yesiyr6sg": 97, "iran": 135, "iraq": 135, "ireland": [7, 14, 135], "irewal": 54, "irish": 145, "irl": 135, "irn": 135, "ironport": [102, 103], "irq": 135, "is_anonym": 12, "is_author": 105, "is_bulk_appli": 105, "is_china_countri": 12, "is_compromis": 23, "is_credit_card_field": 12, "is_defaced_heurist": 12, "is_delet": [59, 97, 126], "is_directory_list": 12, "is_doc_on_directory_list": 12, "is_domain_blacklist": 12, "is_email_address_on_url_queri": 12, "is_empti": 105, "is_empty_page_cont": 12, "is_empty_page_titl": 12, "is_exe_on_directory_list": 12, "is_extern": [59, 126], "is_external_redirect": 12, "is_free_dynamic_dn": 12, "is_free_host": 12, "is_host_an_ipv4": 12, "is_intern": [101, 184], "is_l3": 42, "is_last_index": 106, "is_ldap": 126, "is_linux_elf_fil": 12, "is_linux_elf_file_on_free_dynamic_dn": 12, "is_linux_elf_file_on_free_host": 12, "is_linux_elf_file_on_ipv4": 12, "is_list": [12, 17, 24, 45, 78, 90, 115, 129, 144], "is_lock": 97, "is_malicious_lookup": 107, "is_masked_fil": 12, "is_masked_linux_elf_fil": 12, "is_masked_windows_exe_fil": 12, "is_merg": 89, "is_most_abused_tld": 12, "is_ms_office_fil": 12, "is_non_standard_port": 12, "is_not_empti": 105, "is_not_nul": 105, "is_nul": 105, "is_password_field": 12, "is_pdf_on_directory_list": 12, "is_phishing_heurist": 12, "is_php_on_directory_list": 12, "is_possible_emotet": 12, "is_publish": 71, "is_regex": [15, 153], "is_risky_geo_loc": 12, "is_robots_noindex": 12, "is_safe_dns_serv": 166, "is_saml": 126, "is_scenario": [59, 126], "is_search": [101, 184], "is_sinkholed_domain": 12, "is_stage3_pend": [101, 184], "is_support": 23, "is_suspended_pag": 12, "is_suspicious_cont": 12, "is_suspicious_domain": 12, "is_suspicious_file_extens": 12, "is_suspicious_url_pattern": 12, "is_target": 135, "is_templ": 45, "is_termin": 134, "is_torr": 12, "is_tox": 101, "is_uncommon_clickable_url": 12, "is_upd": 144, "is_url_shorten": 12, "is_user_cr": 42, "is_valid_http": 12, "is_virtu": 15, "is_virtual_mfa": 15, "is_vpn_provid": 12, "is_windows_exe_fil": 12, "is_windows_exe_file_on_free_dynamic_dn": 12, "is_windows_exe_file_on_free_host": 12, "is_windows_exe_file_on_ipv4": 12, "is_zip_on_directory_list": 12, "isaadjoin": 77, "isaccessiblefromothersubscript": 150, "isaccessiblefromothervnet": 150, "isaccessiblefromvpn": 150, "isact": [34, 112, 115], "isalldai": 41, "isalnum": 101, "isassignabletorol": 131, "isatap": 116, "isazureadjoin": 78, "isazureadregist": 78, "isblockedstatussupersed": 129, "isc_sans_get_enrichment_data_for_an_ip_address": 165, "iscancel": 41, "isclos": [112, 123], "isdecommiss": 115, "isdelet": 112, "isdeliveryreceiptrequest": 41, "isdigit": [71, 165], "isdis": 151, "isdomaincontrol": 107, "isdraft": 41, "isdynam": 18, "isemailbounc": 112, "isen": 18, "isescal": 112, "isexecut": 97, "isextindicatorvis": 112, "isfabr": [56, 183], "isfavorit": 123, "isfavoritebydefault": 131, "isfileless": 115, "isgrac": 116, "ishidden": 129, "ishidingnotallow": 129, "ishighlight": 123, "ishybridazuredomainjoin": 78, "isimport": 123, "isin": 58, "isincid": 123, "isinst": [12, 15, 17, 23, 24, 33, 35, 42, 45, 52, 58, 63, 66, 71, 78, 81, 83, 90, 105, 107, 115, 116, 123, 128, 129, 135, 144, 147, 151, 153, 157, 180], "isitphish": 154, "isitphishing_api_url": 62, "isitphishing_licens": 62, "isitphishing_nam": 62, "isitphishing_url": 62, "isl": 135, "island": 135, "islow": 15, "ismalwar": 183, "ismandatori": 18, "ismanualalert": 123, "ismerg": 123, "ismserv": 107, "isn": [29, 73, 118, 124, 179], "isnpvdicli": 116, "iso": [48, 78, 180], "iso_cod": 93, "isoformat": 78, "isolated_bi": 23, "isolation_result": 23, "isolation_statu": 23, "isolationstatu": 107, "isolationstatusfailur": 107, "isonlinemeet": 41, "isorgan": 41, "isoverflowcas": 123, "isp": [7, 12, 14, 87], "ispdf": 90, "ispefil": 77, "ispendinguninstal": 115, "isport": 73, "isprofilephotoact": 112, "ispubl": 7, "isr": 135, "israel": 135, "isread": 41, "isreadreceiptrequest": 41, "isreferenc": 34, "isreminderon": 41, "isretir": [56, 183], "issamesit": 185, "issensit": [56, 183], "isserv": 107, "isspamlist": [56, 183], "issu": [9, 11, 12, 14, 15, 17, 19, 22, 24, 28, 29, 41, 42, 45, 51, 55, 60, 65, 67, 77, 78, 79, 80, 90, 94, 99, 100, 103, 105, 106, 107, 110, 112, 114, 115, 122, 123, 125, 127, 129, 130, 139, 141, 144, 146, 148, 159, 166, 171, 177, 180, 181, 188], "issue_comment_url": 45, "issue_delet": 73, "issue_descript": 73, "issue_due_d": 73, "issue_events_url": 45, "issue_id": 73, "issue_kei": 63, "issue_nam": 73, "issue_st": 73, "issue_url": 63, "issue_url_intern": 63, "issueid": 73, "issuelink": 63, "issuer": [77, 90, 107, 142, 153, 185, 186], "issueraltnam": 90, "issuerestrict": 63, "issues_url": 45, "issuetyp": 63, "issuperviseddevic": 68, "istestcas": 123, "istouch": 123, "isuninstal": 115, "isunusualuserident": 14, "isupp": 15, "isuptod": 115, "isvalidcertif": [77, 115], "isverifi": [56, 183], "isvirtualmachin": 107, "isvpn": 78, "iswatch": 63, "iswhitelist": 7, "ita": 135, "itali": 135, "italian": 145, "itaskschedulerservic": 42, "item": [7, 8, 9, 10, 12, 14, 15, 17, 20, 21, 23, 24, 25, 33, 40, 41, 42, 45, 54, 58, 68, 71, 73, 77, 78, 79, 86, 88, 90, 95, 97, 102, 106, 109, 114, 115, 121, 123, 129, 135, 142, 144, 160, 164, 176, 177, 178, 180, 181, 184, 189, 190], "item_kei": 128, "item_list": [12, 17, 24, 45, 78, 90, 115, 129, 144], "item_row": 103, "item_valu": [20, 103], "itemid": 41, "items_in_index": 106, "items_list": [12, 17, 24, 45, 78, 90, 115, 129, 144], "items_per_pag": 23, "iter": [71, 124, 150], "its": [15, 20, 29, 32, 35, 37, 40, 41, 48, 71, 73, 79, 101, 102, 103, 109, 110, 116, 117, 118, 119, 126, 131, 135, 145, 146, 161, 163, 165, 166, 180, 189, 190], "itself": [37, 38, 48, 71, 87, 101, 110, 134, 140, 162, 177, 180], "itsm": [20, 117, 119, 120], "ityp": [9, 160], "iu_close_field": [59, 126], "iv": 183, "ivborw0kggoaaaansuheugaabkaaaaswcamaaacu33alaaaabgdbtueaalgpc": 185, "ivh": 190, "ivoir": 135, "iyopu31uq6ii0rfhvtkai8lfzqsxcvcxw97fn9dhf": 185, "j": [30, 31, 42, 90, 151, 190], "j2g29i5zyjmuifdruudgcjoyxzrulftaiqraowxf3chwgwwbr": 97, "j5ust1tp5bmgwizwh95ou6k": 97, "j7u3x6fy6umfrera1r9et9xrmz": 97, "j8zpesesicq6ri7plktj9hqzwn9whxcikbkuyrbuf0oe6gvajsyqdknfdghei4lqoctuad2vram6qztudkbzovx6fgq6": 97, "ja": [145, 157], "ja3": 42, "jailbreakstatu": 68, "jam": 135, "jamaica": 135, "jamf": 116, "jan": [12, 106, 116, 135], "jane": 68, "japan": 135, "japanes": [85, 145], "jarm": [142, 186], "jatjs90i7tsbxky7pbcyxlcpfrcm": 31, "java": [14, 29, 32, 35, 42, 63, 68, 76, 77, 86, 97, 105, 129, 136, 190], "java_multiple_fil": 52, "java_outer_classnam": 52, "java_packag": 52, "javascript": [90, 140], "jbig2decod": 90, "jbxapi": 64, "jbxcloud": 64, "jcpzuehsqhb2vdg7x8o5ibivo": 97, "jeff": 88, "jei": 135, "jersei": 135, "jhjkkkaaaaaaaaaaa": 144, "jigsaw": 112, "jigsawcompanyid": 112, "jigsawcontactid": 112, "jigsawimportlimitoverrid": 112, "jimscott": 183, "jinja": [22, 34, 48, 63, 65, 75, 77, 78, 87, 89, 98, 107, 114, 115, 123, 129, 150, 188], "jinja2": [29, 79, 87, 123, 124, 129, 155], "jira": 154, "jira_api_url": 63, "jira_com": 63, "jira_dt_nam": 63, "jira_field": 63, "jira_internal_url": 63, "jira_issue_closed_on_jira": 63, "jira_issue_id": 63, "jira_issue_id_col": 63, "jira_issue_statu": 63, "jira_issue_typ": 63, "jira_label": 63, "jira_label1": 63, "jira_link": 63, "jira_linked_to_incid": 63, "jira_prior": 63, "jira_privatekei": 63, "jira_project_id": 63, "jira_project_kei": 63, "jira_serv": 63, "jira_task_refer": 63, "jira_transition_id": 63, "jira_transition_issu": 63, "jira_url": 63, "jirashel": 63, "jldquz": 110, "jmr": 90, "jndi": 42, "job": [9, 11, 95, 108, 116], "job_nam": 18, "job_output": 18, "job_paramet": 144, "job_result": 18, "jobcount": 18, "jobid": 18, "jobtitl": 116, "joe": [52, 112, 154], "joesandbox": 64, "joesecur": 64, "john": [40, 79, 107, 108, 112], "john_do": 108, "johndo": [23, 40], "johnp": 14, "johnpren": 155, "johnsmacbook": 32, "join": [7, 9, 10, 12, 15, 16, 17, 23, 24, 34, 35, 37, 40, 42, 45, 48, 52, 58, 59, 63, 66, 77, 78, 79, 80, 81, 84, 90, 91, 96, 97, 101, 105, 106, 107, 115, 116, 118, 123, 126, 129, 131, 135, 144, 147, 149, 150, 153, 157, 177, 180, 184, 185, 190], "joinbeforehostminut": 146, "joiner": [112, 129], "jonathan": 95, "jor": [95, 135], "jordan": 135, "jorik": 151, "jose": 144, "joseph": 95, "journal": 95, "jp": 23, "jp_test_group_1": 116, "jpeg": 126, "jpg": 95, "jpn": [85, 135], "jqueri": 105, "jra": 63, "jrd": 18, "jsb_accept_tac": 64, "jsb_analysis_report_ping_delai": 64, "jsb_analysis_report_request_timeout": 64, "jsb_api_kei": 64, "jsb_api_url": 64, "jsb_email_notif": 64, "jsb_report_typ": 64, "jsb_secondary_result": 64, "jsb_system": 64, "jsb_verifi": 64, "jsdpublic": 63, "json": [1, 7, 10, 14, 16, 18, 19, 20, 21, 23, 26, 31, 33, 34, 35, 38, 40, 41, 42, 44, 46, 48, 50, 52, 58, 59, 63, 64, 65, 66, 71, 73, 75, 79, 80, 81, 84, 85, 86, 87, 88, 89, 91, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 111, 112, 116, 118, 121, 123, 124, 125, 126, 128, 131, 132, 134, 135, 137, 140, 142, 143, 146, 149, 150, 151, 152, 153, 158, 176, 182, 183, 184, 185, 186, 190], "json2html": [29, 57], "json_entri": [35, 52, 58, 63], "json_entry_str": [35, 52, 58, 63], "json_err": [12, 17, 24, 78, 90, 115, 144], "json_intel": 165, "json_not": [12, 24, 78, 106, 115, 129, 144], "json_omit_list": [12, 17, 24, 45, 78, 90, 115, 129, 140, 144, 187], "json_str": 58, "jsp": 42, "jspdklrg7uwi": 106, "jujcnog3wleal5dr4avbfoovfwvbb7law9xa3trkgcodzmpd4fndah3gu5m": 97, "jul": 113, "juli": [56, 103, 183], "june": [26, 40, 56, 98, 103, 183], "junior": 95, "junip": [142, 186], "jurisdiction_nam": [59, 126], "jurisdiction_reg_id": [59, 126], "just": [4, 10, 20, 34, 52, 65, 80, 90, 96, 105, 106, 107, 108, 109, 110, 112, 120, 125, 126, 144, 146, 180, 183, 190], "jvup": 97, "jwt": 166, "jwt_algorithm": [110, 166], "jwt_header": [110, 166], "jwt_kei": [110, 166], "jwt_payload": [110, 166], "jwt_token": [110, 166], "k": [15, 42, 54, 66, 69, 73, 77, 79, 83, 84, 88, 95, 97, 135, 142], "k7": 121, "k76exjwrxcwur0dnwbesgktwel8tgcfl1koacu6dln2pve1bozz8gp1cysn0cpsq": 110, "k7antiviru": [142, 186], "k7gw": 121, "k9": 157, "ka": 145, "ka_des7recjbej": 31, "kafka": [154, 177, 179], "kafka_broker_label": 65, "kafka_fe": [178, 179, 181, 182], "kafka_kei": 65, "kafka_messag": 65, "kafka_send_result": 65, "kafka_top": 65, "kafkafe": 154, "kafkaproduc": 65, "kak": 151, "kakfa": 97, "kal": 95, "kali": [42, 102], "kali_ssh_server_kei": 42, "kansa": 95, "kara": 95, "karthik": 151, "kaseya": 42, "kaseya_ml": 42, "kaseya_ml_ip": 42, "kaseya_vsa": 42, "kasperski": [142, 186], "kaz": 135, "kazakh": 145, "kazakhstan": 135, "kb": [53, 180], "kcebe": 97, "kcmi": 121, "kdbgscan": 84, "keel": 135, "keep": [63, 66, 79, 85, 102, 103, 110, 189], "keeper": 107, "kega": 121, "kei": [2, 4, 8, 28, 32, 35, 37, 44, 51, 52, 56, 67, 68, 70, 94, 99, 100, 113, 114, 118, 119, 122, 126, 127, 134, 137, 139, 140, 143, 154, 165, 166, 167, 172, 174, 176, 178, 180, 181, 182, 184, 185, 187], "kek2z8ov3uqsbaeqbkdkznsp75n7h": 84, "ken": 135, "kent": 95, "kenya": 135, "kept": 110, "kerbero": [42, 116, 179], "kerberos_attack_tool_act": 42, "kerberos_auth_error": 42, "kerberos_auth_issu": 42, "kerberos_brute_forc": 42, "kerberos_duplicate_sessions_error": 42, "kerberos_expired_password_error": 42, "kerberos_golden_ticket_attack": 42, "kerberos_invalid_ticket_error": 42, "kerberos_policy_error": 42, "kerberos_revoked_credentials_error": 42, "kerberos_service_unknown_error": 42, "kerberos_silver_ticket_attack": 42, "kerberos_sync_error": 42, "kerberos_ticket_error": 42, "kerberos_unknown_service_error": 42, "kerberos_user_enumer": 42, "kerberos_wrong_password_error": 42, "kernel": [34, 53, 69, 107, 115, 116], "key1": 166, "key_count": 15, "key_data": [8, 33], "key_id": 45, "key_incid": 97, "key_label": 103, "key_last_us": 15, "key_nam": 144, "key_name_typ": 103, "key_siz": [142, 186], "key_usag": [142, 186], "key_valu": 144, "keyencipher": [142, 186], "keyexchang": 185, "keyexchangegroup": 185, "keygen": 88, "keyid": [15, 142, 186], "keylog_txt": 42, "keynam": 18, "keys_url": 45, "keysourc": 18, "keytab": 179, "keyval": [135, 147], "keyword": [12, 86, 153], "kf92rn9he7sth7wvpgwmcbw2klij0hcao": 97, "kgeib4daunlwb1klfb0htwntq22kitwncti4frykpwjohsci6pv": 97, "kgz": 135, "khm": 135, "khmer": 145, "khtml": [93, 185], "kick": 113, "kid": 108, "kill": 4, "kill_process_result": 144, "kind": [24, 48, 78, 79, 148, 189], "kingdom": [7, 135], "kingston": [119, 120], "kinyn9vz97cvz1bbu24qvrw8nvnn054o": 97, "kir": 135, "kirghiz": 145, "kiribati": 135, "kitt": 135, "kk": 145, "kke2djeo_8xo1hokfp_ryi": 155, "km": [14, 145, 185], "kms_master_key_arn": 14, "kmsguid": 20, "kna": 135, "know": [68, 81, 101, 166, 184, 187, 189], "knowledg": [16, 21, 27, 29, 30, 38, 46, 52, 54, 55, 57, 59, 62, 68, 71, 74, 75, 76, 77, 81, 83, 87, 92, 93, 95, 97, 138, 143, 145, 149], "knowledge_graph": 71, "knowledgebas": 53, "knowledgecent": [55, 68], "known": [10, 14, 15, 17, 18, 23, 24, 29, 41, 42, 56, 63, 65, 66, 71, 75, 76, 78, 79, 80, 81, 88, 90, 101, 102, 106, 107, 109, 110, 112, 123, 129, 132, 144, 150, 153, 155, 183, 184], "known_malwar": 144, "knownrisk": 116, "ko": 145, "kolkata": 40, "kong": 135, "kor": [85, 135], "korea": [14, 135], "korean": [85, 145], "kosovo": 135, "krassi": 71, "kryptik": 151, "ks_ekiebtwr1htd9od_f": 38, "ktbyer": 83, "ktmk": 186, "ktptnvhduvq1kq": 97, "ku": 145, "kube": 150, "kubernet": [4, 48], "kubernetesinfo": 115, "kurdish": 145, "kuwait": 135, "kvvp3r": 97, "kw": 42, "kwarg": [113, 190], "kwt": 135, "ky": 145, "kyaab64jkcaab7eskeaab4sseeaab7ijkcaab7w2kuaab6eguyaab7aneyaab5i70yaab489uyaab5maeqaab5oueuaab5s2uuaab6mk0qaab6gtkeaab5sxueaab588keaab5gu0iaab4oxkmaab4i": 116, "kyaab7eskeaab4sseeaab7ijkcaab7w2kuaab6eguyaab7aneyaab5i70yaab489uyaab64jkcaab5oueuaab5s2uuaab6mk0qaab6gtkeaab5sxueaab588keaab5gu0iaab4oxkmaab4i": 116, "kyrgyzstan": 135, "l": [8, 9, 10, 11, 12, 15, 28, 33, 41, 44, 51, 54, 55, 60, 63, 67, 83, 87, 94, 99, 100, 111, 114, 120, 122, 127, 130, 131, 132, 136, 139, 140, 141, 142, 143, 148, 157, 159, 176, 178, 179, 180, 182], "l1": [135, 189], "l6gqp4nogkfejsgwbem4iodb5qwthssucklvmmps4kcwfzyav4gd2nucilznb1qtgmbleslsa5g9cflwsvu1e5iandbdqzwpjsgpgl7jluhcxydfm3ljb8o7e0yindh0qechotm87pornqzuzobq1lwnifo8w55or36ihbu8ariv9y4veufsnbz1ukbxpkmnswairk1nm7dk2wf8pkco1fksy0r27ovxtnkar6d3fasvhymy6mgk2gcpspigbsvo0ygoax5dkjbygkwncinibiqe8fkrwofjhnfmxbmavic10bc0f0nkqjukcmekhqseeshknaaojechd8hc8qcls7nv7ffb7dioxqbimacawecd": 97, "l6gszntreuuessazkip6jeu9qrj97wpbgif4iatluo4muorivplaki0sr7hmu5ui0umuw": 97, "l9da": 151, "l9irh71z4st_vsml4ko3rsaw4fekktpetfvhf6dfxdbupxqb": 155, "la": 180, "lab": [9, 51, 60, 94, 100, 114, 122, 127, 130, 139, 159], "label": [12, 14, 17, 18, 20, 24, 34, 35, 38, 42, 45, 48, 54, 55, 77, 78, 79, 80, 81, 84, 87, 90, 98, 101, 105, 106, 107, 108, 112, 113, 115, 118, 123, 124, 129, 135, 144, 146, 150, 166, 178, 179, 181, 182, 184, 187], "label1": 79, "label_list": 79, "labela": 87, "labelb": 87, "labelnam": 79, "labels_url": 45, "labeltyp": 79, "lambda": [68, 73, 97, 189], "lambda_function_nam": 16, "lambda_payload": 16, "lambda_result": 16, "lamer": 121, "landscap": 57, "lane": 95, "lang": [14, 29, 85, 90], "langaug": 85, "languag": [17, 34, 45, 70, 85, 95, 105, 112, 185, 188], "languagelocalekei": 112, "languages__c": 112, "languages_url": 45, "lanka": 135, "lao": [135, 145], "laptop": [87, 106, 112, 135, 190], "larg": [10, 17, 19, 41, 46, 73, 97, 112], "last": [7, 14, 15, 17, 20, 23, 29, 32, 33, 34, 42, 45, 48, 58, 63, 67, 68, 73, 77, 79, 91, 95, 97, 103, 105, 107, 109, 116, 118, 119, 120, 129, 142, 148, 151, 157, 185, 186, 190], "last_access": 106, "last_activity_bi": 97, "last_activity_tim": 97, "last_analys": 152, "last_analysis_d": [142, 186], "last_analysis_date_str": 142, "last_analysis_result": [142, 186], "last_analysis_stat": [142, 186], "last_attempt": 181, "last_contact_tim": 144, "last_device_policy_changed_tim": 144, "last_device_policy_requested_tim": 144, "last_dns_record": 142, "last_dns_records_d": 142, "last_event_timestamp": 144, "last_external_ip_address": 144, "last_http_response_content_sha256": 142, "last_https_certif": [142, 186], "last_https_certificate_d": [142, 186], "last_incident_timestamp": 89, "last_internal_ip_address": 144, "last_loc": 144, "last_modifi": 102, "last_modification_d": [142, 186], "last_modified_bi": [59, 107, 108, 126], "last_modified_princip": 97, "last_modified_tim": [59, 97, 107, 108, 126], "last_nam": [20, 59, 109, 126, 144], "last_packet_tim": 102, "last_persisted_tim": 103, "last_policy_updated_tim": 144, "last_reported_tim": 144, "last_reset_tim": 144, "last_seen": [23, 32, 71, 80, 95, 103, 105, 121, 152], "last_seen_tim": 42, "last_shutdown_tim": 144, "last_status_change_at": 89, "last_status_change_bi": 89, "last_sync": 181, "last_tim": 164, "last_upd": [63, 71, 101, 147, 184], "last_update_d": 142, "last_update_tim": 144, "last_update_timestamp": 144, "last_updated_tim": 103, "last_us": 102, "last_used_us": 17, "last_used_users_departments_associ": 17, "last_used_users_mail_associ": 17, "last_user_seen": 102, "lastact": 77, "lastactived": 115, "lastactivityd": 112, "lastagenthandl": 73, "lastbootedat": 53, "lastchangedat": 107, "lastclock": 53, "lastcommsecur": 73, "lastconnectedipaddr": 116, "lastcurequestd": 112, "lastcuupdated": 112, "lastdeploymenttim": 116, "lastdetectedat": 150, "lastdownloadtim": 116, "lastediteddatetim": 131, "lasteventdatetim": 78, "lasteventtim": 77, "lastexternalipaddress": 77, "lastheuristicthreattim": 116, "lastipaddress": 77, "lastiptomgmt": 115, "lastloggedinusernam": 115, "lastlogind": 112, "lastlogoff": 66, "lastlogon": 66, "lastlogontimestamp": 66, "lastmdmregisteredinepochm": 68, "lastmodifi": [107, 116], "lastmodifiedat": 18, "lastmodifiedbi": 18, "lastmodifiedbyid": 112, "lastmodifiedd": 112, "lastmodifieddatetim": [41, 78, 131], "lastmodifiedtim": [18, 116], "lastmodifiedtimeutc": 79, "lastnam": [40, 112], "lastpag": 116, "lastpasswordchanged": 112, "lastrank": 165, "lastreferencedd": 112, "lastregisteredinepochm": 68, "lastreport": 68, "lastreportedat": 7, "lastreportedinepochm": 68, "lastscantim": 116, "lastseen": [34, 77, 91, 165], "lastseen_t": 77, "lastseenat": [53, 107], "lastserverid": 116, "lastservernam": 116, "lastsiteid": 116, "lastsitenam": 116, "lastsoftwaredatarefreshd": 68, "laststatusmodifiedtim": 18, "lastupd": [73, 116], "lastupdatedatetimeutc": 77, "lastupdatedbi": 77, "lastupdatedtim": [77, 102], "lastupdatetim": [77, 116], "lastupdatetime_t": 77, "lastusedd": 15, "lastuserdistinguishednam": 115, "lastusermemberof": 115, "lastview": 63, "lastviewedd": 112, "lastvirustim": 116, "lastwipd": 20, "last\u00e1heuristicthreattim": 116, "lat": [14, 59, 126], "latenc": [42, 185], "later": [22, 26, 27, 34, 42, 43, 69, 70, 77, 78, 101, 106, 112, 119, 120, 128, 131, 132, 136, 143, 144, 166, 176, 179, 180, 181, 183, 187, 188, 189], "latest": [4, 14, 26, 32, 33, 63, 76, 80, 102, 110, 117, 133, 151, 154], "latest_act": 32, "latest_action_text": 32, "latest_alert_tim": 106, "latest_event_tim": 106, "latest_tag": 1, "latin": 107, "latitud": [12, 36, 61, 68, 112], "latlng": [44, 59, 126], "latter": 76, "latvia": 135, "latvian": 145, "launch": [42, 77, 90, 102, 116, 155, 190], "layer": [75, 110], "layermetadata": 150, "layout": [15, 32, 36, 37, 55, 66, 87, 89, 124, 190], "lbn": 135, "lbr": 135, "lby": 135, "lca": 135, "ld2_1_count": 26, "ld2_2_count": 26, "ld2_count": 26, "ld3_count": 26, "ld_library_path": 180, "ldap": [42, 116, 154, 160, 162], "ldap3": [29, 66, 158], "ldap_all_workstation_enum": 42, "ldap_as_rep_act": 42, "ldap_attribute_nam": 66, "ldap_attribute_name_valu": 66, "ldap_attribute_update_valu": 66, "ldap_attribute_valu": 66, "ldap_auth": [66, 190], "ldap_auth_error": 42, "ldap_auth_issu": 42, "ldap_base_dn": 66, "ldap_client_any_attribute_enum": 42, "ldap_computer_enum": 42, "ldap_connect_timeout": [66, 190], "ldap_dn": 66, "ldap_domain_nam": 66, "ldap_gpo_enumer": 42, "ldap_group": 66, "ldap_invalid_credentials_error": 42, "ldap_is_active_directori": [66, 190], "ldap_multiple_group_dn": 66, "ldap_multiple_user_dn": 66, "ldap_new_auto_password_len": 66, "ldap_new_auto_password_length": 66, "ldap_new_password": 66, "ldap_object_enum": 42, "ldap_operational_error": 42, "ldap_param": [66, 158, 190], "ldap_password": [66, 190], "ldap_port": [66, 190], "ldap_protocol_error": 42, "ldap_query_result": 66, "ldap_return_new_password": 66, "ldap_search_attribut": [66, 158], "ldap_search_bas": [66, 158, 190], "ldap_search_filt": [66, 158, 190], "ldap_search_param": [66, 190], "ldap_serv": [66, 190], "ldap_spn_scan": 42, "ldap_toggle_access": 66, "ldap_update_attribute_nam": 66, "ldap_us": 108, "ldap_use_ssl": [66, 190], "ldap_user_dn": [66, 190], "ldap_user_info": 66, "ldap_user_new_password": 66, "ldap_user_ntlm": 66, "ldap_utilities_search": 66, "ldapwhoami": 190, "lead": [41, 85, 95, 105], "leadsourc": 112, "learn": [48, 55, 70, 79, 97, 114, 131, 135, 145], "least": [15, 73, 77, 102, 113, 116, 119, 120, 126, 131, 182], "leav": [40, 41, 54, 55, 63, 76, 77, 79, 86, 120, 124, 131, 146, 153, 178, 182], "lebanon": 135, "lee": 89, "left": [4, 17, 34, 38, 40, 41, 55, 59, 67, 84, 90, 101, 110, 114, 119, 120, 123, 126, 131, 135, 136, 155, 181, 190], "leg": 63, "legaci": [14, 32, 40, 48, 87, 144, 148, 157], "legacy_authorization_en": 48, "legacy_id": 42, "legal": 17, "legitim": 135, "len": [10, 12, 14, 15, 17, 23, 24, 34, 40, 42, 45, 48, 56, 58, 73, 78, 81, 84, 88, 90, 91, 97, 98, 101, 103, 105, 106, 107, 112, 115, 116, 126, 129, 131, 135, 144, 150, 153, 183, 184, 189], "length": [12, 15, 42, 43, 66, 101, 110, 119, 151, 180, 185], "lens_id": 105, "lens_view": 105, "leon": 135, "leptonica": 85, "lesotho": 135, "less": [26, 29, 87, 105, 110, 112, 124], "less_or_equ": 105, "less_or_equal_utc_seconds_ago": 105, "less_utc_seconds_ago": 105, "lest": 135, "let": [110, 118, 126], "letter": [24, 41, 124], "level": [4, 10, 12, 17, 24, 34, 37, 42, 45, 48, 58, 67, 71, 75, 76, 77, 78, 79, 85, 87, 90, 95, 97, 102, 107, 113, 115, 129, 132, 144, 146, 155, 181, 187], "level__c": 112, "leverag": [4, 47], "lfew8logqn5onueuw2v6p5d9w2rlgygsedaicsw": 84, "lfhmuv5zxazfdyk5u1w7ak5xzzdlebdi2mt3nrmy83o6fi0kpv3icp3": 97, "lgravdrmcyzsgotmhfsrzqdx5bjp3nhmxeuoguzrpn1qt6bsfw0blzewfysgdb42gccmrotfqddr": 97, "li": [12, 17, 24, 45, 78, 90, 101, 115, 129, 144, 184], "lib": [21, 29, 33, 35, 38, 45, 51, 55, 56, 59, 78, 83, 88, 89, 105, 106, 109, 112, 140, 144, 153, 155, 159, 180], "lib64": 180, "liberia": 135, "libjpeg": 85, "libmaodbc": 180, "libpng": 85, "librari": [4, 6, 10, 37, 38, 60, 80, 85, 132, 136, 148, 157, 160, 175, 177, 179, 180, 190], "librdkafka": 179, "libsqora": 180, "libtdsodbc": 180, "libtiff": 85, "libya": 135, "licens": [10, 45, 62, 116, 166], "licenseexpiri": 116, "licenseid": 116, "licensekei": 115, "licensestatu": 116, "licpecf1dbo6na7ashtornr3b7ns4wp9fjivffaxhxc": 97, "lie": 135, "liechtenstein": 135, "life_contain": 32, "lifecyclest": 48, "lift": 32, "lift_contain": 32, "light": 190, "lightn": 112, "lightsteelblu": 40, "like": [8, 11, 14, 18, 19, 20, 23, 40, 41, 42, 46, 52, 54, 58, 63, 66, 68, 71, 73, 75, 76, 77, 79, 81, 84, 85, 86, 87, 90, 93, 95, 96, 98, 101, 102, 103, 106, 107, 108, 109, 110, 112, 113, 114, 116, 123, 124, 128, 131, 134, 140, 144, 150, 153, 164, 166, 177, 181, 185, 190], "likelihood": 46, "lima": 89, "limit": [14, 18, 23, 24, 32, 33, 35, 37, 40, 42, 45, 46, 58, 68, 77, 79, 84, 85, 87, 89, 97, 102, 103, 105, 106, 110, 113, 115, 116, 118, 123, 131, 144, 153, 160, 166, 178, 179, 180, 182], "line": [1, 4, 12, 15, 17, 24, 29, 30, 37, 45, 52, 67, 69, 70, 77, 78, 83, 85, 90, 107, 115, 129, 135, 140, 142, 144, 146, 149, 155, 163, 180, 182, 187, 189, 190], "linenumb": 185, "link": [12, 17, 20, 23, 24, 30, 34, 36, 37, 40, 41, 42, 45, 47, 48, 49, 50, 63, 77, 78, 79, 81, 84, 89, 90, 91, 92, 93, 96, 97, 101, 102, 105, 106, 107, 108, 110, 112, 115, 117, 123, 124, 126, 129, 142, 144, 146, 148, 150, 151, 166, 171, 180, 184, 185, 186, 187, 188, 189, 190], "link_back": 142, "link_bas": 34, "link_formatt": 48, "link_to_solut": 48, "link_url": [33, 50], "link_url_device_id": 135, "link_url_puid": 135, "linkabl": 157, "linkback": 42, "linkback_url": 42, "linkdomain": 185, "linkedin": 95, "linkid": 79, "linkified_descript": 48, "linkified_recommend": 48, "linkurl": 50, "linux": [4, 9, 11, 28, 32, 34, 42, 44, 51, 53, 54, 58, 60, 67, 73, 83, 93, 94, 100, 105, 114, 115, 116, 122, 127, 130, 139, 141, 143, 148, 150, 159, 190], "lionic": [142, 186], "list": [1, 3, 4, 7, 10, 11, 12, 14, 16, 17, 19, 20, 21, 24, 25, 26, 27, 29, 30, 31, 32, 35, 36, 37, 38, 40, 41, 42, 43, 46, 50, 52, 54, 57, 59, 62, 63, 64, 65, 66, 68, 71, 74, 76, 78, 79, 81, 82, 83, 84, 85, 86, 87, 88, 90, 91, 92, 93, 95, 96, 97, 98, 99, 101, 102, 103, 105, 108, 109, 110, 112, 114, 115, 117, 118, 120, 121, 124, 128, 129, 132, 134, 135, 136, 141, 142, 144, 145, 146, 147, 150, 151, 152, 154, 155, 157, 158, 160, 161, 166, 168, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "list_artifact": [59, 126], "list_as_str": 63, "list_attachments_result": 106, "list_builder_str": 58, "list_descript": 116, "list_find": 48, "list_id": 116, "list_incid": 89, "list_mfa_devices_result": 15, "list_mileston": [59, 126], "list_nam": [23, 116, 123], "list_of_fields_for_features_separated_by_comma": 69, "list_of_not": 77, "list_of_tag": 73, "list_signing_certs_result": 15, "list_srv_specific_creds_result": 15, "list_ssh_keys_result": 15, "list_str": 58, "list_time_valu": 134, "list_to_json_str": 63, "list_url": 153, "list_us": 15, "list_valu": [12, 17, 24, 45, 78, 90, 115, 129, 144, 147], "listbucket": 14, "listdetector": 14, "listen": [29, 52, 75, 155, 171, 176, 178, 179, 180, 181, 182], "listener_brok": 65, "listfind": 14, "listhostedzon": 14, "listmemb": 14, "listresourcerecordset": 14, "lit": 32, "lite": 166, "lithuania": 135, "lithuanian": 145, "littl": 181, "live": [17, 30, 69, 102, 110, 115, 129, 144, 181], "live_response_dis": 144, "live_response_not_kil": 144, "live_response_not_run": 144, "liverespons": 144, "liveupd": 116, "lka": 135, "ll": [10, 14, 35, 41, 65, 66, 73, 77, 80, 87, 88, 89, 90, 96, 102, 103, 107, 113, 117, 118, 124, 128, 131, 151, 154, 185], "llc": [12, 61, 101, 186], "llmnr": [42, 116], "llmnr_poison": 42, "llponjkhng9tiunm1llkbtitevi6g": 116, "lm": 185, "lm_account_id": 38, "lname": [59, 126], "lng": [59, 126], "lnnvzrib82vyovftvu14kafietu9f9nvmknly86n593zyvnddijpxh6domgpir14fyudng7azmsjvchqg9t5etp7nhslyrcpaktq7swadvraa63yk33o": 97, "lo": [142, 145], "load": [24, 29, 104, 106, 111, 115, 124, 125, 133, 135, 136, 157, 160, 181, 183, 190], "loaderid": 185, "loc": 61, "locaip": 97, "local": [1, 3, 4, 9, 10, 12, 14, 17, 18, 19, 20, 21, 22, 23, 24, 29, 30, 32, 34, 35, 37, 41, 42, 54, 57, 58, 59, 62, 63, 64, 65, 66, 73, 75, 76, 77, 79, 80, 83, 85, 86, 88, 97, 102, 103, 105, 106, 107, 112, 113, 116, 123, 128, 129, 131, 135, 136, 144, 151, 155, 176, 177, 180, 184], "local_admin_enumer": 42, "local_appx": 190, "local_destination_address_id": 103, "local_destination_count": 103, "local_ip": [14, 23, 32], "local_pip": 190, "local_port": [14, 23], "localaddr": 107, "localcomput": 116, "localdestinationcount": 102, "localdnsnam": 78, "localdomain": [32, 53, 180], "localesidkei": 112, "localhost": [1, 9, 10, 27, 32, 38, 48, 52, 53, 63, 87, 88, 90, 97, 103, 108, 123, 128, 131, 146, 152, 155, 158, 170, 177, 178, 179, 180, 181, 190], "localid": 107, "locat": [9, 11, 12, 15, 18, 20, 28, 37, 38, 40, 41, 42, 51, 59, 60, 61, 67, 75, 76, 78, 79, 87, 88, 94, 96, 99, 100, 102, 105, 110, 114, 115, 116, 120, 122, 124, 126, 127, 130, 131, 135, 139, 141, 144, 148, 151, 153, 155, 159, 160, 163, 170, 176, 178, 183, 189, 190], "locatedtim": 68, "location_account": 18, "locationen": 115, "locationid": 116, "locationpath": 150, "locationtyp": [41, 115], "lock": [34, 59, 80, 116, 126, 157], "lockbit": 34, "lockdown": 116, "lockedmessag": 157, "lockedopt": 116, "lockedspecialnot": 157, "lockouttim": 66, "loco_moco_search": 38, "loco_moco_search_request_id": 38, "log": [4, 27, 29, 37, 38, 41, 42, 48, 55, 69, 77, 87, 89, 90, 102, 103, 105, 106, 111, 116, 120, 126, 128, 135, 138, 149, 153, 155, 164, 177, 181, 184, 185, 187, 188, 189, 190], "log4j": 105, "log4shel": 42, "log_act": 116, "log_entri": 89, "log_level": 58, "log_nam": 58, "log_sourc": [102, 103], "log_source_nam": 102, "log_tim": 58, "logactivitytrac": 18, "loganalyt": 79, "logdir": [9, 11, 15, 28, 51, 60, 67, 94, 100, 114, 122, 127, 130, 139, 141, 148, 159, 190], "logfil": 190, "logforward": 78, "loggedonus": 77, "logic": [12, 17, 24, 34, 38, 45, 48, 65, 78, 87, 90, 96, 115, 129, 144, 177, 180, 181, 188, 189], "logic_typ": 97, "logicalcpu": 116, "login": [1, 18, 20, 34, 41, 42, 45, 58, 68, 78, 79, 87, 102, 103, 106, 112, 120, 128, 131, 155, 180, 190], "login_count": 164, "login_user_nam": 144, "logindomain": 116, "loginprofileexist": 15, "logist": 69, "loglevel": [8, 27, 33, 77, 81, 99, 109, 138, 149, 153, 181, 190], "loglin": 106, "logo": 4, "logon": 166, "logoncount": 66, "logondatetim": 78, "logonid": [78, 107], "logonip": 78, "logonloc": 78, "logontyp": 78, "logonui": 107, "logonusernam": 116, "logopath": 183, "logotyp": 56, "logout": 190, "logprogress": 18, "logsourceid": [102, 103], "logsourcenam": [102, 103], "logsourcename_logsourceid": 103, "logverbos": 18, "lon": 14, "long": [12, 14, 15, 17, 18, 24, 34, 41, 45, 46, 78, 90, 100, 105, 106, 107, 110, 112, 115, 118, 140, 144, 150, 188], "longer": [24, 84, 85, 108, 118, 142, 155, 156, 188, 189], "longitud": [12, 36, 61, 68, 112], "look": [2, 17, 34, 42, 48, 63, 77, 79, 85, 95, 96, 99, 102, 103, 105, 106, 107, 108, 112, 113, 115, 118, 120, 123, 127, 129, 135, 139, 153, 181, 189, 190], "lookback": [89, 144, 150], "lookbackperiod": 77, "lookup": [8, 12, 42, 50, 77, 80, 82, 122, 123, 124, 125, 131, 139, 142, 143, 154, 157, 166, 168, 181, 186, 190], "lookup_map": 128, "lookup_statu": [77, 123], "lookuperror": 70, "loop": [32, 34, 36, 48, 53, 63, 77, 79, 119, 129, 135, 190], "loopback": 177, "lorem": [81, 145], "los_angel": 112, "lose": [134, 180], "loss": 87, "lost": [73, 87, 112, 181], "lot": [46, 126, 140], "love": [95, 177], "low": [9, 14, 34, 36, 42, 48, 59, 63, 65, 71, 73, 77, 78, 79, 80, 84, 87, 89, 101, 103, 105, 106, 107, 118, 119, 123, 126, 129, 131, 135, 136, 144, 150, 184, 185, 188], "lowcputhreshold": 18, "lower": [15, 17, 73, 77, 84, 105, 106, 112, 116, 131, 135, 142, 144, 153, 178], "lowercas": [15, 124, 135], "lowest": [63, 89], "lsass": 107, "lsgnekmopmabjgukgqadpw3astob6vfadeqvoh6pkteitzsyuhysxljo1eo20se4jxskyw3ii": 97, "lso": [99, 135], "lt": [98, 145], "ltc": 190, "ltd": [7, 53, 77, 116, 148], "ltr": 40, "ltu": 135, "lu": [33, 116, 151], "lua": [142, 186], "luak": 15, "lucia": 135, "luckili": 85, "lucont": 116, "lumu": [142, 186], "luthor": 95, "lux": 135, "luxembourg": 135, "lv": 145, "lva": 135, "lvm2": 190, "lxml": 90, "lz": 185, "m": [19, 35, 40, 41, 42, 75, 77, 78, 79, 83, 84, 89, 90, 95, 103, 105, 112, 113, 116, 121, 134, 135, 140, 141, 142, 145, 146, 150, 160, 166, 179, 180, 190], "m3": [14, 93], "m365x594651": 78, "m4a809400de110cbedaa89ff5e55b3d73": 146, "m84f604b5194e7f10e384fe4043aafd": 30, "m8zozer6": 97, "ma": [49, 95, 185], "maarten": 135, "maas360": 154, "maas360_action_typ": 68, "maas360_app_access_kei": 68, "maas360_app_app_id": 68, "maas360_app_app_nam": 68, "maas360_app_app_vers": 68, "maas360_app_device_id": 68, "maas360_app_id": 68, "maas360_app_lastsoftwaredatarefreshd": 68, "maas360_app_timestamp": 68, "maas360_app_typ": 68, "maas360_app_vers": 68, "maas360_basic_search_match": 68, "maas360_basic_search_page_s": 68, "maas360_basic_search_sort_attribut": 68, "maas360_basic_search_sort_ord": 68, "maas360_billing_id": 68, "maas360_device_dt": 68, "maas360_device_group_id": 68, "maas360_device_id": 68, "maas360_deviceid": 68, "maas360_devicenam": 68, "maas360_devicestatu": 68, "maas360_devicetyp": 68, "maas360_email": 68, "maas360_host_url": 68, "maas360_imei_meid": 68, "maas360_installed_software_datat": 68, "maas360_lastreport": 68, "maas360_partial_device_nam": 68, "maas360_partial_phone_no": 68, "maas360_partial_usernam": 68, "maas360_password": 68, "maas360_platform_id": 68, "maas360_platform_nam": 68, "maas360_platformnam": 68, "maas360_request_timeout": 68, "maas360_rule_app_typ": 68, "maas360_rule_device_id": 68, "maas360_rule_device_nam": 68, "maas360_rule_email": 68, "maas360_rule_imei_meid": 68, "maas360_rule_phone_no": 68, "maas360_rule_platform_nam": 68, "maas360_rule_usernam": 68, "maas360_target_devic": 68, "maas360_timestamp": 68, "maas360_usernam": 68, "maas360_wipe_device_notify_m": 68, "maas360_wipe_device_notify_oth": 68, "maas360_wipe_device_notify_us": 68, "maas360deviceid": 68, "maas360forio": 68, "maas360managedstatu": 68, "mac": [3, 9, 17, 23, 32, 34, 42, 68, 73, 80, 102, 107, 110, 116, 128, 135, 171], "mac_address": [32, 144], "macaddr": 42, "macaddress": [34, 77, 116], "macao": 135, "macbook": [3, 9, 14, 21, 24, 30, 41, 59, 62, 75, 76, 77, 83, 95, 97, 105, 112, 136, 184], "macbookpro": 14, "macedonia": 135, "machin": [3, 4, 16, 19, 37, 53, 63, 64, 70, 78, 79, 84, 85, 97, 103, 106, 114, 129, 133, 135, 145, 171, 190], "machine_com": 77, "machine_exposure_level": 77, "machine_file_hash": 77, "machine_firstseen": 77, "machine_health_statu": 77, "machine_id": 77, "machine_ip": 77, "machine_last_act": 77, "machine_lastseen": 77, "machine_learn": 69, "machine_learning_predict": 69, "machine_link": 77, "machine_list": 77, "machine_nam": 77, "machine_platform": 77, "machine_risk_scor": 77, "machine_tag": 77, "machineact": 77, "machineid": [77, 107], "machinetag": 77, "machinetyp": 115, "maco": [14, 37], "macosx": 116, "macro": 87, "madagascar": 135, "made": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 58, 60, 63, 64, 65, 66, 67, 71, 73, 76, 77, 78, 79, 80, 83, 84, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 109, 110, 112, 113, 114, 115, 116, 117, 118, 121, 122, 123, 124, 127, 128, 129, 130, 131, 134, 135, 139, 141, 142, 144, 145, 146, 148, 150, 151, 152, 153, 159, 160, 166, 180, 181, 187, 188, 189], "madrid": 117, "maf": 135, "magic": 121, "magnifi": [112, 190], "magnitud": [102, 103], "mai": [1, 4, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 26, 27, 28, 31, 32, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 63, 64, 65, 66, 67, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 94, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 135, 136, 139, 141, 142, 144, 145, 146, 148, 150, 151, 152, 153, 157, 159, 165, 166, 177, 178, 180, 181, 182, 184, 185, 186, 187, 188, 189, 190], "mail": [20, 40, 41, 64, 66, 82, 87, 90, 98, 99, 102, 103, 110, 131, 155, 158, 189, 190], "mail_attach": [87, 96, 97], "mail_bcc": [87, 96, 97], "mail_bodi": 87, "mail_body_html": [87, 96, 97], "mail_body_text": [87, 97], "mail_cc": [87, 97], "mail_encryption_recipi": 87, "mail_from": [87, 97], "mail_import": 87, "mail_in_reply_to": 87, "mail_incident_id": [87, 97], "mail_inline_templ": 87, "mail_line_templ": 87, "mail_merge_bodi": 87, "mail_message_id": 87, "mail_subject": [87, 97], "mail_template_label": 87, "mail_template_select": 87, "mail_to": [87, 97], "mailbox": [41, 42, 87, 90, 98, 135, 189], "mailbox_typ": 40, "mailboxdeviceid": 68, "mailboxlastreport": 68, "mailboxlastreportedinepochm": 68, "mailboxmanag": 68, "mailboxset": 41, "mailen": 131, "mailer": 171, "mailfold": 41, "mailfrom": 90, "mailingaddress": 112, "mailingc": 112, "mailingcountri": 112, "mailinggeocodeaccuraci": 112, "mailinglatitud": 112, "mailinglongitud": 112, "mailingpostalcod": 112, "mailingst": 112, "mailingstreet": 112, "mailmessag": 77, "mailnicknam": 131, "mailto": [135, 189], "main": [4, 14, 15, 23, 42, 45, 63, 97, 116, 118, 119, 120, 123, 153, 185], "main_pag": 12, "main_sect": 71, "mainlin": [68, 98, 116, 135, 189], "maintain": [0, 1, 6, 37, 45, 118, 131, 156, 176, 178, 179, 180, 181, 182, 189], "mainten": 123, "mainthread": 181, "majest": 142, "majestic_million_1m": 71, "major": [38, 56, 58, 180, 183, 188], "major_vers": 32, "majorvers": 116, "make": [4, 7, 8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 33, 34, 35, 36, 38, 40, 41, 42, 45, 46, 47, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 68, 69, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 140, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 160, 165, 166, 180, 181, 184, 188, 189], "make_linkback_url": 42, "make_list_str": 42, "make_playbook": 96, "make_properties_str": 42, "make_summary_not": 42, "make_unicod": [12, 17, 24, 45, 78, 90, 115, 144], "make_url": 97, "maker": [97, 154], "mal": 151, "mal_ip": 9, "malai": 145, "malawi": 135, "malayalam": 145, "malaysia": 135, "malc0d": 71, "maldiv": 135, "male": 95, "malform": 86, "mali": 135, "malici": [14, 19, 23, 26, 32, 34, 36, 42, 71, 75, 76, 77, 78, 87, 93, 98, 99, 101, 102, 106, 107, 121, 123, 133, 135, 139, 142, 143, 166, 174, 181, 184, 185, 186, 189], "malicious_count": 71, "malicious_flag": [98, 185], "maliciousipcal": 14, "maliciousprocessargu": 115, "malicioustot": 185, "maliciousverdict": 185, "malshar": 71, "malta": 135, "maltes": 145, "malvina": 135, "malwar": [8, 23, 27, 32, 37, 42, 50, 59, 71, 76, 77, 80, 81, 90, 92, 98, 101, 107, 112, 115, 116, 121, 123, 126, 128, 132, 135, 137, 142, 143, 144, 151, 153, 171, 181, 186], "malware_analysi": 71, "malware_famili": [101, 184], "malware_list": 98, "malware_sha_256_hash__c": 112, "malwaredomainlist": 71, "malwaremustdi": 71, "malwarepatrol": [142, 186], "malwarest": 78, "mamv1jsfxbw": 185, "man": 135, "manag": [4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 155, 160, 163, 165, 166, 170, 182, 188, 190], "managedbi": 77, "managedbystatu": 77, "managedst": 73, "manageengin": 42, "managerid": 112, "mandatori": 40, "mandiant": 154, "mandiant_artifact_data": 71, "mandiant_artifact_typ": 71, "mandiant_result": 71, "mani": [5, 7, 10, 41, 46, 58, 73, 79, 87, 96, 98, 105, 129, 181, 189], "manipul": [35, 41, 66, 73, 110, 130, 137], "manner": 110, "manual": [4, 10, 14, 17, 18, 20, 23, 24, 25, 34, 35, 41, 42, 44, 48, 56, 63, 65, 66, 67, 72, 73, 76, 79, 80, 81, 85, 86, 87, 88, 89, 90, 96, 97, 98, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 118, 120, 123, 124, 125, 128, 129, 131, 134, 135, 142, 144, 150, 151, 153, 155, 159, 161, 166, 178, 181, 182, 183, 184, 185, 186, 188, 189], "manual_set": 97, "manuallyad": 107, "manufactur": [20, 53, 68], "map": [15, 20, 34, 35, 42, 44, 63, 65, 68, 75, 77, 79, 80, 81, 84, 89, 102, 103, 105, 106, 112, 118, 119, 123, 128, 129, 135, 144, 150, 162, 171, 181, 189], "map_sn_record_st": 118, "map_tempt": 105, "mapp": 123, "mapped_classif": 135, "mapper": 190, "mapping_closure_reason": 144, "mapping_determination_on_clos": 144, "mapping_dispositon_on_clos": 106, "mapping_no_head": 35, "mar": [110, 135], "marathi": 145, "march": [56, 103, 134, 183], "margin": 40, "mariadb": [86, 177, 180], "mariadbdialect": 180, "mariana": 135, "marino": 135, "mark": [9, 24, 40, 45, 66, 76, 77, 79, 80, 86, 97, 110, 113, 115, 131, 134, 136, 150, 157, 174], "mark_kei": 48, "markdown": 166, "marketplac": [31, 183], "markmonitor": 186, "marks_list": 48, "markscherfl": [77, 131], "markup": 124, "marshal": 135, "martin": 135, "martiniqu": 135, "mass": 186, "massiv": [102, 183], "master": [14, 43, 65, 83, 101, 160, 166, 180, 184, 190], "masterrecordid": 112, "mastodon": 165, "match": [3, 4, 9, 10, 14, 17, 20, 23, 34, 35, 36, 38, 41, 42, 50, 52, 58, 63, 65, 67, 68, 73, 77, 78, 79, 80, 84, 87, 94, 95, 97, 102, 107, 109, 112, 113, 116, 119, 121, 126, 134, 135, 149, 151, 161, 165, 180, 181, 189], "match_al": 38, "match_field_nam": 126, "match_field_valu": 126, "match_highlight": 126, "matchcount": 129, "matched_record": 38, "matcher": 107, "matching_oper": 181, "mathew": 146, "matter": [63, 66, 102, 103], "mauritania": 135, "mauritiu": 135, "max": [12, 19, 20, 23, 32, 35, 41, 63, 64, 76, 77, 84, 95, 97, 102, 109, 128, 134, 141, 142, 150, 180, 185], "max_alert": [77, 79], "max_auth_attempt": 116, "max_batch_request": 41, "max_batched_request": 41, "max_count": 69, "max_data_table_row": 98, "max_datatable_row": [20, 109], "max_id": 97, "max_inst": 113, "max_issues_return": 63, "max_mariadb_text": 180, "max_messag": 41, "max_polling_wait_sec": 142, "max_results_displai": 33, "max_retri": 23, "max_retries_backoff_factor": 41, "max_retries_tot": 41, "max_row": 144, "max_tim": [134, 141], "max_us": 41, "maxdat": 165, "maximo_cb": 159, "maximum": [9, 17, 33, 34, 35, 41, 42, 54, 55, 63, 69, 97, 98, 106, 110, 114, 116, 134, 150, 165], "maxlin": 67, "maxmemorypershellmb": 84, "maxresult": 63, "maxretri": 20, "maxrisk": 165, "mayb": [90, 177], "mayen": 135, "mayott": 135, "mbi": 150, "mbp": [37, 42, 58, 112, 113, 157], "mc": 41, "mc_ueid": 20, "mcafe": [116, 154], "mcafee_atd_report_typ": 72, "mcafee_atd_url_submit_typ": 72, "mcafee_dxl_payload": [75, 76], "mcafee_epo_abort_after_minut": 73, "mcafee_epo_admin": 73, "mcafee_epo_allow_dupl": 73, "mcafee_epo_allowed_ip": 73, "mcafee_epo_client_task": 73, "mcafee_epo_delete_if_remov": 73, "mcafee_epo_email": 73, "mcafee_epo_flatten_tree_structur": 73, "mcafee_epo_fullnam": 73, "mcafee_epo_group": 73, "mcafee_epo_group_id": 73, "mcafee_epo_issu": 73, "mcafee_epo_issue_assigne": 73, "mcafee_epo_issue_descript": 73, "mcafee_epo_issue_du": 73, "mcafee_epo_issue_id": 73, "mcafee_epo_issue_nam": 73, "mcafee_epo_issue_prior": 73, "mcafee_epo_issue_properti": 73, "mcafee_epo_issue_resolut": 73, "mcafee_epo_issue_sever": 73, "mcafee_epo_issue_st": 73, "mcafee_epo_issue_typ": 73, "mcafee_epo_new_usernam": 73, "mcafee_epo_not": 73, "mcafee_epo_object_id": 73, "mcafee_epo_pass": 73, "mcafee_epo_permission_set": 73, "mcafee_epo_permsetnam": 73, "mcafee_epo_phone_numb": 73, "mcafee_epo_polici": 73, "mcafee_epo_product_id": 73, "mcafee_epo_push_ag": 73, "mcafee_epo_push_agent_domain_nam": 73, "mcafee_epo_push_agent_force_instal": 73, "mcafee_epo_push_agent_install_path": 73, "mcafee_epo_push_agent_package_path": 73, "mcafee_epo_push_agent_password": 73, "mcafee_epo_push_agent_skip_if_instal": 73, "mcafee_epo_push_agent_suppress_ui": 73, "mcafee_epo_push_agent_usernam": 73, "mcafee_epo_query_group": 73, "mcafee_epo_query_ord": 73, "mcafee_epo_query_select": 73, "mcafee_epo_queryid": 73, "mcafee_epo_random_minut": 73, "mcafee_epo_reset_inherit": 73, "mcafee_epo_retry_attempt": 73, "mcafee_epo_retry_intervals_in_second": 73, "mcafee_epo_search_text": 73, "mcafee_epo_stop_after_minut": 73, "mcafee_epo_sub_group": 73, "mcafee_epo_subjectdn": 73, "mcafee_epo_system": 73, "mcafee_epo_system_name_or_id": 73, "mcafee_epo_systems_dt": 73, "mcafee_epo_tag": 73, "mcafee_epo_target": 73, "mcafee_epo_task_id": 73, "mcafee_epo_ticket_id": 73, "mcafee_epo_ticket_server_nam": 73, "mcafee_epo_timeout_in_hour": 73, "mcafee_epo_type_id": 73, "mcafee_epo_uninstal": 73, "mcafee_epo_uninstall_softwar": 73, "mcafee_epo_us": 73, "mcafee_epo_use_all_agent_handl": 73, "mcafee_epo_user_dis": 73, "mcafee_epo_usernam": 73, "mcafee_epo_windowsdomain": 73, "mcafee_epo_windowsusernam": 73, "mcafee_esm_password": 74, "mcafee_esm_serv": 74, "mcafee_esm_usernam": 74, "mcafee_publish_method": [75, 76], "mcafee_tie_com": 76, "mcafee_tie_filenam": 76, "mcafee_tie_get_file_reput": 76, "mcafee_tie_get_lastest_reput": 76, "mcafee_tie_hash": 76, "mcafee_tie_hash_typ": 76, "mcafee_tie_reputation_typ": 76, "mcafee_tie_search": 170, "mcafee_tie_set_file_reput": 76, "mcafee_tie_set_reputation__datat": 76, "mcafee_tie_trust_level": 76, "mcafee_topic_nam": [75, 76], "mcafee_wait_for_respons": [75, 76], "mcdonald": 135, "mco": 135, "mcygaf6oouwx38qnhpwhossusdo8yvi": 97, "md": [14, 43, 166], "md5": [23, 32, 36, 37, 71, 76, 77, 80, 87, 101, 102, 107, 115, 116, 121, 126, 128, 132, 142, 144, 153, 171, 186, 189], "md5_hash": 102, "md5hash": 36, "mda": 135, "mdatpdeviceid": 77, "mdc6umvszwfzztexnta4mdg": 45, "mdc6umvszwfzztexnza1mdq": 45, "mdc6umvszwfzztexnza1mti": 45, "mdc6umvszwfzztexnza1nj": 45, "mdc6umvszwfzztexnza3njq": 45, "mdewoljlcg9zaxrvcnkxmzy3nda4": 45, "mdg": 135, "mdm": 68, "mdmmailboxdeviceid": 68, "mdq6vxnlcjezmzaxmq": 45, "mdr": 144, "mdr_alert": 144, "mdr_alert_notes_pres": 144, "mdr_threat_notes_pres": 144, "mdv": 135, "mdy6q29tbwl0mtm2nzqwodo0ymu2zju2zmrkmzdjowqzywewntrhmtvjzgzjyja5mwjimtzmytrk": 45, "mdy6q29tbwl0mtm2nzqwodpjzdlmogy3ndqzmgzhodiyntq5oddkogmwmwu0mze2zmi4mjewmmq3": 45, "me": [42, 142, 186], "mean": [4, 18, 37, 69, 71, 85, 89, 108, 110, 118, 131, 177, 180, 190], "meaning": [86, 88, 128, 131], "meant": [80, 108], "measur": 79, "meb86e2013c2d82c3c9dea7b8b27253": 30, "mechan": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165, 179, 180, 189], "med": 71, "media": [95, 112, 151], "medium": [20, 34, 36, 42, 48, 59, 63, 65, 73, 77, 78, 79, 80, 89, 101, 103, 105, 106, 107, 112, 118, 119, 123, 126, 129, 135, 144, 150, 184], "mediumbannerphotourl": 112, "mediumphotourl": 112, "meeitng": 146, "meet": [21, 63, 105, 109, 126, 131, 166, 187, 188, 189], "meet8": 30, "meetingid": 146, "meetinglink": 146, "meetingnumb": 146, "meetingopt": 146, "meetingseri": 146, "meetingtyp": 146, "meid": 68, "mem": 116, "member": [0, 16, 21, 42, 45, 54, 59, 88, 98, 99, 124, 126, 131, 146, 180, 181], "member_list": [24, 88], "memberof": 66, "membership": [15, 131], "membershiprul": 131, "membershipruleprocessingst": 131, "membershiptyp": 131, "memcach": 42, "memcache_error": 42, "memcache_issu": 42, "memdump": 37, "memori": [37, 77, 84, 116], "memory_stat": 37, "memorys": 53, "mention": [15, 40, 54, 110, 131, 146, 166], "mentioned_us": [59, 126], "menu": [9, 11, 15, 20, 21, 25, 28, 29, 30, 31, 35, 41, 42, 51, 55, 60, 67, 68, 94, 95, 99, 100, 106, 114, 115, 119, 120, 122, 127, 129, 130, 135, 139, 141, 146, 148, 155, 159, 160, 164, 184, 189, 190], "merg": [10, 12, 45, 87], "merges_url": 45, "mes1": 93, "messag": [4, 16, 24, 34, 35, 39, 40, 43, 44, 45, 52, 55, 58, 59, 63, 65, 66, 72, 73, 75, 77, 79, 90, 97, 98, 99, 101, 102, 103, 105, 107, 116, 122, 123, 126, 128, 133, 135, 142, 144, 146, 150, 155, 160, 163, 164, 171, 177, 178, 179, 181, 182, 186], "message_bodi": 136, "message_id": [16, 87, 135, 136], "message_id_domain": 87, "message_id_from_sns_execut": 16, "message_id_list": 135, "message_pattern": 135, "message_row": 40, "messageaclentri": 129, "messagecomponentid": 129, "messagecomponentnam": 129, "messagecomponenttyp": 129, "messaged": 129, "messagedirection": 90, "messageid": [98, 129], "messages_block": 98, "messages_deliv": 98, "messagesecurityst": 78, "messagesourc": 129, "messagetyp": [129, 131], "messagetypeid": 129, "messaging_service_sid": 136, "messga": 116, "messukesku": 125, "met": [71, 181, 189], "meta": [32, 101, 111, 179, 184, 185], "metaconfigur": 18, "metadata": [0, 23, 36, 41, 42, 58, 77, 78, 106, 110, 111, 131, 132, 140, 144, 148], "metasploit": 42, "meterpret": 42, "meterpreter_shel": 42, "method": [20, 23, 37, 42, 59, 63, 69, 75, 84, 105, 106, 112, 116, 126, 131, 135, 141, 142, 144, 146, 150, 165, 166, 171, 185, 186, 189], "methodologi": 110, "metric": [7, 9, 10, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 30, 32, 34, 35, 37, 40, 41, 42, 45, 46, 48, 50, 54, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 79, 80, 83, 84, 85, 86, 87, 88, 90, 91, 95, 96, 97, 102, 103, 104, 105, 106, 107, 108, 110, 112, 113, 115, 116, 118, 121, 123, 125, 126, 128, 129, 131, 134, 135, 136, 144, 146, 148, 150, 151, 152, 153, 157, 183, 184], "metro": 185, "metropoli": 95, "mex": 135, "mexico": 135, "mfa_ser_num": 15, "mfa_serial_num": 15, "mgr": 157, "mhl": 135, "micro": 102, "micronesia": 135, "microsecond": 134, "microsoft": [18, 33, 34, 42, 71, 86, 87, 90, 93, 102, 107, 135, 144, 154, 177], "microsoft_azure_security_azuredefenderfordata": [78, 79], "microsoft_azure_security_insight": 79, "microsoft_azure_security_r3": 78, "microsoft_graph_token_url": [41, 78], "microsoft_graph_url": [41, 78], "microsoft_security_graph_alert_data": 78, "microsoft_security_graph_alert_id": 78, "microsoft_security_graph_alert_search_queri": 78, "microsoft_security_graph_query_end_datetim": 78, "microsoft_security_graph_query_start_datetim": 78, "microsoftdefenderatp": 78, "microsoftdefenderforendpoint": 77, "microsoftonlin": [18, 41, 78, 131, 155], "microworld": 121, "mid": 117, "middl": [20, 32, 33, 36, 37, 95], "middle_nam": 144, "midnight": 113, "might": [7, 10, 12, 14, 17, 18, 19, 20, 23, 24, 31, 34, 35, 38, 40, 41, 42, 45, 48, 50, 63, 64, 65, 66, 71, 73, 75, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 146, 150, 151, 152, 153, 155, 165, 183, 184, 185, 186, 189], "mightymol": 98, "migrat": [10, 14, 24, 32, 35, 40, 41, 42, 65, 66, 73, 77, 80, 87, 88, 89, 90, 98, 103, 117, 124, 128, 131, 142, 146, 151, 154, 183, 184, 185, 186], "miievaibadanbgkqhkig9w0baqefaascbkywggsiageaaoibaqdfo8xuu": 110, "mileston": [29, 45, 54, 97, 176, 179, 181], "milestones_url": 45, "million": [56, 183], "millisecond": [35, 42, 59, 84, 105, 126, 134, 180, 181], "milliseond": 97, "mime": [40, 41, 90, 171], "mime_cont": 40, "mime_typ": 106, "mimetyp": 185, "min": [47, 76, 97, 101, 103, 146, 184], "min_id": 97, "min_scor": 34, "min_supported_agent_vers": 23, "min_supported_os_vers": 23, "mind": [20, 71, 85], "mindat": 165, "mine": [42, 97, 151], "minim": 177, "minimum": [7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 43, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 67, 68, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 138, 139, 140, 142, 144, 145, 146, 149, 150, 151, 152, 153, 165, 166], "minimum_prob": 95, "minimum_sever": 144, "minimumcompatiblevers": 18, "minor": [20, 41, 58, 79, 135, 139, 167], "minor_vers": 32, "minorvers": 116, "minu": 54, "minut": [14, 22, 34, 35, 42, 48, 63, 72, 73, 77, 79, 89, 98, 99, 102, 105, 106, 107, 112, 113, 114, 115, 116, 123, 134, 136, 140, 141, 144, 146, 150, 166], "miquelon": 135, "mirror_url": 45, "misconfigur": 48, "misfire_grace_tim": 113, "misidentifi": 114, "mislead": 69, "misp": [71, 154], "misp_analysis_level": 80, "misp_attribut": 80, "misp_attribute_typ": 80, "misp_attribute_valu": 80, "misp_distribut": 80, "misp_ev": 80, "misp_event_id": 80, "misp_event_nam": 80, "misp_kei": 80, "misp_sight": 80, "misp_tag_nam": 80, "misp_tag_typ": 80, "misp_threat_level": 80, "misp_typ": 80, "misp_url": [80, 171], "miss": [1, 23, 42, 45, 84, 86, 87, 101, 116, 181], "mission_crit": 144, "mit": [176, 177, 178, 179, 180, 181, 182], "mitchellkrogza": 12, "miti": 81, "mitig": [36, 81, 105, 114, 115, 116, 118, 184], "mitigatedpreempt": 115, "mitigation_text": 81, "mitigationmod": 115, "mitigationmodesuspici": 115, "mitigationstatu": 115, "mitigationstatusdescript": 115, "mitr": [42, 77, 80, 101, 115, 154], "mitre_attack_group": 81, "mitre_attack_of_incid": [81, 184], "mitre_attack_softwar": 81, "mitre_attack_techniqu": [81, 184], "mitre_get_groups_using_all_techniqu": 81, "mitre_get_groups_using_techniqu": 81, "mitre_get_software_for_a_techniqu": 81, "mitre_get_tactic_inform": 81, "mitre_get_technique_inform": 81, "mitre_group": 81, "mitre_mitig": 81, "mitre_result": 102, "mitre_softwar": 81, "mitre_tact": [42, 81, 102, 184], "mitre_tactic_id": [81, 102, 184], "mitre_tactic_nam": [81, 101, 184], "mitre_tactid_id": 184, "mitre_tactid_nam": 184, "mitre_techniqu": [42, 77, 81, 102, 184], "mitre_technique_id": [81, 102], "mitre_technique_mitigation_onli": 81, "mitre_technique_nam": 81, "mitre_technique_task": 81, "mitretechniqu": 77, "mix": 63, "mixedcontenttyp": 185, "mk_note": 77, "mk_str": 109, "mkavanagh": 98, "mkd": 135, "mkdir": [69, 190], "mkivqoqexxpt1wd9vo9vi6uvbv1ts7o4y44vfdw1": 185, "mkleehamm": 180, "ml": [69, 70, 145], "ml_predict": 69, "mli": 135, "mlid": 34, "mlos2": 73, "mlt": 135, "mlverdict": 71, "mm": [32, 35, 69, 80, 103, 113], "mmb29m": 68, "mmole": 98, "mmr": 135, "mn": 145, "mn2pr15mb2877": 90, "mne": 135, "mng": 135, "mnp": 135, "mobil": [36, 68, 131, 142, 146, 155], "mobileiron": 42, "mobilephon": [112, 116], "mobisav": 77, "mock_data": 86, "mod": 42, "mod_tim": 42, "modal": 120, "mode": [4, 8, 13, 14, 23, 25, 27, 33, 42, 43, 72, 77, 81, 82, 84, 96, 104, 109, 116, 138, 149, 153, 155, 157, 160], "model": [18, 20, 42, 68, 97, 116, 131, 145, 177], "model_breaches_dt": 34, "model_dir": 69, "model_overrid": 42, "model_path": 70, "modelbreach": 34, "modelnam": [34, 115], "modelvers": 71, "modif": [42, 56, 63, 66, 86, 87, 88, 102, 103, 123, 128, 166], "modifi": [4, 9, 10, 11, 15, 17, 20, 28, 32, 33, 34, 36, 37, 42, 45, 48, 51, 56, 60, 63, 67, 69, 71, 77, 79, 86, 87, 89, 94, 96, 99, 100, 101, 102, 105, 106, 107, 110, 112, 114, 118, 122, 127, 130, 139, 141, 144, 148, 150, 159, 166, 178, 181, 182, 184, 186, 187, 188, 189, 190], "modificationd": 102, "modificationtimeunixtimeinm": 123, "modified_timestamp": 32, "modifiedd": [56, 183], "modify_d": [59, 126], "modify_princip": [59, 126], "modify_schedule_typ": 113, "modify_schedule_type_valu": 113, "modify_scheduler_typ": 113, "modify_scheduler_type_valu": 113, "modify_us": [59, 126], "modifyvolum": 14, "modul": [11, 26, 29, 77, 105, 106, 112, 115, 118, 120, 134, 144, 155, 158], "module_act": 18, "module_arg": 10, "module_nam": 18, "module_result": 10, "modulenotfounderror": 29, "modulu": [142, 186], "moldova": 135, "mon": [90, 103], "monaco": 135, "mongolia": 135, "mongolian": 145, "monitor": [4, 14, 48, 71, 82, 106, 144, 150, 184], "monitorapp": [142, 186], "montenegro": 135, "month": [35, 166], "monthli": 116, "montserrat": 135, "moor": 90, "more": [4, 8, 10, 14, 15, 17, 23, 24, 26, 29, 32, 33, 34, 36, 40, 48, 52, 55, 57, 58, 63, 66, 67, 69, 70, 71, 75, 77, 83, 84, 85, 86, 87, 88, 89, 90, 98, 101, 102, 103, 104, 105, 106, 110, 112, 113, 114, 116, 117, 118, 120, 122, 126, 128, 131, 132, 133, 134, 135, 137, 139, 144, 145, 146, 152, 155, 157, 158, 168, 170, 174, 175, 181, 182, 183, 184, 186, 189], "morocco": 135, "most": [1, 4, 7, 29, 42, 55, 71, 75, 76, 84, 97, 110, 116, 120, 134, 150, 177, 180], "most_recent_report": 7, "mostli": [84, 131], "mount": [4, 133], "mountain": [12, 38, 61], "mountpoint": 53, "move": [12, 29, 34, 48, 78, 99, 103, 110, 181, 190], "move_to_group": 23, "movement": [42, 77], "moz": 135, "mozambiqu": 135, "mozilla": [71, 93, 185], "mr": [112, 145], "mrhmxxxxxxxxxxmnji53": 146, "mrt": 135, "ms_channel_id": 131, "ms_channel_nam": 131, "ms_descript": 131, "ms_exchange_ssrf_rc": 42, "ms_group_id": 131, "ms_group_mail_nicknam": 131, "ms_group_nam": 131, "ms_groupteam_id": 131, "ms_groupteam_nam": 131, "ms_message_id": 131, "ms_owners_list": 131, "ms_sentinel_label": 79, "ms_team_nam": 131, "msal": [77, 131], "mscherfl": 14, "mscore": 71, "msdownload": 107, "msdtc": 107, "msf_cert": 42, "msft_dscmetaconfigur": 18, "msft_dscmetaconfiguration1ref": 18, "msft_webdownloadmanag": 18, "msft_webdownloadmanager1ref": 18, "msft_webreportmanag": 18, "msft_webreportmanager1ref": 18, "msft_webresourcemanag": 18, "msft_webresourcemanager1ref": 18, "msg": [10, 14, 34, 59, 77, 88, 96, 97, 107, 113, 126, 142, 188], "msg_alert_detail": 78, "msg_attach": 135, "msg_bodi": [16, 40, 135, 136], "msg_hdr": 135, "msg_id": [87, 135], "msg_list": 96, "msg_polling_interv": 78, "msg_subject": 40, "msi": 116, "msmpeng": 107, "msr": 135, "msrpc_admin_access_check": 42, "msrpc_alias_member_enum": 42, "msrpc_domain_controller_enumer": 42, "msrpc_group_member_enum": 42, "msrpc_loggedon_user_enum": 42, "msrpc_netsession_enum": 42, "msrpc_network_share_enum": 42, "msrpc_rdp_session_enum": 42, "msrpc_registry_enumeration_via_winreg": 42, "msrpc_scheduled_task_via_atsvc": 42, "msrpc_scheduled_task_via_itaskschedulerservic": 42, "mssp": [87, 103], "mt": 145, "mthjtq4elbp": 73, "mtid": [30, 146], "mtp_classif": 79, "mtq": 135, "mu": 135, "much": [126, 177], "mule": 135, "mule_account": 135, "mulitpl": 67, "multi": [15, 35, 41, 59, 77, 79, 83, 86, 88, 112, 126, 181, 189], "multi_select": 35, "multicast": [71, 116], "multidomain": 66, "multipl": [5, 23, 37, 40, 41, 42, 48, 54, 65, 66, 71, 79, 80, 83, 86, 88, 103, 105, 106, 107, 110, 117, 118, 128, 131, 137, 145, 157, 177, 178, 179, 180, 182, 188, 189], "multiple_email_error": 42, "multiple_ftp_error": 42, "multiple_kerberos_auth_error": 42, "multiple_ldap_auth_error": 42, "multiple_smb_cifs_error": 42, "multiplemessag": 157, "multipli": [97, 110, 165], "multiselect": [35, 41, 46, 77], "murine1": 89, "music": 84, "must": [4, 10, 14, 15, 16, 17, 18, 20, 24, 29, 32, 33, 35, 36, 37, 38, 40, 41, 42, 46, 47, 48, 52, 55, 57, 63, 66, 73, 75, 76, 84, 86, 87, 88, 102, 106, 109, 110, 112, 113, 116, 118, 119, 120, 124, 128, 131, 133, 134, 135, 136, 140, 143, 144, 146, 153, 155, 161, 170, 178, 180, 181, 182, 188, 190], "mutabl": 151, "mute": 48, "mute_initi": 48, "mutex": [128, 171], "mutual": [110, 155], "mwg": 76, "mwg_trust_level": 76, "mwi": 135, "mx": [12, 82, 142], "mxtbwhob7aoowbhvvrw8hva6m1g": 97, "mxtoolbox": 154, "my": [7, 17, 18, 21, 23, 24, 30, 32, 34, 37, 50, 58, 63, 65, 71, 73, 77, 84, 87, 89, 90, 91, 97, 100, 110, 112, 115, 116, 118, 121, 126, 129, 135, 144, 145, 152, 183], "my_custom_field": 20, "my_domain_nam": 112, "my_domain_url": 112, "my_logstor": 38, "my_snow_column_nam": 118, "my_sqlite_fe": 180, "my_url": 57, "myanmar": 135, "myapphost": 144, "myaxoniu": 17, "mydatabas": 86, "mydomain": [101, 158], "myfqdn": 24, "myhost": [14, 15, 42, 48, 101, 115, 116, 118, 144], "mylaptop": [17, 106], "mylaptopl": 17, "mylastnam": 112, "myorg": [105, 144, 182], "mypass": 158, "mypassword": [19, 86], "myriad": 140, "mys3group": 15, "myscript": 84, "myservic": 155, "mysit": 115, "mysoar": 129, "mysql": [86, 177, 180], "mysql_fe": 180, "mysupport": [10, 12, 14, 15, 17, 18, 20, 23, 28, 34, 40, 41, 42, 48, 58, 63, 68, 73, 74, 75, 76, 77, 78, 79, 81, 84, 90, 98, 101, 102, 105, 106, 107, 109, 112, 113, 115, 116, 124, 125, 129, 135, 144, 150, 151, 153], "myt": 135, "myuser": 158, "myusernam": [86, 92], "n": [9, 10, 12, 14, 15, 16, 18, 24, 30, 33, 34, 35, 36, 37, 40, 41, 42, 43, 45, 54, 59, 62, 63, 65, 66, 68, 73, 76, 77, 78, 79, 80, 83, 84, 85, 87, 88, 89, 90, 95, 97, 98, 101, 102, 103, 107, 110, 112, 115, 116, 118, 119, 123, 124, 126, 129, 131, 135, 142, 145, 146, 148, 149, 151, 157, 165, 186, 189, 190], "n02": 84, "n05": 84, "n07": 84, "n08": 84, "n0obryntfk3odjsj5a7ax": 84, "n11": 84, "n1gwp3bejsnktswcmc4fc8amoetalmgaaayyvhnn6aaaeawbhmeucias3": 84, "n2": 78, "n27709": 148, "n5kgh4cp3n3": 116, "n8zgyexq83sdqlfiruytdktmkhiwuegr7qvxfxkf": 97, "nOS": 107, "na": [12, 17, 20, 115, 144, 186], "naaggl4ttzqaabamarjbeaibswmmk4qfredfn3uoa": 84, "naction": [34, 77], "nadd": 151, "nadmin": 186, "nageambmga1udjqqmmaogccsgaqufbwmbmawga1udeweb": 84, "nagio": 89, "nagios_inbound_integration_refer": 89, "naicscod": 112, "naicsdesc": 112, "nalert": 77, "nalso": 79, "naltern": 78, "nam": 135, "name": [1, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 16, 21, 22, 26, 27, 28, 30, 31, 33, 38, 45, 46, 47, 49, 50, 51, 52, 53, 56, 57, 59, 60, 61, 62, 64, 65, 67, 69, 71, 74, 75, 78, 80, 82, 83, 84, 85, 88, 89, 90, 91, 92, 93, 94, 96, 99, 100, 104, 110, 112, 114, 117, 119, 120, 121, 122, 125, 126, 127, 129, 130, 131, 134, 136, 137, 138, 139, 141, 142, 143, 145, 146, 147, 148, 149, 151, 152, 154, 155, 157, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 188, 189, 190], "name_filt": 153, "name_of_artifact": 58, "name_of_cloud_funct": 47, "name_of_consumer_key_in_jira_ui": 63, "name_serv": 147, "named_tim": 89, "nameinternation": 129, "namelist": 126, "namespac": [38, 48, 103, 115], "namespacelabel": 115, "namibia": 135, "namor": 151, "namprd08": 41, "namvjdc5uzxquy26ceyouyw1wchjvamvjdc5uzxquy26cf2dvb2dszs1hbmfsexrp": 84, "nan": [107, 150], "nanaconda": [83, 84], "nand": 186, "nano": [9, 11, 28, 51, 54, 94, 99, 100, 122, 127, 130, 139, 141, 143, 159], "nare": 186, "narrow": 23, "nartifact": 77, "nassign": 77, "natdestinationaddress": 78, "natdestinationport": 78, "nation": 37, "nativ": [42, 106, 180, 182], "nativetyp": 150, "natsourceaddress": 78, "natsourceport": 78, "natur": [12, 17, 24, 45, 70, 78, 90, 115, 129, 144, 166, 187], "nauru": 135, "nauthor": 110, "nautomationaccountnam": 18, "nav_to": 118, "navig": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 139, 140, 142, 143, 144, 145, 146, 150, 151, 152, 153, 166, 178, 181, 183, 185, 186, 187, 188, 189, 190], "nawnhdglvbi1jbi5jb22cfmfwcc1tzwfzdxjlbwvudc1jbi5jb22cgcouyxbwlw1l": 84, "nawnrlmnughqqlmzscy5kb3vibgvjbgljay5jboiski5nlmrvdwjszwnsawnrlmnu": 84, "nb": [45, 145], "nb22cbxl0lmjlggcqlnl0lmjlghphbmryb2lklmnsawvudhmuz29vz2xllmnvbyib": 84, "nb29nbguuy29tghgqlmrhdgfjb21wdxrllmdvb2dszs5jb22ccyouz29vz2xllmnh": 84, "nb29nbgvhchbzlwnulmnvbyimz2tly25hchbzlmnugg4qlmdrzwnuyxbwcy5jboi": 84, "nb2tpzs5jb22ccyouexrpbwcuy29tggthbmryb2lklmnvbyinki5hbmryb2lklmnv": 84, "nbcc": 87, "nbguuaxsccyouz29vz2xllm5sggsqlmdvb2dszs5wbiilki5nb29nbguuchscei": 84, "nbgzngqwbagewdaykkwybbahweqifaza8bgnvhr8entazmdggl6athitodhrwoi8v": 84, "nbill": 186, "nbodi": [40, 90], "nbreach": 56, "nbsp": 101, "nbt": 42, "nbt_ns_poison": 42, "nbtstat": 163, "nbxicdyouz29vz2xllmnvbs50coipki5nb29nbguuy29tlnzuggsqlmdvb2dszs5k": 84, "nby9jzxj0cy9ndhmxyzmuzgvymiijzqydvr0rbiijxdccccccdcouz29vz2xllmnv": 84, "nbyinki55b3v0dwjllmnvbyiuew91dhvizwvkdwnhdglvbi5jb22cfiouew91dhvi": 84, "nbyitki5mbgfzac5hbmryb2lklmnvbyiezy5jboigki5nlmnuggrnlmnvggyqlmcu": 84, "nbyiwki5hchblbmdpbmuuz29vz2xllmnvbyijki5izg4uzgv2ghuqlm9yawdpbi10": 84, "nc": [45, 55, 148], "nc2fuzgjvec1jbi5jb22cdsouz3n0yxrpyy5jb22cfcoubwv0cmljlmdzdgf0awmu": 84, "ncc": 87, "ncgtplmdvb2cvz3rzmwmzmdegccsgaqufbzachivodhrwoi8vcgtplmdvb2cvcmvw": 84, "nchmuy26cesouz29vz2xly25hchbzlmnughfnb29nbgvhchbzlwnulmnvbyitki5n": 84, "ncl": 135, "nclassif": 77, "nclose": 20, "ncnzpy2vzlwnulmnvbyizki5nb29nbgvhzhnlcnzpy2vzlwnulmnvbyirz29vz2xl": 84, "ncomment": [76, 77], "ncommerci": 186, "nconsequ": 34, "ncontact": 186, "ncpu": 107, "ncreat": [63, 142], "ncreation": 186, "ncreationtim": 18, "ncve": 33, "ncy1jbi5jb22cggdvb2dszxrhz3nlcnzpy2vzlwnulmnvbyiaki5nb29nbgv0ywdz": 84, "ndata": 35, "nddity24uy29tgg0qlmd2ddity24uy29tggsybwrulwnulm5ldiinki4ybwrulwnu": 84, "ndescrib": 151, "ndescript": 18, "ndetermin": 77, "ndhjhdmvsywrzzxj2awnlcy1jbi5jb22chyouz29vz2xldhjhdmvsywrzzxj2awnl": 84, "ndmfkcy1jbi5jb22ceyouz29vz2xldmfkcy1jbi5jb22cewdvb2dszwfwaxmty24u": 84, "ndnssec": [142, 186], "ndocument": 186, "ndomain": [107, 142, 186], "ndownload": 116, "ndx": 97, "ndyouz29vz2xllmnvbs5icoipki5nb29nbguuy29tlmnvgg8qlmdvb2dszs5jb20u": 84, "ne": [45, 78, 145], "nearest": 69, "neatli": [40, 48], "neccessari": 135, "necessari": [1, 10, 20, 29, 34, 39, 42, 48, 58, 60, 63, 77, 78, 79, 89, 96, 97, 100, 105, 106, 110, 112, 113, 114, 122, 123, 127, 129, 131, 132, 133, 139, 141, 144, 150, 166, 178, 179, 180, 181, 182, 184, 186, 190], "necessit": 110, "need": [1, 2, 4, 7, 8, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 29, 30, 31, 32, 34, 35, 37, 38, 40, 41, 42, 45, 46, 47, 48, 50, 52, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 109, 110, 112, 113, 114, 115, 116, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 138, 139, 140, 141, 142, 144, 145, 146, 147, 150, 151, 152, 153, 155, 156, 157, 166, 167, 172, 174, 177, 178, 180, 181, 182, 187, 188, 189, 190], "needsattentionccs_set": 20, "neg": 159, "negat": 102, "negative_pr_lik": [59, 69, 126], "negoti": 42, "neighbor": 69, "neighbor_influ": 71, "neither": [71, 189], "nelectron": 186, "nenabl": 186, "nendpoint": 107, "nenviron": 18, "nepal": 135, "nepali": 145, "neqieagsb9asb8qdvahua6d7q2j71bjuy51covilryqpty9era": 84, "ner": 135, "nerror": 80, "nest": [12, 17, 24, 35, 45, 52, 63, 71, 78, 90, 110, 115, 129, 144, 165, 187], "net": [12, 13, 18, 28, 63, 87, 93, 95, 101, 105, 115, 127, 142, 144, 147, 148, 153, 171, 172, 174], "net2": 148, "netaddress": 73, "netbasx": 98, "netbios_nam": 42, "netbios_protect": 116, "netbiosnam": 78, "netcraft": [142, 186], "netdevic": 83, "netdevice1": 83, "netdevice_config_cmd": 83, "netdevice_id": 83, "netdevice_send_cmd": 83, "netdevice_use_textfsm": 83, "netflix": 62, "netherland": [20, 135], "netmask": 88, "netmiko": 154, "netscreen": 116, "netwit": 154, "network": [13, 18, 23, 34, 42, 47, 78, 80, 83, 90, 101, 102, 104, 105, 106, 107, 116, 120, 128, 142, 144, 145, 148, 154, 163, 165, 184, 186, 189], "network_address": 23, "network_ev": 58, "network_info": 23, "network_interfac": 17, "network_object": 24, "network_object_descript": 24, "network_object_group": 24, "network_object_kind": 24, "network_object_nam": 24, "network_object_row": 24, "network_object_valu": 24, "network_privilege_escal": 42, "network_trafficfromunrecommendedip": 78, "network_utilities_domain_list": 84, "network_utilities_domain_nam": 84, "network_utilities_https_url": 84, "network_utilities_remote_comput": 84, "network_utilities_resilient_url": 84, "network_utilities_send_sudo_password": 84, "network_utilities_shell_command": 84, "network_utilities_shell_commandshell_command": 84, "network_utilities_shell_param": 84, "networkconnect": 78, "networkinterfac": 115, "networkobj": 24, "networkobject": 24, "networkquarantineen": 115, "networkstatu": 115, "neural": 145, "neutral": [98, 150], "nevi": 135, "new": [3, 9, 14, 15, 16, 17, 18, 19, 20, 22, 23, 26, 28, 29, 32, 34, 35, 36, 37, 41, 42, 45, 46, 48, 49, 52, 54, 63, 65, 66, 68, 72, 73, 74, 75, 76, 78, 79, 84, 86, 87, 88, 89, 98, 101, 102, 103, 105, 106, 107, 108, 109, 112, 113, 115, 116, 117, 118, 119, 120, 123, 124, 126, 128, 129, 130, 135, 136, 141, 144, 148, 150, 153, 156, 166, 167, 175, 176, 178, 179, 180, 181, 182, 183, 184, 186, 187, 188, 189], "new_adws_act": 42, "new_artifact_count": 101, "new_case_own": 135, "new_case_titl": 135, "new_device_ind": 135, "new_dhcp_act": 42, "new_doh_act": 42, "new_external_connect": 42, "new_external_db_connect": 42, "new_external_iiop_connect": 42, "new_external_ldap_connect": 42, "new_external_nfs_connect": 42, "new_external_rdp_connect": 42, "new_external_rmi_connect": 42, "new_external_ssh_connect": 42, "new_external_telnet_connect": 42, "new_external_vnc_connect": 42, "new_incident_filt": [77, 79], "new_iot_connect": 42, "new_local_dns_serv": 42, "new_message_id": 41, "new_not": [108, 129], "new_playbook_nam": 118, "new_row": [32, 102], "new_smb_cifs_file_transf": 42, "new_statu": 150, "new_telnet_act": 42, "new_text": 17, "new_tupl": 97, "new_valu": 63, "new_web_link": 41, "new_york": [31, 63, 113], "new_zealand_risk_assess": 126, "newalert": 78, "newer": [10, 14, 24, 32, 35, 41, 42, 65, 66, 73, 77, 80, 87, 88, 89, 90, 98, 102, 103, 107, 113, 117, 120, 124, 128, 131, 142, 151, 170, 181], "newest": 40, "newev": 102, "newincidentown": [135, 189], "newli": [69, 71, 106, 110, 150, 177, 181, 188, 189], "newlin": [42, 45], "newreporterinfo": 135, "newreput": 76, "newrow": [14, 15, 19, 23, 42, 116, 153], "newslett": 151, "newus": [120, 190], "newvalu": 123, "nexampl": 98, "nexist": 186, "nexpir": [73, 77], "next": [4, 17, 23, 29, 32, 48, 63, 85, 86, 102, 113, 114, 115], "next_run_tim": 113, "next_step": 48, "nextcursor": 115, "nextrun": 18, "nextrunoffsetminut": 18, "nf": [42, 45], "nfa": 15, "nfail": 73, "nfdrgztolsrvak9gbpxmagiek8vqgmb8ga1udiwqymbaafip0f6": 84, "nfigur": 36, "nfile": [76, 77], "nfk": 135, "nfkdnb59pocxtehvyo616rj": 97, "nfl04q0d": 84, "nfm": 23, "nfor": 186, "nfpnxnr0nmgogccsgaqufbwebbf4wxdanbggrbgefbqcwayybahr0cdovl29jc3au": 84, "nfrom": 90, "nfs_file_access_failur": 42, "nfyouz29vz2xlb3b0aw1pemuty24uy29tghjkb3vibgvjbgljay1jbi5uzxscfc": 84, "ng": [28, 65], "nga": 135, "nggp1cmnoaw4uy29tggwqlnvyy2hpbi5jb22cchlvdxr1lmjlggt5b3v0dwjllmnv": 84, "nggsqlmdvb2dszs5jbiioki5nb29nbguuy28uaw6cdiouz29vz2xllmnvlmpwgg4q": 84, "nghfhbxbwcm9qzwn0lm9yzy5jboitki5hbxbwcm9qzwn0lm9yzy5jboiryw1wchjv": 84, "nghfkyxj0c2vhcmnolwnulm5ldiitki5kyxj0c2vhcmnolwnulm5ldiidz29vz2xl": 84, "nghiqlnjly2fwdgnoys1jbi5uzxscc3dpzgv2aw5llmnugg0qlndpzgv2aw5llmnu": 84, "ngive": 151, "ngroup": 151, "nguarante": 186, "nhash": 76, "nheader": 90, "nhello": [40, 79], "nhkjopqmbbwncaatt1q07surf52v6u8asj0jpgiwyerlwd36wunuhzdu8mcantreo": 84, "ni": 23, "nibm": [42, 107], "nic": [135, 186], "nicaragua": 135, "nice": 48, "nicknam": [21, 131], "nif": [79, 87], "nigel": 98, "niger": 135, "nigeria": 135, "night": 113, "nin": 36, "nindic": [77, 151], "ninput": 97, "nioc": 71, "nir": 148, "nissrv": 107, "nist": [48, 131], "nist_attack_vector": [59, 126, 131], "niu": 135, "niue": 135, "nj5yevonypzxlebcfforybvikcnsckbwledotwu85ucgczixvlswisy2yxfndmmoo9cyhetemc5tqswc3": 97, "njl7fvcmz": 97, "njobcount": 18, "njson": 149, "nk": 84, "nkey2": 166, "nki5ny3auz3z0mi5jb22cecoudxjslmdvb2dszs5jb22cfiouew91dhvizs1ub2nv": 84, "nksycd0q1hai8xiroac1hkaik4s64fcat0emod0bwpadk78grbbkocg4q3nvgn5": 97, "nl": 145, "nlastmodifiedbi": 18, "nlastmodifiedtim": 18, "nld": 135, "nli": 90, "nlm5ldiiuz29vz2xlzmxpz2h0cy1jbi5uzxscfiouz29vz2xlzmxpz2h0cy1jbi5u": 84, "nlmdvb2dszs5jby51a4ipki5nb29nbguuy29tlmfygg8qlmdvb2dszs5jb20uyxwc": 84, "nlmnvbyimki5nc3rhdgljlmnughaqlmdzdgf0awmty24uy29tgg9nb29nbgvjbmfw": 84, "nlmnvbyiuki5nb29nbgvjb21tzxjjzs5jb22ccgdncgh0lmnuggoqlmdncgh0lmnu": 84, "nlocat": 18, "nlogprogress": 18, "nlogverbos": 18, "nltk": 70, "nltkdownload": 70, "nmachin": 77, "nmdqzndi5wjaxmruwewydvqqddawqlmdvb2dszs5jb20wwtatbgcqhkjopqibbggq": 84, "nmember": 126, "nmiid": 15, "nmiioozccdsogawibagiraotkts1t8xblemgt": 84, "nmqigzp8jeedbzesopeaauuhych4tisuh5jxybbivv": 84, "nn": [145, 185], "nname": [18, 142, 186], "nnc": 148, "nnjykd7upn3": 116, "nnnn": 148, "nno": 10, "nnone": [12, 17, 24, 40, 45, 78, 90, 107, 115, 129, 144], "nnote": 129, "nnoth": 77, "nnuic": 97, "no_action_taken": 42, "no_reason": 144, "no_such_ent": 15, "no_such_entity_cert": 15, "no_such_entity_cr": 15, "no_such_entity_group": 15, "no_such_entity_kei": 15, "no_such_entity_mfa": 15, "no_such_entity_polici": 15, "noah": 151, "noc": 142, "nocooki": 95, "nocss": 105, "node": [42, 88, 101, 104, 105, 115, 184], "node_id": [18, 42, 45], "node_report": 18, "nodenam": 73, "nodetextpath2": 73, "nodetyp": 34, "nofil": 190, "nogui": 107, "nois": 51, "non": [17, 42, 97, 101, 103, 106, 112, 115, 123, 131, 135, 140, 177, 181, 185, 189], "non_compli": 116, "non_null_item": 17, "non_pe_rul": 116, "non_toxic_count": 101, "nonc": 79, "none": [8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 32, 34, 35, 37, 38, 40, 41, 42, 45, 46, 47, 48, 49, 52, 54, 55, 56, 57, 58, 59, 62, 63, 64, 66, 68, 69, 71, 73, 75, 76, 77, 78, 79, 81, 83, 85, 87, 88, 89, 90, 91, 94, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 138, 140, 142, 144, 146, 148, 149, 150, 151, 152, 153, 157, 159, 165, 171, 181, 184, 185, 186, 187, 189, 190], "noneditablereason": 63, "nonetheless": 110, "nonroot": 37, "nonzero": 84, "noopen": [56, 116, 183], "nor": 135, "norcross": 40, "norepli": 101, "norfolk": 135, "norganis": 142, "normal": [32, 34, 41, 52, 59, 77, 87, 112, 118, 131, 135, 144, 188], "normalis": 58, "nortel": 116, "north": 12, "northern": [7, 135], "norwai": 135, "norwegian": 145, "noshad": 87, "nosuchent": 15, "not_aft": [142, 186], "not_applic": [106, 115], "not_assess": 144, "not_befor": [142, 186], "not_begins_with": 105, "not_contain": [79, 102, 105, 106, 107, 112, 115, 118, 123, 144, 150], "not_contained_bi": 105, "not_deleted_list": 41, "not_en": 23, "not_ends_with": 105, "not_equ": [14, 15, 18, 105, 115], "not_found": 87, "not_has_a_valu": [80, 112, 118], "not_has_kei": 105, "not_icontain": 105, "not_in": 105, "not_isol": 23, "not_mitig": 115, "not_support": 115, "not_suspici": 143, "notabl": 98, "notable_event_statu": 128, "notaft": 90, "notapplic": 115, "notavail": 77, "notbefor": 90, "note": [0, 4, 29, 32, 33, 37, 39, 43, 44, 47, 49, 53, 55, 61, 69, 119, 120, 130, 136, 137, 147, 154, 157, 160, 166, 168, 176, 178, 179, 181, 183, 184, 185, 186, 187, 188, 189, 190], "note_data": [90, 105], "note_err_text": 98, "note_id": 178, "note_info": 77, "note_json_format": 144, "note_obj": 42, "note_str": 101, "note_test": 17, "note_text": [14, 15, 17, 21, 32, 35, 37, 42, 46, 48, 53, 59, 83, 84, 90, 102, 103, 106, 112, 116, 118, 126, 129, 136, 144, 153, 190], "note_text_artifact": 37, "note_text_attach": 37, "note_text_end": 37, "note_text_start": 37, "note_top": 179, "notebook": 131, "notes_count": [59, 126], "notes_cr": 115, "notes_result": 150, "notes_str": 54, "notes_sync": 108, "notetext": [19, 20, 23, 27, 38, 40, 49, 58, 61, 66, 68, 75, 87, 90, 92, 95, 98, 109, 115, 116, 118, 124, 129, 137, 143, 147, 151], "notetyp": 146, "notflag": 41, "notfound": 24, "noth": [120, 140, 161], "notic": [10, 14, 24, 35, 41, 42, 65, 66, 73, 77, 80, 87, 88, 89, 90, 98, 102, 103, 107, 113, 117, 118, 124, 128, 131, 134, 142, 148, 151, 183], "notif": [42, 45, 110, 116], "notifi": [68, 84, 87, 97, 102, 131, 160], "notificationbodi": 77, "notificationid": 77, "notifications_url": 45, "notifyseverityoverrid": 102, "noutput": 186, "nov": [44, 103, 113], "noverview": 151, "now": [4, 9, 12, 17, 18, 20, 21, 24, 32, 34, 35, 36, 37, 40, 46, 50, 54, 56, 58, 63, 77, 78, 79, 80, 90, 95, 98, 101, 102, 103, 105, 106, 107, 110, 115, 116, 117, 118, 120, 123, 124, 128, 131, 134, 135, 137, 144, 146, 150, 155, 176, 178, 179, 180, 182, 190], "nparamet": [10, 18], "npeopl": 151, "npl": 135, "npleas": 186, "nproduct": 33, "nprotect": 151, "npwd": 83, "nqj3maz06wksoip5ol6q0jyth11c60kakaiea38nxuv9irb6fmwn2fqlla4dumnso": 84, "nqueri": 107, "nreaqta": 107, "nreason": [77, 116, 119], "nrecommend": 151, "nrefer": 151, "nregistr": 186, "nregistrar": [142, 186], "nregistri": [142, 186], "nreput": 76, "nresearch": 148, "nreserv": 186, "nresolut": 63, "nresourcegroupnam": 18, "nresult": [10, 83], "nrjelmakga1uebhmcvvmxijagbgnvbaotgudvb2dszsbucnvzdcbtzxj2awnlcybm": 84, "nrow": 35, "nru": 135, "nrunbooktyp": 18, "ns1": [12, 147, 186], "ns2": [12, 186], "ns3": [12, 186], "ns4": [12, 186], "nsever": 77, "nshare": 151, "nslookup": [84, 190], "nsourc": 142, "nspm": 90, "nstandard": 84, "nstart": 77, "nstate": 18, "nstatu": [77, 116], "nstaxx": 9, "nsubject": 90, "nsuccess": 84, "nsuch": 34, "nsuspici": 42, "nsx_distributed_firewall_polici": 144, "nsx_enabl": 144, "nsync": 118, "nt": [34, 107, 129, 144, 185], "ntag": 18, "ntech": 186, "ntemxezarbgnvbamtckduuybdqsaxqzmwhhcnmjmwmja4mdqzndmwwhcnmjmwntaz": 84, "ntest": [41, 84], "nthat": 186, "nthi": [34, 77], "ntitl": 77, "ntkxioisqwfcukytlih9rm0q2jfkhgwzvltn1a03qiijcoiykmiqrt1g1p6hthr3hss0rlxabbuuo4muorhvpragiwsd7hou5ui0u6uw": 97, "ntlm": [34, 42, 66, 84, 141, 158], "ntlm_relai": 42, "ntlmv1": 42, "ntlmv1_authent": 42, "nto": [79, 90], "ntop": 97, "ntp": 116, "ntr": 116, "ntype": 77, "nu": 36, "null": [7, 10, 12, 14, 17, 18, 19, 20, 23, 24, 27, 34, 35, 37, 38, 40, 41, 42, 45, 48, 50, 58, 59, 63, 64, 65, 66, 71, 73, 75, 77, 78, 79, 80, 84, 85, 86, 87, 88, 89, 90, 91, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 119, 121, 123, 125, 126, 128, 129, 131, 134, 135, 136, 144, 146, 148, 150, 151, 152, 157, 165, 183, 184], "null_group": 15, "num": [36, 157], "num_aggreg": 144, "num_artifact": [129, 144, 177], "num_asset": 17, "num_avail": 144, "num_complet": 144, "num_data_gath": 103, "num_featur": 70, "num_found": 144, "num_observ": 144, "num_of_casefil": 151, "num_of_each_typ": 36, "num_of_result": 58, "num_proc": 37, "num_report": 98, "num_row": 144, "num_rows_upd": 135, "num_tot": 144, "num_typ": [12, 17, 24, 45, 78, 90, 115, 144], "num_work": [102, 134], "number": [1, 3, 5, 7, 9, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 47, 48, 54, 55, 56, 58, 59, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 77, 78, 79, 80, 84, 85, 86, 87, 89, 90, 91, 92, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 137, 142, 143, 144, 146, 148, 150, 159, 164, 165, 166, 177, 180, 181, 183, 185, 186, 189, 190], "number_devices_found": 68, "number_of_el": 103, "number_of_report": 7, "number_of_total_form": 12, "number_of_total_input_field": 12, "numberofattempt": 36, "numberofel": 116, "numberofemploye": 112, "numberoffailedlogin": 112, "numberoflocations__c": 112, "numberofphysicalcomput": 116, "numberofregisteredus": 116, "numberofresourc": 18, "numdistinctus": 7, "numer": [41, 42, 116, 118, 141], "numerous_email": 42, "numofconnectedlowrepapp": 36, "numofcpu": 73, "numpi": [69, 70, 85], "nunit": 148, "nupdat": [142, 186], "nurl": 186, "nvarchar2": 180, "nvendor": 33, "nvrugcpny6": 84, "nw": 185, "nw_log_serv": 111, "nw_log_server_password": 111, "nw_log_server_url": 111, "nw_log_server_us": 111, "nw_log_server_usernam": 111, "nw_log_server_verifi": 111, "nw_packet_serv": 111, "nw_packet_server_password": 111, "nw_packet_server_url": 111, "nw_packet_server_us": 111, "nw_packet_server_usernam": 111, "nw_packet_server_verifi": 111, "nwcitybscnhkglc7c8ho1rla": 84, "nwhoi": 186, "nww": 84, "nx": 110, "ny2": 84, "ny24uy29tghyqlmdvb2dszxnhbmrib3gty24uy29tgh4qlnnhzmvudxauz29vz2xl": 84, "ny29tggoqlmd2ddeuy29tgheqlmdjcgnkbi5ndnqxlmnvbyikki5ndnqylmnvbyio": 84, "ny29tghmqlmdvb2dszwfwaxmty24uy29tghvnb29nbgvvchrpbwl6zs1jbi5jb22c": 84, "ny2hhlm5ldc5jboiski5yzwnhchrjageubmv0lmnughbyzwnhchrjagety24ubmv0": 84, "ny3jscy5wa2kuz29vzy9ndhmxyzmvzlzkegjwlut0bwsuy3jsmiibawykkwybbahw": 84, "ny3mty24uy29tghkqlmdvb2dszs1hbmfsexrpy3mty24uy29tghdnb29nbgvhzhnl": 84, "ny_impact_lik": [59, 126], "nya": 151, "nyc": 14, "nynorsk": 145, "nypo9zvlttttx6luqq7fm9pmxkanbxf3c4g8xo4imhdccdbgwdgydvr0paqh": 84, "nyxn1cmvtzw50lwnulmnvbyilz3z0ms1jbi5jb22cdsouz3z0ms1jbi5jb22cc2d2": 84, "nz": 185, "nz29vz2xlc3luzgljyxrpb24ty24uy29tgiqqlnnhzmvmcmftzs5nb29nbgvzew5k": 84, "nz29vz2xllmnughhzb3vyy2uuyw5kcm9pzc5nb29nbguuy24wiqydvr0gbbowgdai": 84, "nz29vz2xllwfuywx5dgljcy5jb22ccmdvb2dszs5jb22cemdvb2dszwnvbw1lcmnl": 84, "nz29vz2xlywrhcglzlmnvbyipki5nb29nbgvhcglzlmnugheqlmdvb2dszxzpzgvv": 84, "nz29vz2xlzg93bmxvywrzlmnughqqlmdvb2dszwrvd25sb2fkcy5jboiqcmvjyxb0": 84, "nzg91ymxly2xpy2sty24ubmv0ghgqlmzscy5kb3vibgvjbgljay1jbi5uzxscfi": 84, "nzgv2zwxvcgvylmfuzhjvawquz29vz2xllmnughxkzxzlbg9wzxjzlmfuzhjvawqu": 84, "nzl": 135, "nzwvkdwnhdglvbi5jb22cd3lvdxr1ymvrawrzlmnvbyirki55b3v0dwjla2lkcy5j": 84, "nzxj2awnlcy1jbi5jb22cf2dvb2dszxrhz21hbmfnzxity24uy29tghkqlmdvb2d": 84, "nzxn0lmjkbi5kzxaceiouy2xvdwquz29vz2xllmnvbyiyki5jcm93zhnvdxjjzs5n": 84, "nzxrhz21hbmfnzxity24uy29tghhnb29nbgvzew5kawnhdglvbi1jbi5jb22cgi": 84, "nzxscdgfkbw9ilwnulmnvbyioki5hzg1vyi1jbi5jb22cfgdvb2dszxnhbmrib3gt": 84, "nzy5kb3vibgvjbgljay1jbi5uzxscdmrvdwjszwnsawnrlmnughaqlmrvdwjszwn": 84, "nzy8amdhh7zboa0": 84, "nzyilki5nb29nbguuzxoccyouz29vz2xllmzyggsqlmdvb2dszs5odyilki5nb29n": 84, "o": [4, 14, 17, 34, 41, 42, 53, 57, 69, 73, 78, 84, 85, 97, 102, 107, 115, 116, 118, 142, 144, 155, 186], "o3eqg6aaaap": 185, "o9bt872": 116, "oa": 185, "oaa": 18, "oalivacvd": 97, "oasu7xqwqqhmwi": 97, "oauth": [31, 112, 124, 131, 150, 166], "oauth2": [18, 32, 41, 78, 87, 110, 112, 131, 137, 155], "oauth2_generate_refresh_token": [131, 146], "oauth_access_token": [110, 166], "oauth_client_id": [110, 166], "oauth_client_secret": [110, 166], "oauth_cod": [110, 166], "oauth_grant_typ": 110, "oauth_redirect_uri": [110, 166], "oauth_refresh_token": [110, 166], "oauth_scop": [110, 166], "oauth_token_typ": [110, 166], "oauth_token_url": [110, 166], "obdc": 86, "obfusc": [43, 90, 107], "obj": [90, 97], "obj_cnt": 42, "obj_create_d": 126, "obj_creator_id": 126, "obj_id": [126, 176], "obj_list": 97, "obj_nam": 126, "objc_class_prefix": 52, "object": [7, 8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 27, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 47, 48, 49, 50, 52, 53, 54, 56, 57, 58, 59, 61, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 137, 138, 142, 143, 144, 145, 147, 148, 149, 150, 151, 152, 153, 154, 157, 162, 165, 166, 176, 177, 178, 179, 181, 182, 184, 185, 189, 190], "object_ad": [23, 71, 79, 102, 106, 107, 112, 115, 123, 129, 144, 150, 165, 166], "object_dt": 98, "object_id": [24, 42, 73, 80, 97, 98, 113], "object_is_delet": 97, "object_list": 97, "object_nam": [73, 97, 98], "object_not": 73, "object_rel": 80, "object_stat": 97, "object_threat": 98, "object_typ": [42, 97, 98], "object_type_id": 113, "object_valu": 42, "objectcategori": 66, "objectclass": [66, 158], "objectguid": 66, "objectid": [24, 73, 79], "objectnam": 73, "objectnot": 73, "objectsid": 66, "objectslist": 123, "objstm": 90, "obp": 97, "obser": 101, "observ": [9, 34, 36, 41, 77, 98, 140, 150, 151, 152, 175, 184], "observablecount": 36, "observation_descript": 144, "observation_detail_job_result": 144, "observation_id": 144, "observation_typ": 144, "observer": 101, "obtain": [18, 32, 37, 40, 41, 70, 79, 101, 106, 110, 115, 129, 131, 137, 155], "occasion": 87, "occur": [9, 11, 14, 15, 24, 26, 28, 32, 34, 36, 51, 58, 60, 67, 72, 76, 78, 84, 94, 99, 100, 103, 114, 122, 127, 130, 131, 135, 139, 141, 148, 159, 178, 179, 181, 182, 189], "occurr": [14, 126], "occurrenceid": 41, "ocean": 135, "ocn": 131, "ocr": 154, "ocr_artifact_id": 85, "ocr_attachment_id": 85, "ocr_base64": 85, "ocr_confidence_threshold": 85, "ocr_incident_id": 85, "ocr_languag": 85, "ocr_parse_imag": 85, "ocr_parse_image_attach": 85, "ocr_parse_image_base64": 85, "ocr_result": 85, "ocr_task_id": 85, "ocrjh": 157, "ocsp": [142, 186], "oct": [90, 113], "octet": 126, "octob": [56, 183], "od": 88, "odata": [41, 77, 78, 131], "odbc": [97, 154, 177, 190], "odbc_connect": 180, "odbcfe": 181, "odbcinst": 180, "oddiz6akinr2x9ulugmbhynna2neyayxosgl3bj6fwiodl8aqbgyb4uyb9ae2c6hqbpw": 97, "odonnel": 98, "odzmqnqmo7hu1eogmnswqlv": 97, "oeddsh0rpcg": 110, "oej7": 97, "oem": 157, "off": [45, 63, 75, 76, 78, 99, 105, 106, 112, 113, 115, 118, 129, 135, 138, 144], "offend": 42, "offens": [34, 97, 105, 106, 107, 112, 144], "offense_analysis_period": 101, "offense_analysis_timeout": 101, "offense_id": 103, "offense_sourc": 103, "offense_sum": 102, "offense_tim": 102, "offense_typ": 103, "offenseannot": 102, "offenseasset": 102, "offenseid": 102, "offensemap": 102, "offensesourc": 102, "offensesummari": 102, "offensetyp": 102, "offer": [110, 120, 131], "offic": [20, 41, 77, 87, 131, 155], "office16": 77, "office365": [41, 90, 155], "officephon": 116, "offici": [1, 15, 23, 78, 95, 101, 102, 109, 110, 123, 144, 153], "offlin": [40, 116, 123], "offline_access": [18, 110, 131, 155], "offlinepdatrialexpirationd": 112, "offlinetrialexpirationd": 112, "offset": [23, 32, 35, 38, 42, 89, 151], "offsit": 144, "ofphysicalcomput": 116, "often": [42, 74, 85, 87, 105, 107, 126, 190], "ohwgydcj9vkmjolt": 97, "oi": 116, "oidc": 131, "ok": [14, 15, 18, 19, 27, 110, 116, 119, 135, 153, 188, 190], "okai": 188, "old": [32, 42, 52, 80, 95, 186], "old_valu": 63, "oldcopyright": 105, "older": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 140, 142, 144, 145, 146, 150, 151, 152, 153, 157, 165, 181, 189], "oldest": 40, "oldfullpath": 116, "oldpathnam": 116, "oldreput": 76, "oman": 135, "omg": 97, "omgdc": 97, "omgdi": 97, "omi_configurationdocu": 18, "omigod": 42, "omit": [12, 17, 24, 41, 45, 78, 90, 96, 115, 120, 129, 144, 187], "omit_kei": [12, 17, 24, 45, 78, 90, 115, 129, 144], "omn": 135, "omsagentid": 79, "on_watchlist": 42, "ona": 68, "onboard": 77, "onboardingstatu": 77, "onc": [4, 20, 29, 39, 40, 41, 48, 55, 63, 66, 69, 70, 79, 80, 81, 96, 105, 109, 110, 112, 113, 117, 120, 122, 127, 131, 135, 139, 146, 148, 157, 170, 178, 180, 181, 182, 183, 184, 185, 186, 190], "onclick": 116, "oncontextlost": 185, "oncontextrestor": 185, "oncrpc": 42, "ondemand_scan_dis": 144, "one": [1, 10, 15, 17, 33, 34, 36, 37, 40, 41, 45, 48, 49, 52, 53, 56, 61, 63, 65, 66, 67, 68, 69, 73, 77, 79, 80, 82, 84, 85, 86, 87, 88, 92, 95, 96, 101, 102, 103, 104, 105, 106, 107, 110, 112, 114, 116, 120, 124, 127, 128, 129, 131, 134, 135, 137, 144, 146, 147, 151, 155, 166, 174, 176, 177, 178, 179, 180, 181, 182, 184, 188, 189], "onedr": 84, "onenot": 131, "oneperc": 42, "onepercent_ml": 42, "ones": [66, 70, 101, 106, 118, 130], "onetim": 18, "ongo": [10, 14, 24, 35, 41, 42, 65, 66, 73, 77, 80, 87, 88, 89, 90, 98, 102, 103, 107, 113, 117, 124, 128, 131, 142, 151, 181], "ongoing_outli": 55, "onionoo": 104, "onli": [0, 1, 2, 4, 7, 10, 14, 15, 16, 22, 23, 34, 37, 40, 41, 42, 46, 48, 52, 55, 57, 58, 59, 61, 63, 66, 73, 77, 78, 79, 80, 81, 83, 84, 86, 88, 89, 90, 94, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 110, 112, 115, 116, 117, 118, 124, 125, 126, 128, 129, 131, 135, 137, 141, 143, 144, 146, 149, 150, 153, 156, 160, 161, 164, 166, 174, 178, 181, 182, 189, 190], "onlin": [40, 56, 71, 105, 116, 135, 143, 154, 183, 185], "online_meet": 40, "onlinegam": 121, "onlinemeet": 41, "onlinemeetingprovid": 41, "onlinemeetingurl": 41, "onlinestatu": 116, "onmicrosoft": [41, 77, 78, 131], "onpremisesdomainnam": 131, "onpremiseslastsyncdatetim": 131, "onpremisesnetbiosnam": 131, "onpremisesprovisioningerror": 131, "onpremisessamaccountnam": 131, "onpremisessecurityidentifi": [78, 131], "onpremisessyncen": 131, "onto": [24, 28, 42, 112, 114, 162, 171], "op": [106, 117], "open": [7, 8, 9, 11, 15, 20, 22, 28, 37, 44, 51, 54, 74, 85, 87, 90, 94, 99, 100, 105, 106, 108, 109, 113, 114, 116, 118, 119, 120, 122, 127, 130, 139, 141, 143, 144, 150, 159, 161, 176, 178, 179, 180, 181, 182, 187, 188, 189, 190], "open_issu": 45, "open_issues_count": 45, "open_ssh_port": 48, "openact": 90, "openblad": 78, "opencv": 85, "opendn": [25, 26], "opendxl": [76, 154, 170], "openid": 18, "openldap": 66, "openphish": [12, 71, 142, 186], "openport": 48, "openresolv": 165, "openslp": 42, "opensmtpd": 42, "openssl": [87, 170], "oper": [9, 10, 11, 14, 15, 23, 28, 29, 34, 35, 37, 40, 42, 46, 47, 48, 51, 57, 60, 63, 66, 67, 73, 77, 83, 84, 86, 94, 99, 100, 102, 105, 112, 113, 114, 116, 117, 122, 127, 128, 130, 131, 139, 141, 146, 148, 149, 150, 155, 159, 166, 177, 179, 180, 181], "operand": 42, "operand_1": 129, "operating_system": [23, 102], "operatingsystem": [116, 150], "operationalerror": 181, "operationalinsight": 79, "operationalst": 115, "operationalstateexpir": 115, "operationalstatu": 77, "operator_1": 129, "opportun": [37, 177], "oppos": 85, "opt": [29, 37, 115, 190], "optic": 85, "optim": [70, 150], "option": [1, 5, 9, 11, 12, 14, 15, 17, 19, 20, 22, 24, 28, 29, 30, 32, 34, 35, 38, 40, 41, 42, 43, 44, 45, 46, 47, 48, 51, 52, 55, 59, 60, 63, 65, 67, 69, 70, 73, 74, 77, 78, 81, 84, 87, 88, 94, 97, 99, 100, 102, 103, 105, 106, 110, 111, 112, 113, 114, 115, 116, 117, 118, 122, 124, 126, 127, 129, 130, 131, 134, 135, 139, 140, 141, 143, 144, 145, 146, 149, 150, 153, 155, 159, 165, 166, 176, 178, 179, 180, 181, 182, 188], "optional1": 40, "optional_attende": 40, "optional_incident_id": 39, "optionalfield": 119, "or_address": 104, "or_impact_lik": [59, 126], "ora": 180, "oracl": [42, 86, 116, 177, 180], "oracle_fe": 180, "oracledialect": 180, "oracleodbc": 180, "orang": 119, "orbit": 23, "orchestr": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 120, 121, 123, 124, 125, 128, 129, 131, 134, 135, 141, 142, 144, 145, 146, 150, 151, 152, 153, 165, 181, 183, 185, 186, 190], "orclcdb": 180, "orclpdb1": 180, "order": [4, 7, 12, 17, 24, 29, 32, 33, 34, 35, 36, 37, 42, 45, 46, 48, 68, 73, 78, 81, 82, 87, 90, 96, 97, 102, 107, 110, 115, 116, 126, 129, 131, 134, 135, 144, 146, 153, 180, 181, 187], "org": [2, 7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 61, 62, 63, 64, 65, 66, 68, 69, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 132, 134, 135, 138, 139, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 161, 165, 173, 181, 186], "org1": 181, "org1_dep_type_id": 181, "org1_dep_type_nam": 181, "org1_inc_id": 181, "org1_type_id": 181, "org2": 181, "org2_inc_id": 181, "org2_type_id": 181, "org_handl": [59, 126], "org_id": [48, 59, 80, 97, 105, 126, 144, 178, 181], "org_kei": 144, "organ": [4, 14, 20, 21, 29, 36, 41, 48, 51, 71, 73, 80, 90, 95, 105, 109, 112, 114, 120, 131, 135, 144, 146, 153, 161, 165, 178, 181, 183, 184, 185, 186, 187, 188, 189], "organis": [37, 80], "organiz": 66, "organization_id": [106, 144], "organization_nam": [105, 144], "organization_to_us": 69, "organizationalperson": 66, "organizationheaderspreserv": 90, "organizationid": 48, "organizations_url": 45, "orgc": 80, "orgc_id": 80, "orgid": 87, "orgnam": 80, "origin": [0, 9, 12, 15, 17, 24, 35, 42, 45, 49, 73, 78, 79, 84, 87, 90, 97, 102, 108, 110, 112, 115, 118, 129, 135, 136, 144, 145, 148, 180, 181, 185, 188, 190], "origin_countri": 95, "original_devic": 34, "original_msg": 87, "original_workflow_nam": 119, "originalarrivaltim": 90, "originalattributedtenantconnectingip": 90, "originaldomain": 36, "originalendtimezon": 41, "originalnam": 123, "originalproductcomponentnam": 79, "originalproductnam": 79, "originals": 129, "originalstarttimezon": 41, "originalsubmit": 90, "originatororg": 90, "originatorprocess": 115, "orion": 89, "orlando": 117, "orm": 150, "orr": 1, "os_info": 190, "os_major_vers": 144, "os_support": 23, "os_typ": 23, "os_us": 55, "os_vers": [23, 32, 144], "osarch": 115, "osarchitectur": 77, "osbit": 116, "osbitmod": 73, "osbuild": 77, "osbuildnum": 73, "oscsdvers": 73, "oselamstatu": 116, "osflavornumb": 116, "osfunct": 116, "osinfo": 53, "osint": 71, "oslanguag": 116, "osmajor": 116, "osmajorvers": 53, "osminor": 116, "osminorvers": 53, "osnam": [68, 115, 116], "osoemid": 73, "osplatform": [73, 77], "osprocessor": 77, "osreleas": 53, "osrevis": 115, "osservicepack": [68, 116], "osstarttim": 115, "ostyp": [73, 107, 115], "osusernam": 115, "osvers": [68, 73, 77, 116], "osx": 116, "other": [4, 14, 15, 20, 26, 29, 32, 33, 40, 42, 47, 48, 52, 57, 58, 68, 71, 77, 79, 80, 84, 85, 86, 88, 90, 95, 98, 100, 101, 102, 103, 105, 110, 112, 113, 116, 118, 126, 128, 131, 132, 135, 142, 144, 148, 150, 160, 162, 164, 171, 176, 177, 178, 179, 180, 181, 182, 185, 186, 187, 188, 189], "other_count": 101, "other_observ": 101, "other_sect": 71, "other_us": 45, "otheraddress": 112, "otherattribut": 137, "otherbusinessnam": 189, "otherc": 112, "othercountri": 112, "othergeocodeaccuraci": 112, "otherlatitud": 112, "otherlongitud": 112, "otherphon": 112, "otherpostalcod": 112, "otherst": 112, "otherstreet": 112, "otherwis": [20, 29, 37, 45, 98, 110, 118, 124, 135, 142, 147, 165, 176, 177, 178, 179, 180, 181, 182, 186, 189], "otx": 154, "ou": [41, 190], "ouput": 47, "our": [4, 8, 10, 58, 79, 87, 88, 101, 102, 106, 117, 118, 120, 121, 128, 137, 182, 186], "out": [9, 10, 11, 20, 23, 28, 31, 32, 34, 40, 42, 44, 47, 48, 51, 55, 64, 65, 69, 71, 74, 79, 84, 87, 94, 96, 97, 99, 100, 102, 103, 106, 110, 114, 116, 117, 119, 120, 122, 124, 127, 129, 130, 131, 135, 139, 141, 143, 145, 150, 153, 155, 159, 181, 184, 188, 189, 190], "out_of_d": 116, "outbound": [24, 42, 97, 135, 154, 188, 189], "outbound_cobalt_strike_connect": 42, "outbound_email_reply_to_messag": 87, "outbound_email_result": 87, "outbound_socks_connect": 42, "outbound_tor_connect": 42, "outcom": 123, "outer": 103, "outer_kei": 103, "outgo": [23, 87, 97, 116, 150], "outli": 135, "outlier_t": 55, "outlin": [38, 87, 108, 140, 154], "outlook": [41, 87, 131], "outlook2016": 40, "outofofficemessag": 112, "output": [0, 4, 7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 133, 134, 135, 138, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 163, 165, 183, 184, 185, 186, 190], "output_data": 33, "output_exchange_create_meet": 40, "output_exchange_email": 40, "output_exchange_get_mailbox": 40, "output_exchange_send_email": 40, "output_scheduled_rule_cr": 113, "output_scheduled_rule_list": 113, "output_scheduled_rule_modifi": 113, "output_scheduled_rule_paus": 113, "output_scheduled_rule_remov": 113, "output_scheduled_rule_resum": 113, "output_scheduled_rule_run": 113, "output_text": 85, "outputdetail": 16, "outputtyp": 18, "outsid": 113, "outside_support_hour": 89, "ova": 190, "over": [4, 17, 20, 34, 42, 52, 58, 65, 97, 109, 110, 114, 116, 124, 131, 144, 177, 182, 183], "overal": [34, 116, 177, 185], "overall_command_st": 116, "overcom": [177, 181], "overdu": 113, "overlap": [42, 96, 189], "overrid": [34, 42, 48, 63, 68, 79, 87, 89, 98, 105, 106, 107, 112, 114, 123, 124, 129, 150, 155, 185], "overridden": 118, "override_list": 144, "override_reput": 144, "override_reputation_result": 144, "override_typ": 144, "overview": 154, "overwhelm": 42, "overwhelmed_citrix_data_transf": 42, "overwhelmed_data_transf": 42, "overwhelmed_database_data_transf": 42, "overwhelmed_email_data_transf": 42, "overwhelmed_ftp_data_transf": 42, "overwhelmed_http_data_transf": 42, "overwhelmed_kerberos_data_transf": 42, "overwhelmed_ldap_data_transf": 42, "overwhelmed_memcache_data_transf": 42, "overwhelmed_redis_data_transf": 42, "overwrit": [34, 77, 119, 124, 166, 181, 187, 188, 189, 190], "overwritten": [24, 42, 118], "ovh": 71, "owa": 41, "owasp": 37, "own": [0, 1, 6, 10, 14, 21, 22, 29, 37, 48, 63, 66, 68, 71, 76, 78, 85, 86, 87, 88, 96, 102, 103, 120, 128, 131, 132, 135, 136, 149, 161, 162, 166, 178, 180, 182, 186, 188, 189, 190], "owner": [14, 16, 17, 20, 21, 42, 45, 77, 79, 102, 110, 112, 115, 123, 126, 129, 131, 141, 151, 155, 166, 181], "owner_fnam": [59, 126], "owner_id": [42, 59, 77, 79, 89, 106, 112, 126, 131, 144], "owner_lnam": [59, 126], "ownerid": [112, 181], "ownership": [68, 112, 181], "ownertyp": 79, "ozzbaukwkdpb": 121, "p": [4, 20, 21, 24, 25, 33, 40, 42, 45, 75, 81, 84, 87, 101, 109, 110, 115, 126, 129, 140, 141, 142, 145, 148, 150, 153, 155, 160, 184, 185, 190], "p0kv9nx": 89, "p1": 89, "p11txuyw": 38, "p12_signing_cert": 87, "p12_signing_cert_password": 87, "p12_signing_encrypting_cert": 87, "p1658330688241129": 124, "p1658330751752819": 124, "p2": 89, "p2p_auth": 116, "p2ust1dhddra2tjy2fxnwdk5oxd3eobm5rq6usfhx7cwsgslrzw8pl6": 185, "p3": 89, "p4": 89, "p4wg9mk": 89, "p7uz4a8": 89, "p7v7saj": 89, "p7zt80yqstm": 110, "p8021bt": 89, "p8ws4ha": 89, "p94irvl": 89, "p9zplkcb": 107, "pa": [23, 88, 145], "paa": 63, "pack": 4, "packag": [0, 4, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 34, 35, 36, 37, 38, 40, 41, 42, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 71, 72, 73, 74, 75, 76, 78, 79, 80, 81, 82, 83, 84, 85, 86, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 136, 137, 139, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 157, 158, 159, 160, 161, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 187, 188, 189], "package_nam": 52, "package_vers": [7, 9, 10, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 30, 32, 34, 35, 37, 40, 41, 42, 45, 46, 48, 50, 54, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 79, 80, 83, 84, 85, 86, 87, 88, 90, 91, 95, 96, 97, 102, 103, 105, 106, 107, 108, 110, 112, 113, 115, 116, 118, 121, 123, 125, 126, 128, 129, 131, 134, 135, 136, 144, 146, 148, 150, 151, 152, 157, 183, 184], "packagenam": 36, "packer": 121, "packet": [84, 102, 116], "packet_captur": 116, "pad": [12, 17, 24, 45, 78, 90, 115, 129, 140, 144, 187], "page": [7, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 36, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 72, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 119, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 140, 142, 144, 145, 146, 150, 151, 152, 153, 154, 165, 181, 185], "pagenumb": 68, "pager": 91, "pagerduti": 154, "pages": [68, 102], "pagin": [32, 42, 112, 115], "pai": [12, 40], "paid": 134, "pair": [1, 4, 11, 12, 15, 17, 20, 35, 42, 45, 48, 59, 66, 78, 90, 102, 109, 110, 114, 115, 118, 119, 123, 126, 129, 135, 144, 187], "pak": [117, 119, 120, 181, 183, 185, 186, 188], "pakistan": [135, 145], "palau": 135, "palestin": 135, "palo": 154, "paloalto_panorama_adapt": 17, "pam": 110, "pam_credenti": 110, "pamsqlsv": 79, "pan": 135, "panama": 135, "panda": [69, 70, 85], "pane": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165], "panel": [84, 106, 119, 120, 190], "pango": 57, "pano": 88, "panorama": 154, "panorama_api_kei": 88, "panorama_device_group": 88, "panorama_host": 88, "panorama_label": 88, "panorama_label1": 88, "panorama_loc": 88, "panorama_name_paramet": 88, "panorama_request_bodi": 88, "panorama_user_group_nam": 88, "panorama_user_group_xml": 88, "panorama_user_group_xpath": 88, "panorama_users_list": 88, "panorama_vsi": 88, "panorama_xml": 88, "papua": 135, "paraguai": 135, "parallel": [126, 134, 178, 179, 181, 182], "parallel_execut": [178, 179, 181, 182], "param": [12, 15, 17, 23, 24, 26, 33, 37, 42, 45, 68, 75, 78, 90, 102, 110, 115, 116, 129, 135, 144, 150, 153, 158, 180, 185, 190], "param1": [102, 103, 128], "param2": [102, 103, 128], "param3": [84, 102, 103, 128], "param4": 102, "param5": 102, "param6": 102, "paramet": [10, 11, 12, 13, 14, 15, 17, 18, 23, 24, 26, 29, 30, 33, 41, 42, 43, 45, 52, 58, 63, 66, 68, 71, 72, 75, 78, 79, 82, 84, 86, 90, 95, 98, 102, 103, 105, 106, 107, 109, 112, 113, 115, 116, 118, 120, 128, 129, 131, 134, 135, 136, 140, 141, 144, 150, 151, 153, 154, 155, 158, 159, 165, 166, 171, 178, 180, 182, 185, 187, 189, 190], "parameter_nam": 180, "parameterset": 18, "paramiko": [37, 55, 84], "paramiko_expect": 55, "parent": [23, 45, 48, 52, 63, 97, 117, 118, 120, 144, 149, 154, 161, 181], "parent_artifact_result": 108, "parent_cmdlin": 144, "parent_display_nam": 48, "parent_effective_reput": 144, "parent_effective_reputation_sourc": 144, "parent_guid": 144, "parent_handl": 148, "parent_hash": 144, "parent_id": [42, 59, 107, 108, 126], "parent_incid": 108, "parent_issu": 144, "parent_md5": 144, "parent_nam": [48, 144], "parent_pid": 144, "parent_publish": 144, "parent_publisher_st": 144, "parent_reput": 144, "parent_sha256": [23, 144], "parent_user_id": 144, "parent_usernam": 144, "parentcommandlin": 102, "parentfolderid": 41, "parentgroupid": 107, "parenthes": [48, 84, 112], "parentid": [73, 107, 112], "parentimagenam": 102, "parentmessageid": 131, "parentprocesscreationtim": 77, "parentprocessfilenam": 77, "parentprocessfilepath": 77, "parentprocessid": 77, "pari": 117, "park": [36, 148], "park_rocki": 38, "pars": [10, 24, 33, 48, 58, 80, 83, 84, 85, 96, 97, 101, 116, 118, 124, 126, 132, 138, 144, 149, 153, 154, 157, 188], "parsabl": 132, "parse_utilities_artifact_id": 90, "parse_utilities_attachment_id": 90, "parse_utilities_base64cont": 90, "parse_utilities_certif": 90, "parse_utilities_email_attach": 90, "parse_utilities_filenam": 90, "parse_utilities_incident_id": 90, "parse_utilities_parse_email_attach": 90, "parse_utilities_task_id": 90, "parse_utilities_xml_sourc": 90, "parse_utilities_xml_stylesheet": 90, "parsed_device_id": 135, "parser": [90, 154, 185], "part": [14, 31, 37, 56, 81, 88, 90, 103, 104, 105, 110, 113, 126, 130, 131, 135, 146, 150, 178, 179, 181, 182, 189], "parti": [71, 112, 135, 146, 155], "partial": [59, 68, 116], "partialdevicenam": 68, "partialphonenumb": 68, "partialusernam": 68, "particip": [40, 41, 42, 45, 146], "particular": [8, 23, 37, 40, 101, 110, 153, 180, 182, 184, 189], "particularli": 34, "partit": [14, 178, 182], "partner": [23, 157], "partnerloc": 116, "parton": 90, "pass": [4, 15, 37, 41, 46, 48, 52, 57, 63, 65, 66, 71, 79, 86, 87, 88, 89, 101, 102, 103, 113, 116, 118, 128, 143, 150, 165, 181], "pass_len": 66, "pass_result": 66, "passcodecompli": 68, "passiv": [91, 105], "passive_dn": 8, "passive_mod": 144, "passivetot": [126, 154], "passivetotal_account_api_url": 91, "passivetotal_actions_class_api_url": 91, "passivetotal_actions_tags_api_url": 91, "passivetotal_api_kei": 91, "passivetotal_artifact_typ": 91, "passivetotal_artifact_valu": 91, "passivetotal_base_url": 91, "passivetotal_community_url": 91, "passivetotal_enrich_subdom_api_url": 91, "passivetotal_passive_dns_api_url": 91, "passivetotal_site_lookup": 91, "passivetotal_tag": 91, "passivetotal_usernam": 91, "passw0rd": 92, "password": [0, 11, 15, 18, 19, 20, 21, 24, 28, 30, 31, 37, 38, 40, 42, 45, 53, 54, 55, 56, 58, 63, 65, 68, 69, 73, 74, 75, 79, 83, 84, 87, 88, 98, 102, 103, 109, 110, 113, 114, 116, 118, 120, 126, 128, 129, 146, 151, 152, 153, 158, 159, 160, 161, 171, 178, 180, 181, 182, 183, 187, 189, 190], "password_chang": [59, 126], "password_field_pres": 12, "passwordlastus": 15, "passwordpolici": 129, "passwordpolicyviol": 15, "past": [27, 29, 36, 42, 46, 63, 77, 81, 92, 97, 109, 110, 119, 120, 138, 149, 153, 190], "pastebin": 154, "pastebin_api_dev_kei": 92, "pastebin_api_user_nam": 92, "pastebin_api_user_password": 92, "pastebin_cod": 92, "pastebin_expir": 92, "pastebin_format": 92, "pastebin_link": 92, "pastebin_nam": 92, "pastebin_privaci": 92, "patch": [45, 108, 110, 116, 141, 165, 166], "path": [4, 8, 9, 10, 11, 12, 15, 19, 22, 23, 24, 29, 34, 38, 42, 45, 46, 48, 52, 54, 55, 58, 63, 64, 65, 69, 70, 73, 75, 76, 77, 78, 79, 80, 84, 87, 89, 90, 102, 103, 106, 107, 110, 112, 113, 114, 115, 116, 123, 126, 128, 129, 133, 135, 144, 150, 152, 153, 171, 176, 180, 181, 182], "path2": 73, "path_list": 105, "path_of_the_saved_model": 70, "path_to_cert": [45, 135], "path_to_cert_private_kei": 45, "path_to_config_fil": 155, "path_to_dir": 52, "path_to_kei": 135, "path_to_private_rsa_kei": 63, "paths_data": 105, "paths_data_cont": 105, "paths_list_list": 105, "pathto": 84, "pattern": [10, 14, 26, 35, 101, 135, 180, 182, 189], "patternidx": 116, "paus": [102, 134, 166, 188], "payload": [10, 14, 15, 16, 18, 20, 21, 24, 33, 37, 42, 45, 56, 58, 65, 75, 77, 80, 101, 109, 110, 112, 115, 116, 131, 178, 179, 181, 182], "pb": [10, 14, 18, 23, 24, 35, 41, 42, 65, 66, 73, 77, 79, 80, 84, 87, 88, 89, 90, 98, 102, 103, 107, 108, 110, 113, 115, 117, 118, 124, 128, 129, 131, 142, 151], "pb2": 52, "pb_extrahop_rx_assign_tag": 42, "pb_extrahop_rx_get_activitymap": 42, "pb_extrahop_rx_get_devic": 42, "pb_extrahop_rx_get_tag": 42, "pb_extrahop_rx_get_watchlist": 42, "pb_extrahop_rx_search_detect": 42, "pb_extrahop_rx_search_devic": 42, "pb_extrahop_rx_search_packet": 42, "pb_extrahop_rx_update_detect": 42, "pb_extrahop_rx_update_setect": 42, "pb_extrahop_rx_update_watchlist": 42, "pb_id": 97, "pb_max_incident_d": 97, "pb_max_incident_data": 97, "pb_max_incident_id": 97, "pb_max_incient_data": 97, "pb_min_incident_d": 97, "pb_min_incident_data": 97, "pb_min_incident_id": 97, "pb_name": 42, "pb_object_nam": 97, "pb_object_typ": 97, "pb_scheduler_list_job": 113, "pb_scheduler_modify_job": 113, "pb_scheduler_pause_job": 113, "pb_scheduler_resume_job": 113, "pb_scheduler_run_job_now": 113, "pb_scheduler_schedule_job": 113, "pb_scheduler_schedule_job_artifact": 113, "pb_scheduler_schedule_job_task": 113, "pbid": 34, "pbk": 96, "pbm_activation_field": 96, "pbm_activation_typ": 96, "pbm_add_to_same_playbook": 96, "pbm_app_nam": 96, "pbm_base64_cont": 97, "pbm_bodi": 97, "pbm_function_nam": 96, "pbm_id": 97, "pbm_name": 97, "pbm_name_contain": 97, "pbm_name_prefix": 96, "pbm_playbook_nam": 96, "pbm_playbook_typ": 96, "pbm_script_nam": 96, "pbm_type": [96, 97], "pbutil": 97, "pc": [87, 112, 115], "pc9icg1uzgk6qlbntkvkz2u": 126, "pc9icg1uzgk6qlbntkxhymvspjwvynbtbmrpokjqtu5fzgdlpjxicg1uzgk6qlbntlnoyxbligjwbw5fbgvtzw50pvwivgv4defubm90yxrpb25fmhbmcjy4n1wiiglkpvwivgv4defubm90yxrpb25fmhbmcjy4n19kavwipjxvbwdkyzpcb3vuzhmgagvpz2h0pvwimzbciib3awr0ad1ciji4nlwiihg9xcixotdciib5pvwintfcii8": 126, "pc9icg1uzgk6qlbntlbsyw5lpjwvynbtbmrpokjqtu5eawfncmftpjwvzgvmaw5pdglvbnm": 126, "pc9icg1uzgk6qlbntlnoyxblpjxicg1uzgk6qlbntkvkz2ugynbtbkvszw1lbnq9xcjbc3nvy2lhdglvbl8xc3czowxtxcigawq9xcjbc3nvy2lhdglvbl8xc3czowxtx2rpxci": 126, "pca": [107, 144], "pcap": [42, 111], "pci": [48, 107], "pcn": 135, "pcy5861": 89, "pd": [20, 89, 185], "pd_descript": 89, "pd_escalation_polici": 89, "pd_incident_escalation_policy_id": 89, "pd_incident_escalation_policy_nam": 89, "pd_incident_id": 89, "pd_incident_kei": 89, "pd_incident_prior": 89, "pd_incident_service_id": 89, "pd_incident_service_nam": 89, "pd_incident_statu": 89, "pd_incident_url": 89, "pd_poller_filt": 89, "pd_prioriti": 89, "pd_search_dat": 89, "pd_servic": 89, "pd_statu": 89, "pd_sync_not": 89, "pd_test": 89, "pd_titl": 89, "pda": 112, "pdf": [72, 90, 143, 154], "pdfid": 126, "pdfid_result": 90, "pdns_first_seen": 91, "pdns_hit_numb": 91, "pdns_last_seen": 91, "pdpyra": 89, "pdt": 42, "pe32": 121, "pehash": [121, 171], "pem": [45, 63, 77, 79, 87, 90, 115, 116, 135], "pend": [9, 11, 15, 28, 51, 59, 60, 67, 68, 94, 99, 100, 114, 116, 122, 126, 127, 130, 135, 139, 141, 144, 148, 159], "pending_act": 89, "pending_confirm": 135, "pending_scan_result": [107, 108, 126], "pending_sourc": [59, 107, 108, 126], "pendingact": 115, "peopl": [95, 135, 190], "pepipost": 87, "peponoff": 116, "per": [1, 10, 52, 55, 65, 77, 79, 81, 85, 105, 106, 110, 120, 135, 136, 166, 176, 177, 178, 180, 181, 182], "percentag": [145, 185], "perform": [1, 2, 3, 12, 15, 17, 24, 29, 33, 37, 38, 40, 41, 42, 45, 47, 51, 58, 60, 66, 68, 70, 71, 77, 78, 82, 86, 87, 90, 97, 100, 101, 103, 105, 110, 111, 112, 113, 114, 115, 116, 122, 125, 127, 128, 129, 130, 131, 132, 135, 139, 140, 141, 142, 144, 146, 149, 165, 166, 176, 178, 179, 180, 181, 182, 184, 186, 187, 188, 189], "perhap": 177, "period": [34, 37, 54, 55, 101, 116, 134, 153, 181], "perl": 90, "perm": [59, 73, 107, 108, 126], "perm_set": 73, "permalink": 186, "perman": [12, 40, 118, 135], "permanent_user_id": 135, "permgroup": 73, "permiss": [1, 4, 7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 24, 27, 28, 30, 31, 34, 35, 37, 38, 40, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 70, 71, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 116, 120, 121, 122, 123, 124, 125, 126, 127, 128, 134, 138, 139, 142, 145, 146, 149, 151, 152, 165, 166, 180, 181, 187, 188, 189, 190], "permission_set_nam": 73, "permit": [24, 90, 98, 134], "permset": 73, "permsetnam": 73, "permut": 37, "persian": 145, "persist": [77, 81, 115, 180, 181, 190], "person": [20, 40, 45, 46, 66, 73, 81, 109, 112, 123, 124, 126, 153, 158, 184], "person_attribute_to_name_map": 95, "person_list": 95, "personal_profil": 95, "perspect": 105, "perspective_nam": 105, "persuad": 77, "peru": 135, "perviou": [73, 87], "pf390zgrvt09ererevfrvlzwfdw8pv7": 185, "pfa4bvu": 89, "pfivegdvbnn0bdwlhk": 97, "pg7t8ir": 89, "pg9tz2rjokjvdw5kcybozwlnahq9xcixm1wiihdpzhropvwimfwiihg9xciynjvciib5pvwimtg0xcivpjwvynbtbmrpokjqtu5mywjlbd48l2jwbw5katpcue1orwrnzt48ynbtbmrpokjqtu5fzgdligjwbw5fbgvtzw50pvwiu2vxdwvuy2vgbg93xzblmdfxatbciibpzd1cilnlcxvlbmnlrmxvd18wztaxcwkwx2rpxci": 126, "pg9tz2rpondhexbvaw50ihg9xci0mzjciib4c2k6dhlwzt1cim9tz2rjolbvaw50xciget1cijiwnlwilz48b21nzgk6d2f5cg9pbnqged1ciju4m1wiihhzatp0exblpvwib21nzgm6ug9pbnrciib5pvwimja2xcivpjxicg1uzgk6qlbntkxhymvspjxvbwdkyzpcb3vuzhmgagvpz2h0pvwimtnciib3awr0ad1cijbciib4pvwinta3ljvciib5pvwimtg0ljvcii8": 126, "pg9tz2rpondhexbvaw50ihg9xciznzbciib4c2k6dhlwzt1cim9tz2rjolbvaw50xciget1cije2nlwilz48b21nzgk6d2f5cg9pbnqged1cijm0nvwiihhzatp0exblpvwib21nzgm6ug9pbnrciib5pvwiodfcii8": 126, "phase": [97, 181, 188], "phase_id": [59, 108, 126], "phid": 34, "philip": 190, "philippin": 135, "phish": [7, 12, 36, 59, 62, 71, 94, 98, 102, 112, 116, 126, 137, 142, 151, 154, 181, 185, 186], "phish_tank_api_kei": 94, "phish_tank_api_url": 94, "phishai_api_kei": 93, "phishai_scan_id": 93, "phishai_scan_output": 93, "phishfe": 12, "phishfort": [142, 186], "phishing_attempt": 36, "phishing_databas": 71, "phishlab": [142, 186], "phishstat": [12, 71], "phishtank": [12, 71, 142, 154, 186], "phishtank_valid_onlin": 71, "phl": 135, "phoenix": 53, "phoenixbio": 116, "phone": [16, 20, 59, 61, 68, 73, 95, 112, 126, 129, 136, 148, 186], "phone_numb": [16, 73, 136], "phoneandvideosystempassword": 146, "phonenumb": [68, 73], "photourl": 112, "php": [12, 23, 30, 56, 62, 116, 146, 183], "phsical": 40, "physic": [40, 115, 116], "physicalcpu": 116, "pi": 23, "picker": [33, 37, 188], "pictur": [84, 85], "pid": [34, 107, 144], "pids_stat": 37, "pierr": 135, "pii": [46, 59, 126, 181], "piix": 115, "pika": [57, 58], "pin": [34, 38, 52, 140, 141, 148], "ping": [7, 32, 42, 82, 116, 163], "ping_scan": 42, "pinpoint": 154, "pip": [4, 8, 9, 10, 11, 13, 15, 22, 25, 26, 28, 29, 33, 39, 43, 44, 51, 54, 55, 56, 60, 63, 67, 69, 70, 72, 74, 82, 94, 95, 99, 100, 104, 111, 114, 120, 122, 127, 130, 132, 133, 136, 139, 140, 141, 143, 148, 155, 157, 158, 159, 160, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182, 190], "pip3": 2, "pipe": 42, "pipl": 154, "pipl_api_kei": 95, "pipl_artifact_typ": 95, "pipl_artifact_valu": 95, "pipl_inf": 95, "pipl_infer_person": 95, "pipl_match": 95, "pipl_max_no_possible_per_match": 95, "pipl_minimum_match": 95, "pipl_minimum_prob": 95, "pipl_person_data": 95, "pipl_possible_match_no": 95, "pipl_properti": 95, "pipl_respons": 95, "pipl_timestamp": 95, "pipl_valu": 95, "pitcairn": 135, "pj3nzc29vb66ursdawpb29uxl5yodg42njbi4ukqqqh4ehmnjy09pt2ml235": 185, "pjge9x": 89, "pk": 145, "pk723d4": 89, "pkcs12": 87, "pki": 186, "pkpqsnfetj": 97, "pl": 145, "place": [4, 10, 14, 24, 35, 41, 42, 65, 66, 73, 77, 80, 84, 85, 86, 87, 88, 89, 90, 98, 102, 103, 107, 113, 114, 115, 117, 124, 125, 128, 129, 131, 142, 151, 181, 188, 189, 190], "placehold": [14, 18, 20, 42, 54, 63, 66, 77, 78, 79, 80, 81, 86, 87, 98, 101, 102, 103, 105, 106, 107, 108, 112, 115, 118, 123, 129, 135, 144, 150], "plaform": 28, "plai": [110, 181, 190], "plain": [56, 65, 87, 106, 110, 135, 183], "plain_bodi": 90, "plain_text": 90, "plaintext": [65, 135, 151], "plan": [37, 46, 87, 93, 131, 166, 180], "plan_statu": [14, 19, 34, 42, 48, 59, 63, 65, 77, 78, 79, 87, 89, 105, 106, 112, 115, 118, 126, 128, 129, 135, 144, 150, 181], "planet": 95, "planetexpress": 190, "planner": 131, "platform": [4, 8, 9, 11, 22, 25, 26, 28, 29, 32, 33, 36, 39, 44, 47, 53, 55, 60, 67, 68, 69, 70, 72, 74, 75, 94, 99, 100, 111, 114, 117, 118, 119, 122, 127, 133, 136, 138, 139, 140, 141, 143, 148, 149, 158, 159, 160, 166, 171, 175, 176, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189], "platform_": 97, "platform_id": 32, "platform_nam": 32, "platformnam": 68, "platformtyp": 50, "platinum": 107, "playbook": [2, 4, 12, 31, 48, 55, 78, 85, 86, 87, 108, 117, 134, 154, 177, 180, 181, 187, 189], "playbook1": 123, "playbook2": [10, 123], "playbook3": 123, "playbook4": 123, "playbook_3072ad5a": 97, "playbook_3072ad5a_2848_4c47_9667_acc5c44e941d": 97, "playbook_8dd7415a": 97, "playbook_8dd7415a_fb33_4144_ba51_491356741607": 97, "playbook_9d1969c7": 97, "playbook_9d1969c7_8f69_494d_b720_f09a9e37d125": 97, "playbook_cont": 97, "playbook_data": 97, "playbook_display_nam": 97, "playbook_exchange_create_meet": 40, "playbook_exchange_delete_email": 40, "playbook_exchange_find_email": 40, "playbook_exchange_get_mailbox_info": 40, "playbook_exchange_move_email": 40, "playbook_exchange_send_email": 40, "playbook_handl": [108, 126], "playbook_mak": 96, "playbook_map": 123, "playbook_nam": [96, 97], "playbook_result": 10, "playbook_ve_and_delete_fold": 40, "playlist": [56, 183], "pleas": [3, 4, 7, 8, 9, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 68, 69, 70, 71, 73, 74, 75, 76, 78, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 118, 121, 123, 124, 126, 128, 129, 131, 133, 134, 135, 138, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 158, 165, 166, 175, 177, 186, 189], "plr8wee7j": 97, "plugin": [34, 105, 106, 107, 112, 144, 154, 177, 180, 181], "plugin_license_error": 63, "plurin": 135, "plw": 135, "pm": [18, 84, 116], "pmbp": 65, "pmtnprv": 89, "pmv0lfg": 89, "png": [4, 47, 56, 63, 101, 118, 125, 135, 140, 166, 183, 184, 185], "png_base64cont": [140, 185], "png_url": [140, 185], "pnkfz": 150, "pnl36c8": 89, "po3k5pi": 89, "po7k0vzd1dzhnuuigouv7du3ujf3qvce4zqsaespallstamkclfj1sfizhjd4cysvkksgu1xqtiqarassbihrb0ktct8jlzawoiuojsauwanyvoccdodn1sbrtxnba3ltt29agpwt": 97, "poc_email": 105, "poc_id": 105, "pod": 115, "podlabel": 115, "podman": [1, 4, 29], "poehali": 151, "poffzlfoltof4": 97, "point": [3, 22, 63, 69, 96, 97, 101, 107, 111, 116, 134, 141, 181, 184, 189], "pointer": 40, "poison": 42, "pol": [15, 135], "pol_stat": 15, "poland": 135, "polic": 15, "polici": [23, 32, 42, 55, 72, 89, 103, 112, 115, 129, 144, 186], "policiesresult": 73, "policy_appli": 144, "policy_blob": 48, "policy_category_count": 103, "policy_deni": 144, "policy_h": 107, "policy_id": [32, 144], "policy_list": 15, "policy_match": 107, "policy_nam": [15, 20, 23, 144], "policy_overrid": 144, "policy_support": 23, "policy_typ": [20, 32], "policy_url": 107, "policy_xml": 23, "policyarn": 15, "policycompliancest": 68, "policyd": 116, "policydescript": 107, "policygroupid": 129, "policygroupnam": 129, "policyid": [73, 107, 129], "policyinheritanceen": 116, "policynam": [15, 129], "policyobjectid": 73, "policyserialnumb": 116, "policytitl": 107, "policytyp": 116, "policyvers": 129, "policyviol": 131, "polish": 145, "poll": [14, 19, 34, 42, 48, 54, 63, 74, 78, 89, 98, 99, 105, 106, 107, 112, 114, 115, 123, 129, 142, 144, 150], "poller": [48, 65, 78, 98, 115, 123, 129], "poller_filt": 63, "poller_interv": [34, 63, 106, 107, 112, 144, 150], "poller_timezon": 123, "polling_add_case_url_comment_in_rapid7": 106, "polling_filt": [42, 105, 106, 107, 112, 144], "polling_filters_criteria_1": 144, "polling_filters_criteria_2": 144, "polling_filters_criteria_3": 144, "polling_h": 107, "polling_interv": [34, 42, 48, 63, 72, 77, 79, 89, 98, 99, 102, 105, 106, 107, 112, 114, 115, 123, 129, 144, 150], "polling_interval_sec": 142, "polling_lookback": [34, 42, 48, 63, 77, 79, 89, 102, 105, 106, 107, 112, 115, 123, 129, 144, 150], "polling_record_type_nam": 112, "poloatm": 101, "polynesia": 135, "pomf": 183, "pong": 116, "ponmocup": 71, "pool": 42, "poor": [42, 116], "poor_aaa_perform": 42, "poor_dhcp_perform": 42, "poor_http_perform": 42, "pop": [81, 105, 115, 128, 135], "popul": [25, 26, 34, 80, 97, 102, 105, 106, 107, 120, 135, 150, 158, 164, 177, 184, 189], "popular": [71, 85, 87, 137], "popular_infra": 71, "popular_web": 71, "popularity_rank": 142, "popup": [21, 30, 41, 114, 115, 119, 120, 146], "port": [4, 7, 12, 14, 18, 19, 20, 21, 23, 27, 37, 42, 44, 48, 52, 54, 55, 58, 65, 66, 69, 70, 78, 80, 82, 83, 86, 87, 102, 105, 106, 107, 109, 110, 113, 116, 120, 122, 123, 128, 153, 155, 158, 171, 177, 178, 180, 181, 182, 190], "port_scan": 116, "portal": [34, 36, 78, 79, 153, 155], "portalurl": 150, "portion": [84, 97, 107, 125, 178, 182], "portnumb": 20, "portug": 135, "portugues": 145, "pose": 102, "posit": [18, 59, 103, 115, 126, 144, 186], "possess": 110, "possibl": [28, 29, 34, 37, 43, 65, 68, 76, 79, 82, 84, 85, 86, 95, 97, 98, 103, 105, 106, 107, 112, 113, 116, 118, 124, 125, 131, 135, 137, 144, 146, 148, 150, 151, 177, 182, 189], "possible_person_count": 95, "possibli": [105, 110, 181, 189], "post": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 46, 47, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 100, 101, 102, 103, 105, 107, 108, 109, 110, 111, 113, 114, 115, 116, 118, 121, 122, 123, 125, 126, 127, 128, 129, 130, 134, 135, 138, 139, 141, 142, 145, 146, 148, 149, 150, 151, 152, 153, 157, 159, 165, 166, 183, 184, 185, 186, 190], "post_attachment_result": 112, "post_comment_result": 106, "post_device_action_result": 144, "post_exploit": 105, "post_messag": 131, "post_msg": 48, "post_note_to_alert_result": 144, "post_tags_result": 144, "postal": [20, 61, 129, 186], "postal_cod": 148, "postalcod": [59, 112, 126], "postfix": 37, "postgr": [86, 180, 181, 190], "postgres_fe": 180, "postgresql": [86, 113, 180, 190], "postgresql96dialect": 180, "postgresql_acct": 181, "postgresql_connect": 181, "postgresql_pwd": 181, "postgresql_uid": 181, "postgressql": 181, "postman": 110, "postressql": 180, "postur": 79, "potenti": [14, 50, 81, 101, 102, 105, 106, 117, 129, 137, 186, 189], "potential_covert_channel": 42, "potentialliability__c": 112, "power": [106, 115, 177], "powered_bi": 32, "powershel": [18, 42, 77, 107, 141, 163], "powershell7": 18, "pp": 83, "pp4e6u59zqbjujzs9z1wz6hxfrb5hqennun12of2f6zpzqucdsmkcufnbz8fq7s4vul6uaq7jlxazaherz1z": 97, "pp_campaign_id": 98, "ppbutil": 97, "ppid": 107, "ppl000000000118": 20, "pptp": 116, "pqnvil9": 89, "practic": [10, 97, 151, 180], "pragma": 190, "prc": 135, "prd861l": 89, "pre": [7, 9, 10, 11, 15, 16, 19, 20, 21, 24, 26, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 55, 57, 58, 59, 60, 62, 63, 64, 67, 68, 69, 75, 76, 77, 80, 83, 84, 85, 86, 87, 89, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 102, 103, 105, 108, 110, 113, 114, 116, 117, 121, 122, 124, 125, 126, 127, 128, 130, 131, 134, 135, 138, 139, 141, 142, 145, 146, 148, 149, 151, 152, 153, 158, 159, 178, 183, 184, 185, 186, 188, 190], "pre_msg": 48, "pre_packag": 113, "pre_processing_script": 97, "pre_processing_script_languag": 97, "preattack": [78, 79], "preauth": 106, "prebyt": [142, 186], "preced": [20, 52, 81, 131, 188], "precend": [48, 52], "precis": [134, 180], "precisionsec": [12, 142, 186], "preconfigur": 86, "precpu_stat": 37, "precrim": [142, 186], "predefin": [78, 86, 87, 91, 110, 129], "predetermin": 131, "predict": [69, 70, 114], "preexist": [90, 135], "prefer": [4, 112, 116, 133, 136, 182], "preferreddataloc": 131, "preferredlanguag": 131, "prefix": [9, 11, 14, 18, 20, 28, 34, 42, 44, 48, 51, 54, 63, 66, 74, 77, 78, 79, 80, 81, 87, 94, 96, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 112, 114, 115, 118, 120, 122, 123, 127, 129, 130, 135, 139, 141, 143, 144, 150, 159, 178], "preform": 63, "prem": [40, 75], "premis": [64, 106], "premium": [48, 63], "prepar": [58, 69, 71, 86, 102, 137, 185], "prepare_city_countri": 185, "prepend": 118, "preprocess": 110, "preread": 37, "prereleas": 45, "prerequisit": [22, 154, 158, 166, 172, 174, 187, 188, 189], "present": [4, 10, 12, 15, 17, 20, 23, 24, 35, 40, 41, 42, 45, 48, 67, 73, 78, 79, 85, 87, 90, 97, 102, 107, 110, 113, 115, 116, 128, 129, 131, 135, 144, 146, 147, 155, 157, 166, 180, 181, 187], "preserv": [34, 87, 97, 101, 105, 106, 107, 112, 124, 144, 150, 188], "preserved_imag": 1, "press": [15, 55, 190], "pretty_result": 142, "pretty_str": 41, "preval": 76, "prevent": [32, 48, 64, 71, 87, 98, 114, 115, 116, 165], "preventorprotectstatusid": 129, "preview": [79, 166], "previou": [10, 12, 14, 15, 24, 29, 35, 41, 42, 44, 47, 58, 63, 65, 66, 71, 73, 77, 79, 80, 86, 87, 88, 89, 90, 98, 102, 103, 107, 113, 116, 117, 118, 124, 128, 131, 140, 142, 151, 167, 178, 182, 188, 189, 190], "previous": [20, 21, 29, 84, 107, 109, 174, 183, 190], "previous_hpd_ci_reconid": 20, "previous_serviceci_reconid": 20, "previousid": 34, "pri": 135, "primari": [18, 71, 110, 146, 177], "primary_event_id": 144, "primary_internal_dir": 37, "primary_output_dir": 37, "primarydomain": 91, "primarygroupid": 66, "primaryrequest": 185, "princip": [14, 118, 135, 179], "principal_id": 14, "principalid": [14, 18], "principalnam": 73, "principalusernam": 41, "print": [12, 24, 27, 40, 42, 46, 63, 68, 77, 78, 92, 116, 120, 129, 138, 142, 149, 190], "print_funct": 190, "printabl": 15, "printer": 42, "prior": [16, 34, 55, 62, 63, 66, 86, 88, 98, 102, 103, 106, 125, 128, 135, 180, 181, 188], "priorit": 110, "prioriti": [20, 34, 63, 73, 81, 87, 89, 101, 105, 112, 123, 135, 136, 142, 159, 184], "priority_impact_factor": 105, "priority_lookup": 123, "priority_map": [63, 106], "priority_scor": 105, "priority_status_factor": 105, "priority_tags_factor": 105, "privaci": [45, 110, 166, 186], "privat": [1, 10, 14, 20, 29, 45, 48, 63, 87, 92, 96, 109, 116, 124, 131, 151, 166, 168, 174, 185], "private_dns_nam": 14, "private_ip": 14, "private_rsa_key_file_path": 63, "private_weak": 105, "privateendpointconnect": 18, "privateipaddress": 78, "privileg": [42, 66, 73, 107, 108, 126, 184, 190], "privilege_level": 107, "privileged_us": 55, "privilegelevel": 107, "prk": 135, "pro": [3, 9, 14, 21, 24, 30, 41, 59, 62, 75, 76, 77, 83, 97, 105, 106, 112, 136, 184], "proactiv": 116, "probabl": [95, 180], "problem": [82, 181, 189], "problemsolv": 106, "probo": 107, "proce": [187, 188, 189], "procedur": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 138, 139, 141, 142, 144, 145, 146, 149, 150, 151, 152, 153, 155, 165, 176, 179, 180], "proces": 144, "process": [4, 7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 100, 101, 102, 103, 105, 106, 108, 109, 110, 111, 112, 113, 114, 115, 116, 118, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 138, 139, 141, 142, 145, 146, 148, 149, 150, 151, 152, 153, 155, 157, 158, 159, 160, 163, 165, 166, 171, 176, 177, 178, 179, 180, 182, 183, 184, 185, 186, 189, 190], "process_access_kei": 15, "process_access_key_id": 15, "process_cmdlin": 144, "process_cmdline_length": 144, "process_det": 42, "process_dev": 42, "process_effective_reput": 144, "process_effective_reputation_sourc": 144, "process_group": 15, "process_guid": 144, "process_hash": 144, "process_id": 23, "process_insight": 101, "process_intel": 128, "process_issu": 144, "process_md5": 144, "process_nam": [107, 144], "process_num": 107, "process_path": 107, "process_pid": [107, 144], "process_polici": 15, "process_publish": 144, "process_publisher_st": 144, "process_reput": 144, "process_sha256": 144, "process_start_tim": 144, "process_tag": 15, "process_user_id": 144, "process_usernam": 144, "processattach": 135, "processcommandlin": 77, "processcreationtim": 77, "processid": 77, "processingendtim": 79, "processnam": 107, "processor": [63, 87, 97, 115, 135, 163, 177, 185, 189], "processorclock": 116, "processortyp": 116, "processus": 115, "prod": [41, 63, 88], "produc": [4, 12, 14, 17, 24, 45, 65, 78, 87, 90, 115, 126, 129, 144, 157, 187, 190], "product": [7, 17, 20, 23, 24, 31, 33, 34, 38, 40, 42, 45, 48, 50, 53, 58, 60, 65, 71, 73, 85, 91, 98, 100, 101, 105, 106, 107, 112, 114, 115, 116, 118, 121, 122, 123, 124, 127, 129, 131, 132, 135, 139, 141, 142, 144, 150, 153], "product__c": 112, "product_id": 73, "product_nam": [58, 73], "product_type_desc": 32, "productcomponentnam": 79, "productfamili": 123, "productid": 73, "productionteam": 131, "productnam": [73, 79], "profession": [95, 117], "professional_and_busi": 95, "professor": 190, "profil": [17, 18, 37, 45, 72, 79, 84, 131], "profilechecksum": 116, "profiledbehavior": 14, "profileid": 112, "profilephoto": 112, "profileserialno": 116, "profilevers": 116, "program": [73, 77, 90, 106, 107, 110, 125, 144, 190], "program_path": 107, "programdata": 107, "programmat": [14, 15, 153, 161, 176, 177, 190], "programmatic_nam": 97, "programpath": 107, "progress": [9, 11, 15, 28, 51, 60, 63, 67, 94, 99, 100, 112, 114, 115, 116, 118, 119, 122, 127, 130, 139, 141, 144, 148, 159], "progressdetailsresolut": 102, "project": [10, 11, 25, 48, 50, 63, 160, 161], "project1": 150, "project_display_nam": 48, "project_id": [48, 150], "project_nam": [48, 150], "project_name1": 63, "project_name2": 63, "projectid": 48, "projectnumb": 48, "projectshield": 185, "projecttypekei": 63, "prolong": 110, "prometheu": 89, "promot": 77, "prompt": [14, 30, 63, 84, 105, 113, 146, 190], "proof": 105, "proofpoint": 154, "proofpoint_aggregate_flag": 98, "proofpoint_campaign_id": 98, "proofpoint_malicious_flag": 98, "proofpoint_tap_campaign_id": 98, "proofpoint_tap_campaign_object_dt": 98, "proofpoint_tap_object_id": 98, "proofpoint_tap_object_nam": 98, "proofpoint_tap_object_subtype_of_threat": 98, "proofpoint_tap_object_threat": 98, "proofpoint_tap_object_threat_tim": 98, "proofpoint_tap_object_timestamp": 98, "proofpoint_tap_object_typ": 98, "proofpoint_tap_object_type_of_threat": 98, "proofpoint_threat_id": 98, "prop": [42, 185], "propag": 42, "proper": [77, 134, 165], "properli": [4, 38, 48, 52, 84, 87, 110, 118, 131, 177], "properti": [8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 28, 30, 31, 32, 33, 35, 41, 45, 47, 51, 54, 57, 58, 59, 60, 63, 65, 66, 67, 68, 73, 76, 77, 78, 79, 80, 81, 83, 85, 86, 87, 89, 90, 93, 94, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 120, 122, 123, 124, 126, 127, 128, 129, 130, 134, 135, 136, 139, 141, 144, 146, 148, 150, 153, 159, 166, 180, 184, 187, 188], "property_nam": [12, 17, 24, 45, 78, 90, 115, 129, 144], "propertyself": 42, "proposal_email_lock": 80, "proscript": 114, "protect": [12, 23, 45, 55, 73, 77, 79, 80, 86, 90, 98, 101, 103, 110, 115, 126, 129, 131, 135, 151, 154], "protectedresourceid": 78, "protection_url": 45, "protectmanag": 129, "proto": [52, 110], "proto3": 52, "protocol": [14, 20, 23, 42, 52, 63, 65, 78, 87, 102, 103, 105, 110, 116, 148, 171, 179, 180, 185], "protocol_id": 116, "protocolid": [102, 103], "protocolnam": [102, 103], "protocolname_protocolid": 103, "protocolstat": 185, "protonmail": 183, "prototyp": 96, "provid": [1, 2, 4, 7, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 28, 30, 31, 34, 35, 38, 39, 40, 41, 42, 43, 45, 46, 48, 50, 52, 54, 55, 56, 57, 58, 59, 61, 62, 63, 64, 65, 66, 69, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 99, 101, 102, 103, 105, 106, 108, 109, 111, 112, 113, 114, 115, 116, 117, 118, 121, 123, 124, 125, 126, 128, 129, 130, 131, 132, 134, 135, 138, 140, 142, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 157, 160, 162, 165, 166, 168, 172, 174, 176, 178, 179, 180, 181, 182, 183, 186, 187, 189, 190], "provider_unknown": 115, "provideralertid": [77, 79], "providerid": [76, 150], "providerincidentid": 79, "providernam": 79, "provideruniqueid": 150, "providervers": 78, "provinc": [20, 186], "provis": [32, 75, 170], "provision_statu": 32, "provisionconfig": 75, "provisioningoverview": 75, "provisioningst": 18, "proxi": [8, 9, 25, 26, 28, 33, 36, 44, 55, 56, 57, 60, 68, 74, 75, 94, 99, 108, 117, 122, 127, 138, 140, 143, 147, 148, 149, 182], "proxy_command": 55, "proxy_host": [44, 181], "proxy_serv": [55, 125], "proxyaddress": 131, "proxyend": 185, "proxyhost": [81, 99], "proxystart": 185, "prt": 135, "pry": 135, "ps1": [18, 84, 141], "psazureadvisorconfigurationdata": 18, "psc1": 84, "pse": 135, "psexec_act": 42, "pskversion": 116, "pslist": 37, "psm1": [84, 141], "psql": 190, "psqlodbcw": 180, "psscan": 84, "pst": 172, "pstarttim": 107, "pstest": 84, "pt": 145, "ptponoff": 116, "ptr": [82, 90], "ptwbpyxmxoqcav1mw": 97, "pua": [77, 121], "pub": [0, 95], "pubdt": 33, "public": [7, 9, 12, 14, 18, 23, 34, 41, 42, 45, 61, 63, 71, 87, 90, 92, 103, 105, 106, 110, 116, 124, 144, 151, 174, 180, 185], "public_dns_nam": 14, "public_ip": 14, "public_kei": [90, 142, 186], "public_network_access": 18, "public_weak": 105, "publicapi": 77, "publicexploit": 77, "publicipaddress": 78, "publickei": 116, "publicli": [71, 117, 120], "publicmeet": 146, "publicnetworkaccess": 18, "publicnetworkaccess_account": 18, "publictraffictyp": 90, "publicvulnerabilitydto": 77, "publish": [1, 18, 33, 36, 48, 77, 80, 101, 119, 144, 154, 176, 177, 178, 179, 180, 181, 182], "publish_timestamp": 80, "published_at": 45, "published_d": 33, "publishedon": 77, "publishernam": 115, "publishtim": 79, "puerto": 135, "puid": 135, "pujxxhtcellpkj6vnujvoqltxgttgy19izb0a1hqhlegr2w5dvtlglqixul": 97, "pull": [1, 7, 18, 34, 42, 45, 98, 99, 102, 106, 129, 144, 160, 167, 177], "pulls_url": 45, "puls": [42, 103], "pulse_import": 103, "pulsed": 154, "pulsedive_api_kei": 100, "pulsedive_api_url": 100, "punjabi": 145, "pup": 144, "purebas": 121, "purg": 40, "purpos": [35, 48, 52, 71, 79, 80, 89, 102, 110, 116, 161, 186, 189], "push": [1, 3, 4, 29, 40, 45, 73, 88, 102, 112, 179], "pushed_at": 45, "pushend": 185, "pushstart": 185, "pushto": 145, "put": [12, 23, 24, 46, 69, 78, 110, 129, 165, 166, 190], "putbucketpolici": 14, "pvpw6eo": 89, "pw": 121, "pw8amda4cagozs7kysrf1dxvbqulw0ti": 185, "pwd": [31, 73, 83, 86, 180, 181, 190], "pwdlastset": 66, "pwncount": [56, 183], "pwned": 154, "pwnedlogo": 183, "px": [12, 17, 24, 45, 78, 90, 115, 129, 144], "py": [4, 22, 25, 26, 29, 37, 38, 39, 45, 47, 56, 66, 69, 70, 72, 83, 84, 87, 104, 111, 133, 136, 140, 155, 158, 160, 168, 171, 175, 180, 190], "py2": [12, 17, 24, 45, 73, 78, 90, 115, 144], "py3": [12, 17, 24, 45, 78, 90, 115, 144], "pyamd55": 89, "pyclamd": 27, "pycryptodom": 66, "pydoc": 75, "pyenv": 3, "pyenv_virtualenv_nam": 3, "pyeti": [152, 175], "pyf": 135, "pyimpl": 14, "pyinvestig": 26, "pyjwt": [63, 110, 165], "pylh7tb": 89, "pylint": [160, 180, 190], "pymisp": 80, "pymsteam": 131, "pyodbc": [86, 180], "pyopenssl": [84, 90, 155], "pypdf2": 46, "pypi": [4, 63], "pypostgresql": 113, "pytesseract": 85, "pytest": 161, "pytest_resilient_circuit": 161, "python": [2, 3, 4, 9, 11, 22, 25, 26, 28, 32, 37, 39, 43, 47, 51, 56, 60, 67, 69, 70, 72, 75, 92, 94, 99, 100, 104, 111, 114, 118, 122, 127, 130, 132, 133, 136, 139, 141, 148, 149, 154, 157, 158, 159, 160, 161, 162, 168, 170, 171, 175, 177, 183, 184, 185, 186, 187, 188, 189], "python2": [41, 52, 80], "python3": [2, 3, 4, 12, 15, 18, 19, 23, 29, 41, 46, 52, 59, 65, 68, 78, 80, 95, 97, 98, 101, 103, 109, 111, 116, 123, 152, 153, 155], "python_vers": [10, 40, 80, 113], "pytz": [29, 31, 41, 54, 113, 123], "pywinrm": [10, 84], "pz82": 185, "pzgchb1tbw": 185, "q": [23, 36, 43, 55, 185, 188], "q043": 185, "q046": 185, "q050": 185, "q0jc5fkzb7qkwa": 89, "q1i8e2p0cjsiib": 89, "q3eksaxm": 97, "q4odouli6kiomdnz0ljsdxv1ymqeodg4jqamt7e3": 185, "q9mwgdxxk6sp5kr3wdgfmwb3hd1ufpsiz0v3x1cojhxrsgfbplaf2vgpcyjwb": 97, "q_radar_block_group": 55, "qa": 151, "qaam": 77, "qat": 135, "qatar": 135, "qc": 84, "qcywtqga7qkxs0wujs8sjmzwfcrpemvamu5": 116, "qeiivjj1": 97, "qemu": 115, "qhyjausilo": 110, "qid": 102, "qidnam": 102, "qmc92zdkqnfzkgnayycqsamrcbgatpssydmifkdtpmuxmj": 98, "qmra9djtfqgctnfazqsqb5fu6kaubeyvh56czj3ioeaz9w": 98, "qmrmd1jbn8ftfusy1lzcc3g3qjyccnryo9cgxqlng5guax": 98, "qr_asset": 102, "qr_assign": 102, "qr_categori": 102, "qr_credibl": 102, "qr_destination_ip_count": 102, "qr_event_count": 102, "qr_flow": 102, "qr_flow_count": 102, "qr_last_updated_tim": 102, "qr_magnitud": 102, "qr_offense_domain": 102, "qr_offense_index_typ": 102, "qr_offense_index_valu": 102, "qr_offense_last_updated_tim": 102, "qr_offense_sourc": 102, "qr_offense_start_tim": 102, "qr_offense_statu": 102, "qr_offense_top_ev": 102, "qr_relev": 102, "qr_sever": 102, "qr_source_ip_count": 102, "qr_top_destination_ip": 102, "qr_top_source_ip": 102, "qr_triggered_rul": 102, "qradar": [7, 10, 12, 14, 15, 17, 18, 19, 20, 23, 24, 31, 34, 35, 38, 40, 41, 42, 45, 48, 50, 58, 63, 64, 65, 66, 71, 73, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 95, 96, 98, 105, 106, 108, 109, 110, 112, 113, 115, 116, 117, 119, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 146, 150, 151, 152, 153, 156, 162, 165, 178, 181], "qradar_1_1_1_1_1103": 102, "qradar_4": 102, "qradar_9_21_118_173_1110": 102, "qradar_add_reference_set_item_result": 103, "qradar_advisor_app_id": 101, "qradar_advisor_descript": 101, "qradar_advisor_full_search": 101, "qradar_advisor_map_rul": 101, "qradar_advisor_observ": 101, "qradar_advisor_observable_for_artifact": 101, "qradar_advisor_offense_analysi": 101, "qradar_advisor_quick_search": 101, "qradar_advisor_relev": 101, "qradar_advisor_result_stag": [101, 184], "qradar_advisor_search_valu": 101, "qradar_advisor_token": 101, "qradar_advisor_tox": 101, "qradar_advisor_typ": 101, "qradar_analysis_restart_if_exist": [101, 184], "qradar_destin": [102, 103], "qradar_ev": [102, 103], "qradar_find_reference_set_item_result": 103, "qradar_find_reference_sets_result": 103, "qradar_host": 101, "qradar_id": [101, 102, 103, 184], "qradar_instance_label": [102, 103], "qradar_label": [102, 103], "qradar_label1": 102, "qradar_not": [102, 103], "qradar_ob": 101, "qradar_offense_ev": 103, "qradar_offense_id": [101, 102, 184], "qradar_queri": [102, 103], "qradar_query_all_result": 103, "qradar_query_range_end": 103, "qradar_query_range_start": 103, "qradar_query_typ": 102, "qradar_ref_table_inner_kei": 103, "qradar_ref_table_outer_kei": 103, "qradar_ref_table_upd": 103, "qradar_reference_set": 103, "qradar_reference_set_item_valu": 103, "qradar_reference_set_nam": 103, "qradar_reference_t": 103, "qradar_reference_table_add_item_result": 103, "qradar_reference_table_delete_item_result": 103, "qradar_reference_table_get_all_tables_result": 103, "qradar_reference_table_get_table_data_result": 103, "qradar_reference_table_item_inner_kei": 103, "qradar_reference_table_item_outer_kei": 103, "qradar_reference_table_item_valu": 103, "qradar_reference_table_nam": 103, "qradar_reference_table_queried_row": 103, "qradar_reference_table_update_result": 103, "qradar_rul": 101, "qradar_rule_nam": [101, 184], "qradar_rules_and_mitre_tactics_and_techniqu": 102, "qradar_search": 103, "qradar_search_param1": [102, 103], "qradar_search_param2": [102, 103], "qradar_search_param3": [102, 103], "qradar_search_param4": [102, 103], "qradar_search_param5": [102, 103], "qradar_search_param6": 102, "qradar_search_paramx": 102, "qradar_search_result": 103, "qradar_serv": 103, "qradar_sever": 159, "qradar_siem_not": 103, "qradar_ucm_token": 101, "qradar_update_json": 103, "qradar_update_offense_result": 103, "qradarpassword": [102, 103], "qradarsoar": 87, "qradartoken": [102, 103], "qraw": [101, 184], "qraw_mitr": 184, "qraw_offense_insight": [101, 184], "qraw_rule_map": 184, "qrhost": 102, "qroc": 102, "qtyie7": 84, "quai": 1, "quali": 105, "qualifi": 87, "quarantin": [23, 99, 144], "quarantine_command_st": 116, "quarantine_commandid": 116, "quarantine_statu": 116, "quarantinecod": 116, "quarantinedesc": 116, "quarantinestatu": 116, "quebec": 117, "queri": [8, 12, 14, 15, 18, 22, 23, 24, 26, 32, 33, 34, 36, 40, 42, 48, 61, 62, 74, 78, 81, 82, 83, 87, 88, 91, 95, 97, 98, 99, 102, 104, 105, 106, 107, 110, 111, 113, 114, 115, 116, 118, 121, 126, 127, 128, 129, 132, 135, 144, 147, 152, 153, 154, 155, 156, 158, 160, 163, 164, 168, 172, 173, 174, 175, 180, 183, 185, 186, 190], "query_build": 135, "query_collections_result": 151, "query_csv": 161, "query_execution_d": [14, 15, 19, 42, 116, 153], "query_execution_tim": [15, 23, 26, 116], "query_filt": 153, "query_id": 19, "query_issue_result": 150, "query_limit": 114, "query_nam": 17, "query_param": 115, "query_result": [38, 61], "query_str": [17, 38, 144], "query_ticket_grouping_typ": 114, "query_tim": [32, 103], "query_titl": 58, "queryrunn": 162, "querytyp": 91, "queryvalu": 91, "question": [9, 86, 102, 112, 146, 181], "queu": 181, "queue": [29, 160, 161, 164, 176, 177, 178, 179, 180, 181, 182, 190], "quic": 185, "quick": [24, 101, 110, 142, 186], "quick_scan": 116, "quicker": 190, "quickheal": 121, "quickli": [81, 96, 116, 135], "quickstart": 65, "quiet": 43, "quilliam": 17, "quit": [72, 190], "quot": [15, 35, 40, 41, 46, 56, 59, 66, 84, 103, 105, 109, 112, 124, 126, 144], "quotat": [48, 66, 79, 110], "quttera": [142, 186], "qwest": 14, "qxxg": 84, "qydruesx4zu": 97, "qzldebxef7t089kvafhsjaqfvybv": 97, "r": [12, 15, 17, 18, 23, 24, 36, 40, 41, 42, 45, 78, 79, 84, 90, 97, 107, 108, 112, 115, 116, 129, 135, 144, 153, 160, 185, 186, 189], "r2rpsi1n0m3c53904ck0qkva18": 89, "r3": 97, "r3silient1": 73, "r5oqsqs81s9as5ks9flx770ig4": 89, "r7": 106, "r7_alert_id": 106, "r7_alert_sourc": 106, "r7_alert_typ": 106, "r7_case": 106, "r7_create_tim": 106, "r7_created_tim": 106, "r7_detection_rrn": 106, "r7_detection_rul": 106, "r7_evid": 106, "r7_query_d": 106, "r_descript": 21, "r_from": 21, "r_subject": 21, "r_to": 21, "radar": 55, "radiu": 101, "rain": 148, "rais": [15, 23, 42, 80, 110, 116, 142, 153], "ram": 37, "ran": [17, 19, 37, 46, 58, 61, 73, 84, 144, 147, 190], "random": [69, 73], "randori": 154, "randori_base_url": 105, "randori_comment_text": 105, "randori_data_table_nam": 105, "randori_detections_dt": 105, "randori_discovery_path_dt": 105, "randori_dt_date_ad": 105, "randori_dt_discovery_step": 105, "randori_dt_first_seen": 105, "randori_dt_hostnam": 105, "randori_dt_ip": 105, "randori_dt_last_seen": 105, "randori_dt_link": 105, "randori_dt_path": 105, "randori_dt_port": 105, "randori_not": 105, "randori_target_affiliation_st": 105, "randori_target_author": 105, "randori_target_characteristic_tag": 105, "randori_target_id": 105, "randori_target_impact_scor": 105, "randori_target_link": 105, "randori_target_nam": 105, "randori_target_perspective_nam": 105, "randori_target_statu": 105, "randori_target_tech_categori": 105, "randori_target_tempt": 105, "randori_target_user_tag": 105, "randori_target_vendor": 105, "randori_target_vers": 105, "rang": [24, 33, 58, 73, 97, 103, 111, 116, 126, 128, 148, 181, 189], "rangerstatu": 115, "rangervers": 115, "rank": [115, 142, 185], "ransom": 34, "ransomewar": 91, "ransomwar": [34, 42, 91, 98, 107, 137], "ransomware_act": 42, "rapid7": 154, "rapid7_attach": 106, "rapid7_insight_idr_alert_rrn": 106, "rapid7_insight_idr_alerts_dt": 106, "rapid7_insight_idr_assigne": 106, "rapid7_insight_idr_assignee_email": 106, "rapid7_insight_idr_attach": 106, "rapid7_insight_idr_comment_text": 106, "rapid7_insight_idr_disposit": 106, "rapid7_insight_idr_incident_id": 106, "rapid7_insight_idr_investig": 106, "rapid7_insight_idr_link": 106, "rapid7_insight_idr_prior": 106, "rapid7_insight_idr_respons": 106, "rapid7_insight_idr_rrn": 106, "rapid7_insight_idr_rrn_opt": 106, "rapid7_insight_idr_sourc": 106, "rapid7_insight_idr_statu": 106, "rapid7_insight_idr_threat_command_close_reason": 106, "rapid7_insight_idr_threat_command_free_text": 106, "rapid7_insight_idr_update_case_result": 106, "rapidjson": 77, "rare": [42, 182], "rare_database_table_access": 42, "rare_or_new_behavior": 55, "rare_ssh_port": 42, "rareprofiledapisaccountprofil": 14, "rareprofiledapisuseridentityprofil": 14, "rareprofiledasnsaccountprofil": 14, "rareprofiledasnsuseridentityprofil": 14, "rareprofileduseragentsaccountprofil": 14, "rareprofileduseragentsuseridentityprofil": 14, "rareprofiledusernamesaccountprofil": 14, "rareprofiledusertypesaccountprofil": 14, "rate": [102, 112, 153, 157, 160, 166], "rated": 157, "rather": [10, 17, 37, 79, 103, 113, 118, 137], "ratingdt": 157, "ratingdtscutoff": 157, "ratio": 186, "raw": [7, 9, 10, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 30, 34, 35, 37, 40, 41, 42, 45, 46, 48, 50, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 79, 80, 83, 84, 85, 86, 87, 88, 90, 91, 95, 96, 97, 101, 102, 103, 105, 106, 107, 108, 110, 112, 113, 115, 116, 118, 121, 123, 125, 126, 128, 129, 131, 134, 135, 136, 144, 146, 148, 150, 151, 152, 157, 165, 183, 184], "raw_data": 95, "raw_json_str": 68, "raw_referr": 148, "raw_respons": 165, "raw_url": 45, "rawcontentst": 151, "rawerror": 18, "rbac": 48, "rbacgroupid": 77, "rbacgroupnam": 77, "rc": [10, 12, 17, 24, 45, 78, 90, 115, 129, 144, 156, 161, 167, 169, 170, 172, 173, 174, 176, 178, 179, 180, 182], "rc4": 42, "rc_data_fe": [176, 178, 179, 180, 182], "rc_data_feed_plugin_elasticfe": 178, "rc_data_feed_plugin_resilientfe": 181, "rce": 42, "rcf": [142, 186], "rd": 37, "rdap": 154, "rdap_depth": 148, "rdap_queri": 148, "rdn": 185, "rdoejswkbswhn8jc3ymm600fvj": 97, "rdp": [42, 116], "rdp_brute_forc": 42, "rdp_unusual_loc": 42, "rdqfwy3s5": 97, "re": [3, 5, 9, 11, 12, 15, 17, 24, 28, 35, 42, 45, 51, 54, 60, 67, 68, 69, 70, 71, 74, 75, 78, 83, 84, 89, 90, 94, 95, 96, 99, 100, 108, 113, 114, 115, 116, 117, 118, 120, 122, 126, 127, 129, 130, 135, 138, 139, 141, 142, 143, 144, 149, 153, 159, 178, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "reach": [98, 106, 110], "reachedeventslimit": 115, "reaction": 131, "reactivationcount": 48, "read": [4, 7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 121, 122, 123, 124, 125, 126, 127, 128, 129, 134, 135, 137, 138, 139, 142, 144, 145, 146, 149, 150, 151, 152, 153, 155, 165, 177, 180, 181, 184, 186, 187, 189, 190], "read_attach": [59, 126], "read_data": 4, "read_funct": 4, "read_messag": 131, "readabl": [12, 23, 24, 78, 110, 129, 135], "readablelastscantim": 116, "readablelastupdatetim": 116, "readablelastvirustim": 116, "readaclfil": 129, "readaclshar": 129, "readal": 77, "readbas": 131, "readi": [4, 90, 143, 166, 183, 184, 185, 186], "readili": 182, "readincidentsactioninvoc": [15, 100], "readm": [90, 116, 166, 179], "readmessageitem": 41, "readthedoc": [63, 65, 133, 158], "readwrit": [41, 77, 131], "readwriteal": 77, "readwritenonownerrol": 131, "real": [34, 80, 95, 135, 176, 177, 178, 179, 180, 181, 182], "realtek": 42, "realtim": [54, 117], "reaqta": [107, 123], "reaqta_alert_id": 107, "reaqta_alert_link": 107, "reaqta_artifact_typ": 107, "reaqta_create_note_result": 107, "reaqta_create_policy_result": 107, "reaqta_deisolate_machine_result": 107, "reaqta_endpoint_id": 107, "reaqta_endpoint_link": 107, "reaqta_get_alert_information_result": 107, "reaqta_get_endpoint_status_result": 107, "reaqta_get_processes_result": 107, "reaqta_group": 107, "reaqta_h": 107, "reaqta_has_incid": 107, "reaqta_id": 107, "reaqta_impact": 107, "reaqta_incident_id": 107, "reaqta_is_malici": 107, "reaqta_isolate_machine_result": 107, "reaqta_kill_process_result": 107, "reaqta_machine_info": 107, "reaqta_not": 107, "reaqta_policy_block": 107, "reaqta_policy_block_when_trigg": 107, "reaqta_policy_descript": 107, "reaqta_policy_en": 107, "reaqta_policy_excluded_group": 107, "reaqta_policy_included_group": 107, "reaqta_policy_titl": 107, "reaqta_process_list": 107, "reaqta_process_pid": 107, "reaqta_program_path": 107, "reaqta_sha256": 107, "reaqta_starttim": 107, "reaqta_suspend": 107, "reaqta_tag": 107, "reaqta_trigger_condit": 107, "reaqta_trigger_ev": 107, "reaqta_url": 107, "reason": [7, 9, 10, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 27, 30, 32, 34, 35, 37, 40, 41, 42, 45, 46, 48, 50, 54, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 83, 84, 85, 86, 87, 88, 90, 91, 95, 96, 97, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 121, 123, 125, 126, 128, 129, 131, 134, 135, 136, 144, 146, 148, 150, 151, 152, 157, 177, 181, 183, 184, 186, 189], "reason_cod": 144, "reason_id": 135, "reattempt": 110, "rebind": 42, "rebootinst": 14, "rebootnodeifneed": 18, "rebootreason": 116, "rebootrequest": 18, "rebootrequir": [115, 116], "rebuild": [29, 30, 146], "rebuilt": [3, 110], "recal": 113, "reccommend": 124, "receipi": 188, "receiv": [13, 34, 40, 41, 42, 52, 71, 87, 90, 101, 110, 116, 135, 165, 181, 189], "received_ev": 45, "received_events_url": 45, "receivedat": [106, 107], "receiveddatetim": 41, "receiveheadersend": 185, "receivesadmininfoemail": 112, "receivesinfoemail": 112, "recenc": 40, "recent": [1, 7, 14, 29, 38, 42, 56, 131, 150, 178], "recipi": [0, 12, 17, 21, 40, 41, 56, 66, 77, 80, 87, 90, 112, 116, 128, 135, 183, 188, 189], "recogn": [79, 87, 98, 189], "recognit": 85, "recommend": [4, 8, 24, 33, 41, 48, 52, 63, 69, 70, 73, 78, 80, 84, 85, 87, 112, 116, 117, 120, 134, 135, 146, 151, 177, 180], "recommended_time_window": 89, "recommendedact": [77, 78], "recon": [42, 105], "reconciliation_statu": 107, "reconfigur": 48, "reconnaiss": 42, "record": [12, 20, 31, 38, 54, 55, 56, 82, 89, 91, 97, 105, 116, 117, 120, 126, 136, 140, 160, 180, 182, 183, 189], "record_st": 118, "recordings_read": 146, "recordsfilt": [59, 97, 126], "recordstot": [59, 97, 126], "recov": 119, "recover": 40, "recreat": [113, 180, 181, 188], "recur": [18, 71, 165], "recur_frequ": 18, "recur_interv": 18, "recur_week_dai": 18, "recurr": [18, 41], "recurs": [10, 37, 71], "red": [4, 10, 24, 42, 55, 66, 95, 101, 115, 119, 142, 143], "redact": [46, 186], "redesign": 19, "redhat": [1, 53, 84, 87, 116, 190], "redi": 42, "redirect": [12, 77, 84, 87, 110, 116, 131, 146, 155, 185], "redirect_uri": [87, 155], "redirecthasextrainfo": 185, "redirectincidentid": 77, "redis_error": 42, "redis_issu": 42, "reduc": [37, 97, 101, 116, 150, 182, 189], "redund": [71, 165], "ref": [33, 45, 81, 184], "ref_html": [81, 105, 135, 184], "ref_html_attende": 30, "ref_html_host": 30, "ref_html_room": 146, "ref_link_text": 33, "refactor": 180, "refect": 107, "refer": [1, 3, 7, 8, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 29, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 64, 65, 66, 68, 69, 70, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 105, 106, 107, 108, 110, 112, 113, 115, 116, 119, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 143, 144, 145, 146, 150, 151, 152, 153, 155, 162, 166, 167, 176, 178, 179, 180, 181, 182, 184, 185, 188, 189], "referenc": [15, 35, 77, 87, 96, 97, 110, 112, 123, 124, 178], "reference_count": 101, "reference_item": 103, "reference_set": 103, "reference_t": 103, "referencedfrom": [78, 79], "referr": [66, 148], "referrerpolici": 185, "refetch": [17, 144], "refin": 15, "reflect": [20, 29, 38, 48, 50, 97, 118, 135, 150, 178, 189], "refresh": [10, 15, 18, 23, 34, 42, 48, 55, 65, 68, 77, 87, 105, 107, 110, 112, 116, 131, 142, 146, 150, 153, 155, 166, 190], "refresh_all_app": 3, "refresh_d": 68, "refresh_token": [18, 87, 131, 146, 155], "refreshfrequencymin": 18, "refreshmod": 18, "regard": [9, 11, 13, 15, 28, 35, 40, 51, 60, 67, 94, 99, 100, 110, 114, 122, 127, 130, 132, 136, 139, 141, 148, 159], "regdomain": 185, "regdomainstat": 185, "regener": 140, "regex": [15, 17, 34, 77, 90, 108, 116, 149, 189], "regex_str": [15, 153], "region": [14, 15, 16, 17, 18, 20, 36, 61, 77, 95, 101, 102, 103, 129, 150, 184, 185], "region_nam": 12, "region_pref": 17, "regional_internet_registri": 186, "regist": [10, 23, 77, 115, 144, 155, 168, 169, 170, 171, 172, 173, 174, 186, 190], "registered_tim": 144, "registeredat": 115, "registr": [23, 79, 82, 101, 131, 148, 166, 171, 186], "registrar": [142, 147, 185, 186], "registrar_nam": 101, "registration_info": 18, "registration_kei": 18, "registrationkei": 18, "registrationmetaconfig": 18, "registrationmetaconfig2": 18, "registrationtim": 107, "registrationurl": 18, "registri": [1, 4, 10, 19, 20, 29, 37, 42, 77, 84, 101, 107, 128, 148, 171, 186], "registry_intel": 128, "registry_value_nam": 128, "registryh": 77, "registrykei": 77, "registrykeyst": 78, "registryvalu": 77, "registryvaluenam": 77, "registryvaluetyp": 77, "regkei": 171, "regress": 69, "regul": [59, 126], "regular": [14, 15, 23, 34, 42, 116, 140, 149, 153, 161, 189], "regularli": 78, "regulator_risk": [59, 126], "reinstal": 9, "reipient": 116, "reject": [14, 116, 150, 188], "rel": [4, 26, 34, 35, 37, 48, 56, 102, 116, 119, 120, 134, 146, 177, 183], "rel_id": 105, "relai": 42, "relat": [26, 33, 34, 38, 40, 58, 59, 66, 71, 76, 84, 86, 101, 107, 116, 117, 118, 120, 126, 131, 146, 147, 150, 181, 184, 189], "related_incident_count": [59, 107, 108, 126], "related_investig": [101, 184], "related_parent_incid": 108, "relatedanalyticruleid": 79, "relatedbreach": 34, "relatedev": 80, "relatedfileinfo": 77, "relatedus": 77, "relations_assign_par": 108, "relations_auto_close_child_incid": 108, "relations_child_incident_id": 108, "relations_datat": 108, "relations_datatables_to_exclud": 108, "relations_datatables_to_sync": 108, "relations_exclude_datat": 108, "relations_incident_id": 108, "relations_incident_nam": 108, "relations_incident_statu": 108, "relations_level": 108, "relations_note_id": 108, "relations_parent_id": 108, "relations_parent_incid": 108, "relations_parent_incident_id": 108, "relations_remove_child_rel": 108, "relations_remove_not": 108, "relations_row_data": 108, "relations_send_task_to_children": 108, "relations_sync_artifact_to_parentchild": 108, "relations_sync_datatable_data_to_parentchild": 108, "relations_sync_notes_to_parentchild": 108, "relations_sync_task_notes_to_parentchild": 108, "relations_update_child_table_data": 108, "relationship": [42, 80, 95, 118, 154, 181], "releas": [29, 44, 53, 56, 118, 119, 120, 140, 154, 166, 178, 179, 186, 188, 189, 190], "release_20221202_152441": 45, "release_20221202_153917": 45, "release_20221202_171442": 45, "releases_url": 45, "relev": [19, 34, 37, 48, 63, 85, 89, 101, 102, 103, 106, 107, 112, 116, 120, 129, 131, 134, 144, 150, 151, 184, 189], "relevantanalyst": 123, "relevanttag": 123, "reli": [10, 32, 48, 57, 75, 85, 90, 97, 116, 118, 179, 188], "reliabl": [110, 189], "relic": 89, "reload": [3, 176, 178, 179, 180, 181, 182], "reload_query_api_method": [178, 179, 181, 182], "reload_typ": [178, 179, 181, 182], "remain": [4, 10, 14, 24, 34, 35, 41, 42, 52, 65, 66, 73, 77, 80, 84, 87, 88, 89, 90, 96, 98, 102, 103, 105, 106, 107, 112, 113, 117, 124, 128, 131, 142, 144, 150, 151, 180, 181, 189], "remaind": [10, 124], "remark": 148, "remedi": [42, 48, 55, 77, 79, 86, 97, 102, 105, 108, 116, 123, 144, 150, 151, 154, 181, 188], "remediate_artifact_valu": 116, "remediation_commandid": 116, "remediation_d": 19, "remediation_statu": 116, "remediationstatu": 77, "remediationstep": 79, "remedy_additional_data": 109, "remedy_first_nam": 109, "remedy_host": 109, "remedy_id": 109, "remedy_impact": 109, "remedy_incident_nam": 109, "remedy_last_nam": 109, "remedy_linked_incidents_reference_t": 109, "remedy_not": 109, "remedy_password": 109, "remedy_payload": 109, "remedy_port": 109, "remedy_reported_sourc": 109, "remedy_service_typ": 109, "remedy_statu": 109, "remedy_support_group": 109, "remedy_templ": 109, "remedy_urg": 109, "remedy_us": 109, "rememb": 113, "reminderminutesbeforestart": 41, "remnux": 37, "remot": [14, 23, 37, 38, 42, 55, 75, 77, 83, 105, 116, 133, 135, 141, 144], "remote_access_tool": 135, "remote_auth_transport": [84, 141], "remote_command": 84, "remote_command1": 84, "remote_command2": 84, "remote_command_linux": 84, "remote_command_powershel": 84, "remote_comput": 84, "remote_computer1": 84, "remote_computer2": 84, "remote_computer_window": 84, "remote_destination_count": 103, "remote_ip": [14, 23], "remote_port": [14, 23], "remote_powershell_extens": [84, 141], "remote_reg_setvalu": 42, "remote_script": 84, "remote_shell_command": 84, "remotedestinationcount": 102, "remoteipaddress": 185, "remoteipdetail": 14, "remoteport": 185, "remoteprofilingst": 115, "remoteprofilingstateexpir": 115, "remotestaff": [56, 183], "remov": [9, 10, 11, 16, 23, 25, 28, 29, 35, 37, 41, 42, 44, 46, 48, 51, 59, 63, 69, 74, 77, 79, 80, 81, 87, 88, 90, 94, 95, 96, 97, 99, 100, 102, 103, 105, 109, 110, 111, 112, 114, 116, 117, 118, 122, 124, 126, 127, 130, 131, 135, 139, 140, 141, 143, 144, 155, 159, 161, 180, 181, 182, 189, 190], "remove_groups_result": 66, "remove_perm": 73, "remove_result": 24, "remove_us": 73, "removefromreferencedata": 102, "removefromreferenceset": 102, "renam": [19, 34, 107, 116, 117, 180, 190], "render": [57, 79, 87, 116, 118, 125], "render_rich_text": [117, 118, 120], "renderedfield": 63, "reneweddatetim": 131, "reoccur": 113, "rep": [42, 76], "repeat": [29, 71, 97, 107, 135, 181], "repeatedli": [110, 166, 187, 188, 189], "replac": [4, 10, 12, 14, 17, 24, 26, 35, 41, 42, 45, 48, 52, 58, 63, 65, 66, 73, 75, 77, 78, 79, 80, 84, 87, 88, 89, 90, 96, 98, 102, 103, 105, 106, 107, 109, 112, 113, 115, 117, 124, 128, 129, 131, 142, 144, 150, 151, 156, 158, 161, 182, 186, 189, 190], "replai": 87, "repli": [87, 108, 116, 131, 171, 188, 189], "replic": [1, 4, 105], "replica": [176, 177, 178, 179, 180, 181, 182], "replyto": 41, "replytoid": 131, "repmgr": 144, "repo": [37, 45, 186, 190], "repo_quai": 1, "report": [2, 7, 12, 20, 50, 58, 59, 63, 64, 67, 68, 72, 77, 79, 90, 91, 95, 97, 101, 102, 106, 107, 109, 113, 116, 123, 126, 129, 135, 140, 142, 143, 148, 151, 154, 171, 177, 182, 185, 186], "report_categori": 153, "report_d": [77, 79, 97, 107, 123], "report_fetch_s": 54, "report_id": 18, "report_period": 54, "report_st": 54, "report_typ": 153, "report_url": [91, 140, 185], "reported_on": 113, "reported_tim": 102, "reportedat": 7, "reportercountrycod": 7, "reportercountrynam": 7, "reporterid": 7, "reportformatvers": 18, "reportid": 18, "reportingsystem": 78, "reportinguserinfo": [116, 189], "reportmanag": 18, "reportserverweb": 18, "reportstoid": 112, "reporturl": 185, "repos_url": 45, "repositori": [4, 6, 29, 73, 162, 176, 177, 178, 179, 180, 181, 182], "repres": [4, 33, 42, 59, 63, 66, 67, 71, 80, 86, 87, 88, 102, 103, 110, 124, 126, 128, 135, 150, 165, 177, 181, 182], "represent": [4, 32, 45, 66, 90, 101, 137, 145, 178, 189], "republ": 135, "reput": [7, 8, 12, 13, 36, 50, 75, 82, 101, 142, 143, 186], "reputation_lookup_sever": 143, "reputationcategori": 36, "reputationscor": 36, "req": 87, "reqir": 15, "reqta": 123, "request": [2, 14, 20, 22, 23, 29, 32, 40, 41, 42, 45, 52, 54, 55, 58, 63, 66, 68, 71, 87, 88, 96, 97, 102, 109, 112, 114, 116, 118, 128, 131, 140, 144, 146, 150, 153, 155, 165, 166, 171, 177, 185, 188], "request_max_retri": 97, "request_resourcenotfound": 41, "request_retry_backof": 97, "request_retry_delai": 97, "request_snapshot": 23, "requestcreatedfromdwp": 20, "requestedpermiss": 36, "requestid": 185, "requestor": 77, "requestorcom": 77, "requests_first_el": 185, "requestsourc": 77, "requesttim": 185, "requesttypepractic": 63, "requir": [0, 1, 5, 8, 22, 26, 32, 33, 36, 37, 44, 47, 49, 53, 55, 56, 61, 82, 90, 118, 119, 120, 126, 134, 136, 137, 140, 147, 154, 158, 161, 163, 164, 166, 167, 169, 176, 177, 178, 182, 183, 184, 185, 186, 187, 190], "required1": 40, "required2": 40, "required_attende": 40, "required_status_check": 45, "rerun": 9, "res_artifact_typ": 19, "res_artifact_valu": 19, "res_bigfix_action_id": 19, "res_bigfix_computer_id": 19, "res_bigfix_computer_nam": 19, "res_bigfix_query_result": 19, "res_circuits_vers": 4, "res_db": 180, "res_hibp": 183, "res_id": 118, "res_link": [37, 118], "res_object": 37, "res_qraw_mitr": 184, "res_query_execution_d": 19, "res_reference_link": 119, "res_reference_typ": 119, "res_remediation_d": 19, "res_remediation_statu": 19, "res_test": 113, "res_urlscanio": 185, "res_wf": 119, "res_wf_addcom": 119, "res_wf_addworknot": 119, "res_wf_createincid": 119, "res_wf_createtask": 119, "res_wf_updatest": 119, "resadmin": 190, "rescircuit": [4, 10, 29, 34, 42, 46, 48, 52, 63, 75, 76, 79, 89, 90, 105, 106, 112, 115, 124, 144, 150, 180], "rescont": 73, "resdemo123": 190, "research": [37, 56, 105, 114, 148, 151, 183], "resel": 116, "reserv": [12, 17, 24, 45, 55, 78, 90, 103, 115, 129, 135, 142, 144], "reserve_list": 180, "reset": [3, 15, 73, 117], "reshelp": 119, "reshydradev": 41, "resid": [29, 52, 65, 108, 180], "resil": [160, 190], "resilent_datatable_column_names_list": 190, "resili": [0, 2, 3, 6, 7, 8, 10, 14, 17, 18, 19, 20, 21, 23, 24, 25, 29, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 44, 45, 47, 48, 49, 50, 56, 58, 59, 65, 68, 69, 70, 71, 72, 74, 75, 78, 81, 84, 85, 87, 88, 89, 90, 91, 95, 96, 97, 101, 102, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 117, 118, 119, 120, 121, 123, 124, 125, 126, 132, 133, 135, 136, 138, 140, 142, 143, 144, 146, 149, 150, 152, 153, 154, 155, 157, 158, 160, 162, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182, 187, 188], "resilient_": 178, "resilient_artifact_typ": 79, "resilient_artifact_valu": 79, "resilient_circuit": [8, 9, 10, 11, 12, 14, 15, 16, 19, 21, 22, 23, 26, 27, 28, 29, 30, 31, 33, 35, 38, 40, 41, 43, 46, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 86, 87, 88, 89, 92, 93, 94, 95, 98, 99, 100, 101, 102, 103, 113, 114, 116, 122, 124, 127, 128, 129, 131, 132, 136, 138, 139, 141, 143, 145, 148, 149, 151, 158, 159, 169, 172, 174, 190], "resilient_circuits_url": [167, 169, 172, 173, 174, 175], "resilient_cli": 89, "resilient_datetimeformat": [65, 77], "resilient_email": 161, "resilient_fe": [178, 179, 181, 182], "resilient_host": 161, "resilient_incid": [69, 178], "resilient_inv": 29, "resilient_lib": [10, 12, 15, 38, 41, 54, 77, 81, 87, 105, 106, 112, 113, 116, 128, 144], "resilient_login_us": 69, "resilient_org": 161, "resilient_password": 161, "resilient_profil": 79, "resilient_reference_id": 119, "resilient_substitut": [65, 77], "resilient_to_misp_map": 80, "resilientcommun": [9, 16, 21, 27, 46, 51, 52, 54, 57, 59, 60, 62, 83, 92, 93, 94, 97, 100, 114, 122, 127, 130, 138, 139, 145, 149], "resilientcompon": 190, "resilienthighlight": 126, "resilientinv": 29, "resilientsystem": [11, 56, 67, 84, 87, 99, 190], "resilinet_login_password": 69, "resiz": 116, "resolut": [20, 22, 42, 63, 73, 89, 97, 105, 106, 107, 118, 119, 129, 135, 144], "resolution_id": [34, 42, 48, 59, 63, 65, 77, 79, 89, 105, 106, 107, 112, 123, 126, 129, 135, 144, 150], "resolution_map": 150, "resolution_summari": [20, 34, 42, 48, 59, 63, 65, 77, 79, 89, 105, 106, 107, 112, 123, 126, 129, 144, 150], "resolutiond": 63, "resolutionnot": 119, "resolutionreason": 150, "resolutionrecommend": 150, "resolv": [10, 20, 34, 42, 48, 55, 59, 63, 65, 70, 77, 78, 79, 89, 102, 103, 105, 106, 107, 112, 114, 118, 119, 123, 126, 129, 144, 150, 180], "resolve_reason": 89, "resolve_threat_result": 115, "resolved_at": 89, "resolved_benign_known_good": 144, "resolvedat": 150, "resolveddetail": 157, "resolvedtim": 77, "resolveen": 157, "resorten": 73, "resourc": [15, 18, 19, 26, 41, 42, 48, 70, 77, 78, 79, 106, 110, 112, 131, 140, 148, 150, 151, 155, 166, 183, 184, 185, 186], "resource_display_nam": 48, "resource_group": 18, "resource_group_account": 18, "resource_group_credenti": 18, "resource_group_nam": 18, "resource_group_runbook": 18, "resource_group_schedul": 18, "resource_group_statist": 18, "resource_groupnam": 79, "resource_id": 14, "resource_nam": [26, 48], "resource_own": 48, "resource_par": 48, "resource_parent_display_nam": 48, "resource_path": 48, "resource_project": 48, "resource_project_display_nam": 48, "resource_properti": 48, "resource_rol": 14, "resource_typ": [14, 48], "resourcebehavioropt": 131, "resourcedisplaynam": 48, "resourcegroup": [18, 77, 78, 79], "resourcegroup_start": 18, "resourcegroupexternalid": 150, "resourcegroupnam": 18, "resourceid": [18, 48, 77, 79], "resourceidentifi": 79, "resourcemanag": 48, "resourcemodulemanag": 18, "resourcenam": 79, "resourcepath": 48, "resourceprovisioningopt": 131, "resourcerepositoryweb": 18, "resourcerol": 14, "resourcestat": 185, "resourcetyp": [14, 48, 78, 79], "resp": [50, 121, 152], "resp_data": [7, 23, 183], "resp_dict": 183, "resp_tim": 19, "respect": [63, 84, 97, 98, 117, 118, 181], "respond": [14, 19, 20, 42, 73, 79, 81, 107, 114, 116, 163, 188], "responder_request": 89, "respons": [20, 23, 27, 31, 32, 34, 37, 40, 41, 42, 46, 52, 58, 71, 75, 76, 77, 88, 93, 95, 99, 101, 102, 106, 108, 110, 111, 112, 115, 116, 117, 118, 119, 128, 141, 144, 150, 153, 165, 171, 185, 188, 189], "response_comput": 23, "response_count": 71, "response_desc": 68, "response_group": 23, "response_head": 12, "response_mod": [87, 155], "response_msg": 116, "response_payload": 16, "response_plai": 89, "response_task": 120, "response_typ": [87, 155], "responsecod": 116, "responsemessag": 116, "responserequest": 41, "responsestatu": 41, "responsetim": 185, "resseveritymap": 119, "rest": [17, 20, 42, 54, 55, 63, 79, 82, 89, 98, 101, 104, 105, 106, 109, 112, 115, 118, 120, 126, 129, 131, 135, 142, 145, 146, 148, 153, 154, 155, 156, 160, 177], "rest_api_allowed_status_cod": [110, 166], "rest_api_bodi": [110, 166], "rest_api_cooki": [110, 166], "rest_api_head": [110, 165, 166], "rest_api_method": [110, 165, 166], "rest_api_query_paramet": [110, 166], "rest_api_timeout": [110, 165, 166], "rest_api_url": [110, 165, 166], "rest_api_verifi": [110, 165, 166], "rest_bodi": 110, "rest_cooki": 110, "rest_head": [110, 141], "rest_method": 110, "rest_retry_backoff": 165, "rest_retry_delai": 165, "rest_retry_tri": 165, "rest_service_port": 54, "rest_url": 110, "restapi": 128, "restart": [4, 9, 11, 28, 34, 42, 44, 48, 51, 54, 60, 67, 94, 99, 100, 101, 107, 113, 114, 122, 127, 130, 139, 141, 143, 148, 159, 180, 181, 184, 190], "restart_agent_result": 115, "restest": 21, "restrict": [10, 20, 26, 34, 48, 77, 86, 87, 96, 106, 107, 181, 186], "restrictcodeexecut": 77, "restrictedcont": 36, "restrictexecut": 77, "resturl": [167, 168, 169, 170, 171, 172, 173, 174, 175], "result": [4, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 20, 21, 23, 24, 25, 26, 27, 30, 31, 33, 34, 35, 36, 37, 38, 39, 40, 42, 45, 46, 47, 48, 49, 50, 52, 53, 54, 56, 57, 58, 59, 61, 62, 63, 64, 65, 68, 71, 72, 73, 75, 77, 78, 79, 80, 81, 83, 84, 85, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 118, 121, 122, 123, 124, 125, 129, 131, 132, 134, 135, 136, 137, 138, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 158, 160, 162, 163, 165, 166, 174, 180, 183, 184, 185, 186], "result_cod": 144, "result_cont": 185, "result_data": [8, 185], "result_data_requests_list": 185, "result_desc": 144, "result_id": 95, "result_info": 126, "result_nam": 97, "result_not": [12, 17, 24, 45, 78, 90, 115, 128, 129, 144], "result_properti": [12, 17, 24, 45, 78, 90, 115, 144], "result_row": 128, "result_set": 58, "result_url": 185, "resultinxml": 116, "resultpayload": [21, 81, 184], "results_cont": [63, 128], "results_d": 76, "results_input": 128, "results_limit": [26, 116], "resultz": 77, "resutil": [120, 167, 168, 169, 170, 171, 172, 173, 174, 175, 190], "resync": 181, "resz": [97, 166], "retain": [1, 9, 10, 11, 15, 28, 40, 51, 60, 65, 67, 94, 97, 99, 100, 110, 113, 114, 122, 124, 127, 130, 135, 139, 141, 148, 156, 159, 180, 181, 188], "retent": [188, 189], "retrain": 69, "retreiv": 48, "retri": [14, 23, 41, 73, 97, 102, 106, 142, 153, 165, 181], "retriev": [1, 15, 17, 18, 19, 20, 21, 23, 33, 35, 40, 42, 45, 50, 55, 58, 65, 71, 74, 79, 81, 93, 101, 102, 103, 111, 124, 126, 131, 135, 140, 148, 150, 153, 165, 184, 189], "retriv": 136, "retry2": [42, 96, 107, 110, 123], "retry_backoff": 110, "retry_cal": [110, 165], "retry_delai": 110, "retry_tri": 110, "retur": 101, "return": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 29, 30, 31, 32, 33, 34, 35, 37, 38, 41, 42, 43, 44, 45, 47, 48, 52, 55, 56, 58, 59, 63, 64, 66, 67, 68, 71, 72, 73, 75, 76, 77, 78, 80, 81, 83, 84, 85, 87, 88, 89, 90, 92, 93, 94, 95, 97, 98, 101, 102, 103, 104, 105, 106, 107, 109, 110, 111, 113, 114, 115, 116, 118, 121, 122, 123, 128, 129, 132, 135, 136, 137, 138, 140, 141, 142, 143, 144, 145, 147, 148, 149, 150, 151, 153, 157, 158, 163, 165, 166, 174, 180, 181, 184, 185, 186, 190], "return_search": 101, "returned_record": 38, "reu": 135, "reunifi": 80, "reus": [79, 102, 110, 188], "reusabl": 110, "revealx": 42, "revers": [37, 42, 90, 97, 132], "reverse_dn": 116, "reverse_ssh_connect": 42, "review": [9, 11, 15, 28, 29, 33, 36, 38, 51, 58, 60, 63, 67, 72, 73, 78, 79, 94, 97, 99, 100, 101, 102, 105, 113, 114, 118, 119, 122, 127, 129, 130, 137, 139, 141, 142, 148, 159, 160, 166, 181, 182, 189], "revil": 42, "revis": [116, 165, 166], "revok": 42, "rf3gczg0bn": 97, "rf9fqapytl": 97, "rf_actionplanguid": 160, "rf_example_get_host_risk": 160, "rf_example_get_user_risk": 160, "rf_example_mitigate_persistent_insider_threat": 160, "rfb_brute_forc": 42, "rfc": [90, 128, 142], "rfc822": 39, "rfind": [105, 135], "rg": 58, "rgb": 87, "rhel": [8, 10, 22, 26, 33, 37, 55, 136, 158, 175, 180, 190], "rhive": 107, "rhiveam": 107, "rhsm": 190, "rica": 135, "rich": [36, 61, 117, 118, 120, 147], "rich_text": 52, "rich_text_format": 8, "rich_text_not": [12, 17, 24, 45, 78, 90, 115, 129, 144], "rich_text_pipl_valu": 95, "rich_text_tmp": [8, 33], "rich_text_tmp_2": 33, "richard": [20, 73], "richmedia": 90, "richtext": [20, 37, 46, 109, 119, 124, 181], "rico": 135, "right": [12, 17, 24, 34, 37, 42, 45, 48, 55, 66, 73, 78, 87, 90, 112, 115, 119, 120, 129, 131, 135, 144, 186, 190], "rigid": 52, "rijk": 20, "ripe": 101, "ripple20": 42, "ripple20_dns_rc": 42, "ripple20_icmp_scan": 42, "ripple20_icmp_treck": 42, "ripple20_ip_in_ip": 42, "ripple20_ip_in_ip_ipaddr": 42, "riseslcwmfhyfj4": 185, "risk": [42, 77, 84, 101, 105, 135, 155], "risk_fabric_integration_funct": 160, "risk_scor": [12, 23, 42, 77, 135], "risk_score_min": 42, "risk_spotter_result": 55, "riskfabr": 160, "riskiq": [91, 154], "riskprofil": 150, "riskscor": [77, 78], "risky_us": [101, 184], "rj": 185, "rjx": 97, "rmi": 42, "rname": 142, "ro": 145, "road": [148, 186], "roam": 152, "roast": 42, "robust": [177, 181], "rocki": 38, "role": [14, 42, 48, 79, 110, 115, 118, 119, 126, 131, 148, 153, 181], "rollup": 59, "romania": 135, "romanian": 145, "ron": 95, "room": 40, "roomid": 146, "roomnam": 146, "root": [1, 3, 14, 15, 29, 37, 40, 77, 83, 84, 106, 110, 115, 123], "root_component_id_list": 20, "root_incident_id_list": 20, "rootca": 153, "rotat": 85, "rou": 135, "round": 85, "rout": [20, 40, 82, 109, 165, 185, 189], "routing_typ": 40, "row": [14, 15, 17, 18, 19, 20, 23, 24, 25, 32, 34, 36, 37, 41, 42, 48, 58, 66, 68, 73, 76, 77, 79, 81, 86, 87, 95, 97, 98, 101, 102, 105, 106, 107, 108, 109, 113, 115, 116, 118, 119, 123, 128, 135, 136, 150, 161, 184, 190], "row_count": [36, 77], "row_creat": 136, "row_id": [35, 108, 113, 118], "row_to_add": 18, "row_to_delet": 35, "row_typ": 36, "rows_ad": 35, "rows_id": 35, "rows_to_delet": 35, "rows_with_error": 35, "rpc": 52, "rpc_log_deletion_srv": 42, "rpc_remote_shutdown": 42, "rpilist": 12, "rpm": [84, 115, 190], "rqlnpggz88z4uk2k": 97, "rqt": 107, "rqt_api": 107, "rqtnetsentri": 107, "rqtsentri": 107, "rr": 26, "rr_count": 26, "rrn": 106, "rroemhild": 190, "rsa": [63, 142, 144, 154, 186], "rsa2048": 0, "rsch": 148, "rte": [20, 63, 105, 106, 107, 108, 123, 150], "rtmdjmapb8egnmnd3iul604xvd2x0o": 97, "ru": [101, 135, 145, 151], "ru3": 116, "ru4": 116, "ru5": 116, "ru50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c": 151, "ru6": 116, "rule": [10, 13, 14, 24, 25, 28, 29, 35, 39, 40, 41, 42, 43, 44, 60, 63, 64, 65, 66, 69, 70, 72, 73, 77, 79, 80, 82, 84, 88, 89, 90, 97, 98, 103, 104, 106, 112, 115, 117, 118, 119, 122, 124, 128, 130, 131, 133, 140, 141, 142, 146, 151, 154, 157, 160, 162, 163, 164, 177, 178, 181, 182, 183, 185, 186, 188, 189], "rule3": 113, "rule_activity_field1": 113, "rule_activity_field2": 113, "rule_additional_text": 124, "rule_calendar_date_tim": 21, "rule_calendar_descript": 21, "rule_calendar_extra_email_addr": 21, "rule_group": 102, "rule_id": [102, 113], "rule_identifi": 102, "rule_nam": [102, 106], "rule_rrn": 106, "rule_slack_channel": 124, "rule_slack_is_channel_priv": 124, "rule_slack_participant_email": 124, "rule_slack_text": 124, "rule_typ": [102, 113], "ruleact": 102, "rulealtermetr": 102, "ruleandscript": 189, "rulecompliancest": 68, "rulegener": 123, "rulenam": 103, "rulename_creeventlist": 103, "rulerespons": 102, "ruleresponseev": 102, "rulest": 116, "ruletest": 102, "rulex1": 113, "run": [1, 3, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 50, 51, 52, 54, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 114, 115, 116, 117, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 158, 159, 160, 161, 162, 163, 164, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 187, 189], "run_enforcement_set_result": 17, "run_now": 72, "run_stat": 144, "run_task": 73, "run_tim": [78, 93], "runantivirusscan": 77, "runbook_delet": 18, "runbook_nam": 18, "runbook_query_d": 18, "runbook_result": 18, "runbook_st": 18, "runbook_tag": 18, "runbook_typ": 18, "runbooktyp": 18, "runner": [10, 156, 161], "runner_dir": 10, "runon": 18, "runtim": [10, 134], "runtimeconfigur": 18, "russia": [101, 135], "russian": 145, "rvision": 151, "rwa": 135, "rwanda": 135, "rwx": 190, "ryang": 37, "ryhhuzyjnyws6j33mcgatfirdxszvql648nrwsybskwuvxlgmepx661whveokw5701mynniz34l8ruvwk3m": 97, "ryz5ifau7fykmqslohtgqr1iv12rzg5": 97, "r\u00e9union": 135, "s10e18": 95, "s1ac1pi6l5l": 23, "s2gzul5ql77re4t": 97, "s3": [42, 102], "s3bucket": 14, "s3bucket_nam": 14, "s3bucket_own": 14, "s3yeu": 116, "s3yjrnabv4bbucobuh3fbgvtl0qzncvn6glfcbrlmkzbf1kwqhieqm4bgasb1htxac1o57dusljzg2rmkg0zcxrmokzbeqq": 97, "s3yjznabv4bbucogui3fbexxl4iz1jkz": 97, "s4j": 97, "s8hbxy": 97, "sa": [19, 79], "saa": [34, 45, 106], "saas_onli": 34, "saba": 135, "safari": [93, 185], "safe": [77, 79, 87, 97, 107, 150, 154, 166], "safe_but_noisy_import": 29, "safebrows": [50, 142, 168, 186], "safer": 90, "safeti": [79, 141], "safetoopen": [142, 186], "safrainternet": 94, "sahara": 135, "sai": 151, "said": 66, "sail": 110, "saint": 135, "sale": [98, 183], "salesforc": [106, 154], "salesforce_account": 112, "salesforce_account_id": 112, "salesforce_account_nam": 112, "salesforce_attach": 112, "salesforce_cas": 112, "salesforce_case_com": 112, "salesforce_case_data": 112, "salesforce_case_descript": 112, "salesforce_case_id": 112, "salesforce_case_internal_com": 112, "salesforce_case_link": 112, "salesforce_case_numb": 112, "salesforce_case_own": 112, "salesforce_case_payload": 112, "salesforce_case_result": 112, "salesforce_case_statu": 112, "salesforce_case_subject": 112, "salesforce_case_typ": 112, "salesforce_comment_text": 112, "salesforce_contact": 112, "salesforce_contact_email": 112, "salesforce_contact_fax": 112, "salesforce_contact_id": 112, "salesforce_contact_nam": 112, "salesforce_contact_phon": 112, "salesforce_origin": 112, "salesforce_owner_id": 112, "salesforce_statu": 112, "salesforce_supplied_compani": 112, "salesforce_supplied_email": 112, "salesforce_supplied_nam": 112, "salesforce_supplied_phon": 112, "salesforce_task": 112, "salesforce_task_data": 112, "salesforce_task_payload": 112, "salesforce_us": 112, "salesforce_user_id": 112, "salt": [42, 56, 183], "salut": 112, "salvador": 135, "samaccountnam": 66, "samaccounttyp": 66, "same": [1, 3, 4, 10, 12, 14, 17, 20, 24, 29, 35, 37, 41, 42, 52, 63, 65, 66, 70, 73, 76, 77, 78, 80, 87, 88, 89, 90, 98, 101, 102, 103, 107, 110, 113, 115, 117, 118, 120, 124, 126, 128, 131, 134, 135, 142, 144, 151, 155, 160, 163, 171, 177, 180, 181, 188, 189], "sameorigin": 12, "sami": 89, "saml": 110, "samoa": 135, "sampl": [24, 36, 37, 43, 45, 46, 54, 58, 59, 62, 64, 69, 70, 72, 80, 90, 92, 96, 97, 101, 103, 107, 112, 116, 118, 121, 126, 128, 131, 132, 142, 143, 146, 164, 180, 184, 186, 188], "sample_analysis_report": 143, "sample_attach": 118, "sample_branch": 45, "sample_fil": 45, "sample_filenam": 143, "sample_final_result": 143, "sample_last_reputation_sever": 143, "sample_online_report": 143, "sample_playbook": 97, "sample_profil": 84, "sample_report": 143, "sample_reputation_report": 143, "sample_scor": 143, "sample_sever": 143, "sample_vti_scor": 143, "sample_webif_url": 143, "samplenam": 32, "sampleus": 40, "samr_domain_admin_enum": 42, "samr_domain_computer_enum": 42, "samr_domain_group_enum": 42, "samr_domain_user_enum": 42, "samr_domain_workstation_enum": 42, "samr_local_admin_enum": 42, "samr_local_user_enum": 42, "san": [40, 117, 135, 144], "sandbox": 154, "sandbox_screenshot": 47, "sandwich": 135, "sanjosemarista": 23, "sanlist": 185, "sao": 135, "sap": 42, "sara": 146, "sasl": [65, 179], "sasl_mechan": 65, "sasl_plain_password": 65, "sasl_plain_usernam": 65, "sasl_plaintext": [65, 179], "sasl_ssl": 65, "satisfi": [58, 117, 155, 181], "sau": 135, "saudi": 135, "save": [9, 10, 11, 17, 25, 28, 29, 32, 33, 36, 37, 40, 41, 42, 44, 47, 51, 54, 55, 58, 61, 63, 68, 70, 71, 74, 84, 94, 95, 98, 99, 100, 112, 113, 114, 116, 120, 122, 123, 124, 125, 127, 129, 130, 131, 135, 139, 141, 143, 147, 155, 159, 161, 178, 182, 190], "save_convers": [135, 189], "save_message_id": 135, "saved_query_nam": 17, "sayhello": 52, "sb01": 97, "sb01_for_absolute_resilience_list_devices_by_local_ip": 97, "sc": [0, 48, 95, 131, 146, 155], "scalabl": 106, "scan": [7, 12, 17, 23, 24, 37, 42, 45, 71, 78, 90, 97, 105, 129, 140, 142, 144, 150, 165, 166, 174, 187], "scan_artifact_valu": 116, "scan_command_st": 116, "scan_commandid": 116, "scan_dat": 186, "scan_error": 142, "scan_id": 93, "scan_last_action_tim": 144, "scan_last_complete_tim": 144, "scan_properti": 166, "scan_result": 116, "scan_statu": [106, 144], "scan_tim": 185, "scan_typ": 116, "scanabortedat": 115, "scandetail": 36, "scanfinishedat": 115, "scanner": 185, "scannernam": 48, "scanstartedat": 115, "scanstatu": 115, "scantitan": [142, 186], "scape": 57, "sccd": 159, "sccm_adapt": 17, "scd": 23, "scenario": [77, 110, 131, 150, 160, 189], "scert_id": 15, "scg": 135, "schedul": [40, 42, 77, 108, 116, 146, 154], "schedule_delet": 18, "schedule_descript": 18, "schedule_en": 18, "schedule_expir": 18, "schedule_expiry_tim": 18, "schedule_frequ": 18, "schedule_interv": 18, "schedule_is_playbook": 113, "schedule_label": 113, "schedule_label_prefix": 113, "schedule_nam": 18, "schedule_query_d": 18, "schedule_query_row": 18, "schedule_recurr": 18, "schedule_rule_nam": 113, "schedule_rule_paramet": 113, "schedule_start_tim": 18, "schedule_time_zon": 18, "schedule_typ": 113, "schedule_type_valu": 113, "schedule_upd": 18, "scheduled_act": 89, "scheduled_task_enumer": 42, "scheduledtyp": 146, "scheduler_demo": 113, "scheduler_is_playbook": 113, "scheduler_label": 113, "scheduler_label_prefix": 113, "scheduler_rul": 113, "scheduler_rule_nam": 113, "scheduler_rule_paramet": 113, "scheduler_typ": 113, "scheduler_type_valu": 113, "schedules_read": 146, "schedules_writ": 146, "schema": [20, 38, 54, 58, 63, 66, 109, 115, 177, 180, 181], "schemavers": 14, "scheme": 12, "scherfl": [45, 131], "schiphol": 20, "school": 95, "scienc": 95, "scientificamerican": 165, "scipi": [69, 70], "scl": 90, "sco": [101, 184], "scope": [18, 31, 36, 37, 59, 77, 78, 87, 105, 107, 112, 123, 131, 146, 153, 155, 188], "score": [7, 13, 34, 36, 42, 77, 85, 95, 98, 126, 135, 143, 150, 153, 160, 185], "score_threshold": 98, "scoreperc": 123, "scr_aws_iam_add_access_key_as_artifact": 15, "scr_aws_iam_add_user_as_artifact": 15, "scr_extrahop_detection_property_help": 42, "scram": 65, "scrape": 37, "scratch": 85, "screeen": 114, "screen": [112, 120, 131], "screen_sav": 116, "screeni": 116, "screenshot": [11, 14, 18, 19, 20, 23, 24, 36, 40, 41, 42, 54, 63, 68, 73, 74, 76, 77, 79, 81, 85, 86, 95, 97, 98, 101, 102, 103, 106, 107, 108, 109, 114, 115, 116, 120, 123, 128, 137, 140, 150, 153, 166, 185], "screenshot_1": 166, "screenshot_uuid": 105, "screenshotid": 36, "screenshotthumbnail": 36, "screenshotthumbnailid": 36, "screenshoturl": 185, "screenx": 116, "scrip": 135, "script": [2, 7, 10, 14, 16, 18, 19, 20, 21, 26, 27, 30, 31, 35, 38, 40, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 71, 72, 73, 75, 76, 79, 80, 81, 83, 85, 86, 88, 89, 91, 92, 93, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 118, 121, 123, 124, 125, 128, 131, 134, 138, 142, 145, 146, 149, 150, 151, 152, 153, 157, 158, 163, 183, 184, 185, 186, 188], "script1": 96, "script2": 96, "script_input": 42, "scriptalon": 189, "scripttask": 97, "scripttask_2": 97, "scripttask_2_di": 97, "scroll": [9, 11, 28, 44, 51, 54, 74, 94, 99, 100, 114, 120, 122, 127, 130, 139, 141, 143, 159, 190], "scrollbar": 116, "scrub": 18, "sctp": 48, "scumwar": [142, 186], "scwx": 114, "sdist": [4, 25, 39, 56, 72, 104, 111, 133, 160, 175, 190], "sdk": [3, 6, 14, 29, 42, 81, 109, 118, 140, 146, 153, 166], "sdlp": 129, "sdlp_attachment_upload_typ": 129, "sdlp_close_dlp_cas": 129, "sdlp_get_not": 129, "sdlp_host": 129, "sdlp_incident_id": [126, 129], "sdlp_incident_severity_id": 129, "sdlp_incident_statu": [126, 129], "sdlp_incident_url": [126, 129], "sdlp_input": 129, "sdlp_note_text": 129, "sdlp_password": 129, "sdlp_policy_group_id": [126, 129], "sdlp_policy_group_nam": [126, 129], "sdlp_policy_id": [126, 129], "sdlp_policy_nam": [126, 129], "sdlp_resolve_incident_in_dlp": 129, "sdlp_saved_report_id": 129, "sdlp_send_soar_note_to_dlp": 129, "sdlp_update_incid": 129, "sdlp_update_severity_in_dlp": 129, "sdlp_upload_binari": 129, "sdlp_usernam": 129, "sdlp_write_incident_details_to_not": 129, "sdn": 135, "se": 36, "seamless": 135, "search": [7, 8, 9, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 30, 31, 34, 35, 37, 38, 40, 41, 45, 46, 48, 50, 52, 53, 54, 56, 57, 58, 62, 63, 64, 65, 71, 73, 74, 75, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 100, 104, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 119, 120, 121, 123, 124, 125, 129, 131, 132, 134, 135, 138, 142, 145, 146, 149, 150, 151, 152, 153, 154, 155, 156, 157, 161, 164, 165, 166, 174, 181, 182, 189], "search_column": 35, "search_detections_result": 42, "search_filt": 42, "search_packets_result": 42, "search_point": 95, "search_queri": 36, "search_ref_set": 103, "search_result": [66, 101, 190], "search_result_level": 59, "search_tabl": 55, "search_timeout": [102, 103], "search_typ": 190, "search_valu": [35, 101, 190], "search_value_typ": 101, "searchabl": [97, 144], "searchclient": 190, "searcher": 154, "searchexinputdto": 126, "sec": [42, 102, 103, 117, 183], "seclookup": [142, 186], "second": [12, 17, 18, 19, 22, 24, 32, 34, 35, 45, 48, 54, 63, 64, 66, 68, 72, 73, 74, 77, 78, 79, 84, 86, 87, 89, 90, 93, 97, 100, 101, 102, 103, 105, 106, 107, 110, 112, 113, 114, 115, 116, 118, 120, 123, 125, 129, 134, 136, 140, 141, 142, 143, 144, 150, 155, 166, 179, 181, 184, 188], "secondari": [18, 64], "secop": 120, "secret": [0, 14, 15, 16, 18, 31, 34, 41, 42, 63, 71, 77, 78, 79, 83, 87, 98, 107, 112, 120, 137, 144, 146, 150, 166], "secret_nam": 110, "secret_valu": 131, "sectigo": 144, "section": [0, 4, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 28, 29, 30, 31, 33, 34, 35, 38, 40, 41, 42, 43, 44, 45, 46, 48, 50, 51, 52, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 73, 74, 76, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 120, 121, 122, 123, 124, 126, 127, 128, 129, 130, 131, 133, 135, 139, 141, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 154, 155, 159, 160, 165, 170, 172, 173, 174, 176, 178, 179, 180, 181, 182, 188, 190], "section_nam": [178, 182], "sectors_recurs": 37, "sectorsperallocationunit": 53, "secur": [1, 4, 26, 37, 56, 60, 82, 99, 100, 111, 114, 117, 118, 119, 122, 127, 139, 141, 177, 179, 180, 181, 183, 185, 186, 188, 190], "secure_connect": 52, "secure_connection_typ": 52, "securebrain": [142, 186], "securepercentag": 185, "securerequest": 185, "securework": 154, "security_category_count": 103, "security_center_properti": 48, "security_check": 12, "security_level_pref": 17, "security_mark": 48, "security_protocol": 65, "security_tool_find": 150, "securityalert": 79, "securitycategori": 157, "securitycategoryid": 157, "securitycent": [48, 77, 78], "securitycenterproperti": 48, "securitycloud": 116, "securitydetail": 185, "securityen": 131, "securityeventcard": 123, "securityexcept": 29, "securityhealthservic": 107, "securityidentifi": 131, "securityinsight": 79, "securitymark": 48, "securitypersonnel": 77, "securityresourc": 78, "securityrisk": 116, "securityst": 185, "securitysubcategori": 150, "securitytest": 77, "securityvirtualappli": 116, "securolyt": [142, 186], "see": [0, 3, 4, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46, 47, 48, 50, 51, 52, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 72, 73, 74, 75, 76, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 159, 163, 164, 177, 179, 180, 181, 182, 183, 185, 186, 188, 189, 190], "seed_valu": 87, "seen": [14, 23, 32, 34, 42, 68, 77, 80, 91, 102, 105, 107, 183], "segasec": [142, 186], "select": [1, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 53, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 68, 69, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 113, 114, 115, 116, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 138, 139, 140, 142, 143, 144, 145, 146, 149, 150, 151, 152, 153, 155, 161, 165, 166, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "selectel": 101, "selectiveforwardingrespons": 102, "selectivewipestatu": 68, "selectresourceconfig": 14, "selenium": 125, "self": [12, 17, 20, 22, 23, 24, 45, 63, 64, 78, 84, 87, 89, 90, 102, 110, 115, 129, 135, 142, 144, 180, 186, 190], "selflink": [24, 48], "selftest": [7, 9, 11, 19, 28, 38, 40, 44, 51, 52, 55, 60, 67, 80, 83, 87, 88, 94, 99, 100, 102, 103, 111, 114, 116, 120, 122, 127, 130, 132, 139, 141, 143, 159, 179], "selftest_brok": 65, "selftest_timeout": 179, "selinux": 190, "semant": 177, "semicolon": [10, 86, 113, 181], "sen": 135, "send": [8, 9, 10, 20, 21, 22, 27, 32, 34, 36, 47, 52, 63, 64, 71, 75, 88, 97, 106, 107, 108, 109, 110, 111, 112, 117, 120, 124, 131, 135, 136, 141, 144, 155, 165, 178, 179, 181, 182, 190], "send_command": 83, "send_email": [87, 96, 97], "send_file_as_bodi": 110, "send_note_result": 115, "send_result": 83, "send_soar_link_to_sentinelon": 115, "sendend": 185, "sender": [12, 13, 17, 21, 40, 41, 56, 66, 77, 80, 87, 90, 95, 98, 102, 103, 112, 116, 128, 129, 135, 183, 189, 190], "sender_address": 171, "sender_email": 40, "sender_nam": [40, 171], "senderemail": 112, "sendernam": 112, "sendstart": 185, "seneg": 135, "sensata": 98, "sensibl": 85, "sensit": [20, 24, 41, 42, 131, 178, 179, 181, 182], "sensitive_data_transf": 42, "sensitive_t": 55, "sensor": [32, 84, 115, 144], "sensor12803": 115, "sensor_act": 144, "sensor_gateway_url": 144, "sensor_gateway_uuid": 144, "sensor_hostname_or_ip": 42, "sensor_kit_typ": 144, "sensor_out_of_d": 144, "sensor_pending_upd": 144, "sensor_st": 144, "sensor_upd": 32, "sensor_vers": 144, "sent": [10, 20, 32, 37, 40, 41, 42, 65, 75, 79, 87, 105, 106, 107, 109, 110, 112, 115, 116, 117, 118, 119, 129, 136, 144, 148, 150, 178, 179, 181, 182, 188, 189], "sentdatetim": 41, "sentinel": [77, 108, 154], "sentinel_incident_alert": 79, "sentinel_incident_assigned_to": 79, "sentinel_incident_classif": 79, "sentinel_incident_classification_com": 79, "sentinel_incident_classification_reason": 79, "sentinel_incident_com": 79, "sentinel_incident_ent": 79, "sentinel_incident_id": 79, "sentinel_incident_label": 79, "sentinel_incident_numb": 79, "sentinel_incident_statu": 79, "sentinel_incident_tact": 79, "sentinel_incident_url": 79, "sentinel_label": 79, "sentinel_profil": 79, "sentinel_user1": 79, "sentinel_user2": 79, "sentinelon": [123, 129, 154], "sentinelone_agent_id": 115, "sentinelone_agents_dt": 115, "sentinelone_classif": 115, "sentinelone_confidence_level": 115, "sentinelone_dt_agent_id": 115, "sentinelone_dt_agent_vers": 115, "sentinelone_dt_computernam": 115, "sentinelone_dt_cr": 115, "sentinelone_dt_domain": 115, "sentinelone_dt_external_ip": 115, "sentinelone_dt_is_act": 115, "sentinelone_dt_network_statu": 115, "sentinelone_dt_os_nam": 115, "sentinelone_dt_query_d": 115, "sentinelone_dt_regist": 115, "sentinelone_dt_sit": 115, "sentinelone_dt_threat_count": 115, "sentinelone_dt_upd": 115, "sentinelone_dt_uuid": 115, "sentinelone_hash": 115, "sentinelone_incident_statu": 115, "sentinelone_mitigation_statu": 115, "sentinelone_mitigation_status_descript": 115, "sentinelone_note_text": 115, "sentinelone_serv": 115, "sentinelone_threat_analyst_verdict": 115, "sentinelone_threat_id": 115, "sentinelone_threat_nam": 115, "sentinelone_threat_overview_url": 115, "sentinelone_threat_statu": 115, "sep": 97, "sep_artifact_type_scan_result": 116, "sep_auth_path": 116, "sep_base_path": 116, "sep_command_id": 116, "sep_commandid": 116, "sep_computer_id": 116, "sep_computernam": 116, "sep_descript": 116, "sep_domain": 116, "sep_domain_nam": 116, "sep_domainid": 116, "sep_endpoint_detail": 116, "sep_endpoint_status_summari": 116, "sep_endpoints_non_compliant_detail": 116, "sep_eoc_scan_result": 116, "sep_exceptions_id": 116, "sep_file_id": 116, "sep_file_path": 116, "sep_fingerprint_list": 116, "sep_fingerprintlist_id": 116, "sep_fingerprintlist_nam": 116, "sep_firewall_id": 116, "sep_fullpathnam": 116, "sep_group": 116, "sep_group_id": 116, "sep_groupid": 116, "sep_hardwarekei": 116, "sep_hash_valu": 116, "sep_host": 116, "sep_incident_id": 116, "sep_lastupd": 116, "sep_matching_endpoint_id": 116, "sep_md5": 116, "sep_mod": 116, "sep_o": 116, "sep_oldpathnam": 116, "sep_ord": 116, "sep_pageindex": 116, "sep_pages": 116, "sep_password": 116, "sep_port": 116, "sep_results_limit": 116, "sep_scan_act": 116, "sep_scan_d": 116, "sep_scan_timeout": 116, "sep_scan_typ": 116, "sep_sha1": 116, "sep_sha256": 116, "sep_sort": 116, "sep_sourc": 116, "sep_statu": 116, "sep_status_detail": 116, "sep_status_typ": 116, "sep_undo": 116, "sep_usernam": 116, "separ": [9, 10, 11, 12, 15, 17, 21, 24, 28, 34, 35, 37, 40, 41, 43, 45, 48, 51, 54, 58, 60, 65, 66, 67, 68, 69, 71, 73, 77, 78, 79, 80, 81, 83, 84, 86, 87, 90, 94, 96, 97, 98, 99, 100, 101, 102, 104, 105, 106, 107, 108, 112, 113, 114, 115, 122, 123, 124, 127, 129, 130, 131, 135, 139, 140, 141, 144, 146, 147, 148, 150, 159, 166, 176, 177, 178, 179, 180, 181, 182, 183, 184, 187, 188, 189], "seper": [15, 40, 42, 146], "sept": [44, 113], "septemb": [26, 40, 103], "sequenc": [34, 57, 188], "sequence_cod": [59, 126], "sequenceerrorcount": 73, "sequenceerrorcountlastupd": 73, "serbia": 135, "serbian": 145, "seri": [110, 146], "serial": [15, 84, 96, 142], "serial_numb": [23, 142, 186], "serialnumb": [15, 53, 116], "serialnumber1": 116, "seriesmasterid": 41, "serif": 40, "seriou": 12, "serv": [4, 52, 155, 188, 189], "server": [3, 8, 22, 29, 32, 33, 37, 43, 51, 55, 57, 67, 68, 69, 74, 75, 82, 94, 99, 100, 108, 117, 119, 130, 136, 138, 141, 149, 155, 158, 159, 160, 166, 167, 170, 171, 173, 176, 177, 183, 184, 185, 186, 189, 190], "server1": 84, "server2": 84, "server_detail": 12, "server_ip": 54, "server_port": [42, 54], "serverauth": [87, 142, 186], "serverip": 129, "servernam": 20, "serverstat": 185, "serverurl": 18, "servic": [8, 9, 11, 14, 16, 17, 19, 20, 28, 36, 40, 44, 46, 47, 48, 51, 52, 54, 55, 56, 58, 60, 67, 75, 76, 80, 82, 87, 94, 99, 100, 101, 104, 105, 106, 107, 110, 112, 114, 116, 118, 120, 122, 123, 127, 128, 129, 130, 131, 139, 140, 141, 143, 144, 145, 148, 150, 153, 154, 155, 159, 165, 166, 168, 169, 170, 171, 172, 174, 179, 183, 186, 190], "service_account_kei": 46, "service_id": 105, "service_intel": 128, "service_nam": [14, 54, 180], "service_now_adapt": 17, "service_refer": 89, "service_request": 114, "service_typ": [20, 109], "serviceaccount": 150, "serviceci": 20, "serviceci_reconid": 20, "servicemanagementtag": 18, "servicenam": [14, 15], "servicenow": 154, "servicenow_statu": 119, "servicenowallowedt": 117, "servicesourc": 77, "servicespecificcredentialid": 15, "servicetask": 97, "servicetask_1": 97, "servicetask_1_di": 97, "serviceticket": 150, "serviceusernam": 15, "servlet": 105, "sesm_computersnusers_policies_password_set": 116, "session": [20, 42, 107, 111, 131, 135, 144], "session_id": 135, "session_timeout": 116, "session_uid": 58, "sessionend": 107, "sessionstart": 107, "sessiontypeid": 146, "set": [0, 3, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29, 30, 31, 33, 34, 35, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 67, 68, 70, 71, 72, 74, 75, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 99, 100, 101, 104, 105, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 132, 133, 135, 138, 139, 141, 142, 143, 144, 145, 146, 149, 150, 151, 152, 153, 157, 158, 159, 160, 161, 162, 164, 165, 166, 167, 170, 172, 173, 174, 176, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190], "set_input": 116, "set_priority_result": 106, "set_seri": 87, "set_status_result": 106, "setcred": 102, "setdecod": 180, "sete": 69, "setencod": 180, "setprior": 34, "setrelev": 102, "setsever": 102, "settabl": 41, "settag": 34, "settings_hash": 32, "settyp": 34, "setup": [4, 22, 25, 26, 38, 39, 42, 51, 56, 63, 68, 72, 74, 75, 76, 87, 94, 104, 106, 111, 112, 119, 120, 130, 131, 133, 135, 136, 138, 148, 149, 155, 158, 159, 160, 163, 166, 168, 171, 180, 182], "setuptool": [155, 176, 178, 179, 180, 182], "setvalu": 118, "sever": [9, 10, 11, 14, 15, 16, 20, 23, 28, 36, 42, 48, 51, 58, 60, 64, 65, 67, 73, 77, 78, 79, 87, 89, 94, 97, 98, 99, 100, 102, 103, 107, 110, 114, 116, 118, 119, 122, 127, 128, 129, 130, 131, 139, 141, 143, 144, 146, 148, 150, 159, 160, 181], "sever_hostnam": 54, "severity_cod": [14, 34, 42, 48, 59, 63, 65, 69, 77, 79, 87, 89, 105, 106, 107, 112, 118, 119, 126, 129, 131, 135, 136, 144, 150, 181], "severity_id": 58, "severity_level": 9, "severity_map": [34, 48, 150], "severityid": 129, "severitymap": 119, "seychel": 135, "sf": 90, "sf_case": 112, "sf_case_com": 112, "sf_device_group": 88, "sf_locat": 88, "sf_vsy": 88, "sftzxqytcwyxxf6biwtixqbccep5trfonyz4iedwmdp4qb": 110, "sfv": 90, "sg": [135, 157], "sgp": 135, "sgp000000000011": 20, "sh": [84, 141, 190], "sh1": 76, "sh256": 107, "sha": [23, 32, 45, 56, 76, 77, 80, 101, 107, 112, 115, 116, 121, 126, 128, 142, 144, 183, 186], "sha1": [23, 36, 45, 76, 77, 80, 101, 102, 107, 115, 116, 121, 126, 142, 153, 171, 186], "sha1_hash": 102, "sha224": [126, 171], "sha256": [23, 36, 76, 77, 80, 90, 101, 102, 107, 115, 116, 121, 126, 142, 144, 150, 153, 171, 186], "sha256_hash": [102, 107, 144], "sha256rsa": [142, 186], "sha384": [126, 171], "sha3_224": 126, "sha3_256": 126, "sha3_384": 126, "sha3_512": 126, "sha512": [121, 126, 171], "shadow": 173, "shadow_server_ct": 173, "shadow_server_threat_fe": 173, "shadowattribut": 80, "shadowserv": [126, 154], "shadowserver_artifact_typ": 121, "shadowserver_artifact_valu": 121, "shadowserver_hash_queri": 121, "shadowserver_url": 121, "shahmukhi": 145, "shake_128": 126, "shake_256": 126, "share": [9, 11, 12, 15, 17, 24, 28, 29, 34, 40, 42, 45, 51, 60, 67, 78, 85, 88, 90, 94, 99, 100, 102, 103, 110, 114, 115, 116, 122, 127, 129, 130, 131, 133, 139, 141, 144, 148, 151, 159, 166, 180, 181, 182], "shared_incid": 36, "sharedendpoint": 34, "sharepoint": [42, 131], "sharepointacl": 129, "sharepointpermiss": 129, "sharing_group_id": 80, "shell": [15, 42, 63, 96, 102, 141, 156], "shell_command": [84, 141, 190], "shell_escap": [84, 141], "shell_param1": [84, 190], "shell_param2": 84, "shell_param3": 84, "shell_remot": 190, "shellcod": 43, "shellshock": 42, "shellshock_dhcp": 42, "shellshock_http": 42, "shield": 4, "shift": 20, "ship": [24, 71], "shippingaddress": 112, "shippingc": 112, "shippingcountri": 112, "shippinggeocodeaccuraci": 112, "shippinglatitud": 112, "shippinglongitud": 112, "shippingpostalcod": 112, "shippingst": 112, "shippingstreet": 112, "shirlei": 17, "shirleyc": 17, "shn": 135, "shodan": 154, "shodan_apikei": 122, "short": [20, 23, 42, 87, 113, 118], "short_cod": 42, "short_descript": [118, 119], "shorten": [71, 84], "shorter": 85, "shortnam": 37, "should": [0, 3, 4, 10, 12, 15, 17, 18, 24, 34, 35, 37, 40, 41, 42, 43, 45, 48, 52, 54, 55, 58, 65, 69, 73, 74, 76, 78, 79, 85, 87, 90, 95, 96, 97, 102, 104, 105, 106, 110, 113, 115, 116, 117, 118, 120, 124, 129, 134, 135, 136, 144, 146, 150, 156, 161, 165, 166, 171, 178, 179, 180, 181, 182, 185, 189, 190], "shoulddisplai": 63, "show": [9, 11, 14, 15, 23, 28, 29, 35, 37, 42, 48, 49, 51, 55, 60, 65, 67, 79, 80, 87, 88, 90, 93, 94, 99, 100, 101, 105, 106, 108, 113, 114, 115, 119, 122, 127, 130, 138, 139, 141, 148, 155, 157, 159, 177, 181, 184, 185, 188, 189, 190], "show_alert_statu": 42, "show_if": 97, "show_link_head": 97, "showa": 41, "showfield": 63, "shown": [24, 42, 55, 74, 101, 110, 112, 114, 116, 131, 144, 184, 189], "shreya": 97, "shuold": 45, "shut": [75, 181], "shutdown": [42, 181], "shutdown_agent_result": 115, "si": 145, "si12345b0r8ghu8ynwe7bm3hjydczkqwhzgd0r5v4yhag": 18, "sic": 112, "sicdesc": 112, "sid": [34, 110, 180], "side": [118, 119, 155, 190], "sideload": 107, "siem": [34, 105, 106, 107, 112, 144], "siem_al": 98, "siem_api": 98, "siem_event_typ": 98, "siem_issu": 98, "siempifi": 123, "siemplfi": 123, "siemplifi": 154, "siemplify_add_playbook": 123, "siemplify_addupdate_entity_to_blocklist": 123, "siemplify_addupdate_entity_to_customlist": 123, "siemplify_alert_id": 123, "siemplify_artifact_id": 123, "siemplify_artifact_typ": 123, "siemplify_artifact_valu": 123, "siemplify_assigne": 123, "siemplify_assigned_us": 123, "siemplify_attachment_id": 123, "siemplify_case_id": 123, "siemplify_case_link": 123, "siemplify_case_url": 123, "siemplify_categori": 123, "siemplify_close_cas": 123, "siemplify_com": 123, "siemplify_create_cas": 123, "siemplify_create_case_templ": 123, "siemplify_entity_id": 123, "siemplify_entity_list": 123, "siemplify_entity_typ": 123, "siemplify_entity_valu": 123, "siemplify_environ": 123, "siemplify_get_blocklist_ent": 123, "siemplify_get_customlist_ent": 123, "siemplify_host": 123, "siemplify_incident_id": 123, "siemplify_is_import": 123, "siemplify_limit": 123, "siemplify_limit_result": 123, "siemplify_list_categori": 123, "siemplify_list_entri": 123, "siemplify_m_sync_cas": 123, "siemplify_playbook_nam": 123, "siemplify_prior": 123, "siemplify_reason": 123, "siemplify_remove_list_entri": 123, "siemplify_root_caus": 123, "siemplify_run_playbook_automat": 123, "siemplify_search": 123, "siemplify_search_term": 123, "siemplify_soar_task_id": 123, "siemplify_stag": 123, "siemplify_sync_artifact": 123, "siemplify_sync_attach": 123, "siemplify_sync_cas": 123, "siemplify_sync_com": 123, "siemplify_sync_task": 123, "siemplify_tag": 123, "siemplify_task_assigne": 123, "sierra": 135, "siggen": 121, "sigmavirus24": 45, "sign": [22, 51, 56, 63, 64, 77, 84, 90, 102, 110, 131, 144, 155, 183], "sign_cert_id": 15, "sign_in_to_your_microsoft_account": 93, "signatur": [12, 27, 37, 45, 87, 107, 112, 121, 142, 186], "signature_algorithm": [90, 142, 186], "signedcertificatetimestamplist": 185, "signeddeleg": [142, 186], "signer": [77, 107, 144], "signerhash": 77, "signifi": 116, "signific": [80, 86, 88, 128, 134], "signing_encrypting_cert": 87, "signup": [51, 122], "sigr": 42, "silver": 42, "similar": [10, 12, 17, 24, 26, 29, 45, 48, 70, 71, 78, 84, 87, 90, 110, 115, 129, 135, 165, 180, 181, 184, 187, 188, 190], "similar_devic": 34, "similar_devices_list": 34, "similar_devices_output": 34, "similarcas": 123, "similari": 85, "similarli": [71, 112, 120, 189], "simpl": [1, 10, 26, 66, 97, 122, 126, 134, 136, 158, 190], "simple_custom_detect": 23, "simpleasynctaskexecutor": 58, "simplejson": [77, 79, 123], "simpli": [20, 81, 109, 110, 118, 140, 153, 182], "simplifi": [63, 85, 87, 102, 111, 141, 145, 189], "simul": [71, 181], "simultaneousinterpret": 146, "sinc": [29, 38, 42, 45, 57, 76, 84, 94, 95, 107, 117, 118, 120, 131, 155, 157, 177], "singapor": [14, 135], "singapore_risk_assess": 126, "singl": [18, 22, 27, 29, 34, 41, 42, 52, 105, 106, 110, 112, 113, 129, 131, 177, 180, 182, 183, 184, 185, 186, 189], "singleinst": 41, "sinhala": 145, "sinkhol": 71, "sint": 135, "sip": 42, "sip_brute_forc": 42, "sipaddress": 146, "siph0n": [56, 183], "sir": [117, 118, 119], "sir0010024": 118, "sir0010025": 118, "site": [20, 29, 42, 50, 91, 112, 115, 116, 125, 131, 155, 174, 183, 184, 190], "site_admin": 45, "site_categori": 12, "site_id": 115, "site_url": 110, "sitecategori": 36, "sitecheck": [142, 186], "siteid": 115, "sitenam": 115, "siteurl": 146, "situat": [79, 116, 177], "sivi": 121, "six": [29, 54, 55, 87, 155], "size": [34, 40, 45, 54, 55, 57, 59, 63, 68, 77, 87, 106, 107, 116, 126, 142, 153, 180, 185, 186], "sjf3xoyoomfo0wq8wiwfczlgienubqgrntso": 110, "sjm": 135, "sk": 145, "skeleton": 96, "skip": [20, 42, 73, 97, 102, 109, 110, 131, 165, 190], "sklearn": [69, 70], "sku": 18, "sl": [90, 145], "sla__c": 112, "slack": [126, 154], "slack2": 126, "slack_as_us": 124, "slack_channel": 124, "slack_channel_id": 124, "slack_conversations_db": 124, "slack_db_channel": 124, "slack_db_channel_typ": 124, "slack_db_permalink": 124, "slack_db_res_id": 124, "slack_db_tim": 124, "slack_is_channel_priv": 124, "slack_mrkdwn": 124, "slack_participant_email": 124, "slack_templ": 124, "slack_text": 124, "slack_usernam": 124, "slackclient": 124, "slaexpirationdate__c": 112, "slaexpirationtim": 123, "slaserialnumber__c": 112, "slash": [76, 107, 149], "slaviolation__c": 112, "slb": 135, "sld": 36, "sle": 135, "sleep": [41, 134, 141, 166], "slightli": [40, 86], "slovakia": 135, "slovakian": 145, "slovenia": 135, "slovenian": 145, "slow": 177, "slow_changing_modified_timestamp": 32, "slr9jmnlshxgtt5scvaphvtwyi": 110, "slug": 150, "slv": 135, "slz3dlxu1woqtj6vwn9x9wru3ykmf": 97, "sm": 154, "smail": 87, "small": [57, 63, 181], "smallbannerphotourl": 112, "smallphotourl": 112, "smallvil": 95, "smart_dhcp": 116, "smart_dn": 116, "smart_win": 116, "smartphon": [68, 112], "smb": [34, 42], "smb2": 34, "smb_autostart_path": 42, "smb_cifs_access_denied_error": 42, "smb_cifs_brute_forc": 42, "smb_cifs_error": 42, "smb_cifs_file_access_failur": 42, "smb_cifs_privileged_pip": 42, "smb_cifs_share_enumer": 42, "smb_cifs_valid_login_error": 42, "smb_named_pipe_beacon": 42, "smbmovesuccess": 34, "smbv1": 42, "smbv3": 42, "smbwritesummari": 34, "sme9584a564764db7c4d24f612d6928b18": 136, "smime": 87, "smime_us": 87, "smith": 66, "smr": 135, "smss": 107, "smtp": [21, 36, 40, 42, 71, 82, 87, 90, 131], "smtp_certif": 87, "smtp_conn_timeout": 87, "smtp_helo_ehlo_buffer_overflow": 42, "smtp_mailer": 87, "smtp_password": 87, "smtp_port": 87, "smtp_processing_spik": 42, "smtp_server": 87, "smtp_ssl_cafil": 87, "smtp_ssl_mode": 87, "smtp_syntax_error": 42, "smtp_user": 87, "smtpservic": 87, "sn": [66, 118, 119, 158], "sn_api_uri": [118, 120], "sn_assignment_group": 118, "sn_attachment_sys_id": 118, "sn_close_cod": 118, "sn_close_not": 118, "sn_close_work_not": 118, "sn_host": [118, 120], "sn_init_work_not": 118, "sn_initial_not": 118, "sn_note_text": 118, "sn_note_typ": 118, "sn_optional_field": 118, "sn_password": [118, 120], "sn_query_field": 118, "sn_query_valu": 118, "sn_record_link": 118, "sn_record_st": 118, "sn_records_dt": 118, "sn_records_dt_link": 118, "sn_records_dt_nam": 118, "sn_records_dt_res_id": 118, "sn_records_dt_res_statu": 118, "sn_records_dt_sn_parent_ref_id": 118, "sn_records_dt_sn_ref_id": 118, "sn_records_dt_snow_statu": 118, "sn_records_dt_snow_t": 118, "sn_records_dt_tim": 118, "sn_records_dt_typ": 118, "sn_ref_id": 118, "sn_res_id": 118, "sn_resilient_statu": 118, "sn_severity_map": 118, "sn_si": 120, "sn_si_incid": [117, 118, 120], "sn_si_task": [118, 120], "sn_snow_record_id": 118, "sn_snow_record_link": 118, "sn_snow_table_nam": 118, "sn_sys_id": 118, "sn_table_nam": 120, "sn_time_cr": 118, "sn_time_upd": 118, "sn_update_field": 118, "sn_urgenc": 118, "sn_usernam": [118, 120], "snaclicenseid": 116, "snapshot": [76, 154, 177], "snapshot_full_screen_captur": 125, "snapshot_fullpag": 125, "snapshot_incident_id": 125, "snapshot_result": 125, "snapshot_timeout": 125, "snapshot_url": 125, "snapshot_url_load_timeout": 125, "sni": 90, "snippet": [36, 96], "snlink": 119, "snmp": 116, "snort": [142, 163, 186], "snow": [117, 120], "snow_integr": 120, "so": [4, 7, 12, 17, 20, 23, 24, 34, 37, 48, 52, 66, 71, 73, 78, 80, 90, 96, 97, 101, 102, 105, 106, 109, 110, 112, 113, 114, 115, 117, 126, 129, 131, 133, 135, 140, 145, 148, 164, 166, 177, 180, 181, 186, 189, 190], "so_input": 115, "soa": [82, 142, 171], "soap": 129, "soar": [3, 16, 27, 30, 46, 52, 54, 57, 62, 76, 77, 83, 92, 93, 117, 119, 145, 155, 166, 178, 179, 180, 182], "soar2_list": 123, "soar3_list": 123, "soar_app": 2, "soar_case_url": 112, "soar_categori": 123, "soar_close_cas": [89, 123, 150], "soar_close_case_templ": [34, 42, 48, 63, 105, 106, 107, 112, 115, 123, 144, 150], "soar_create_cas": [89, 150], "soar_create_case_templ": [34, 42, 48, 63, 105, 106, 107, 112, 115, 144, 150], "soar_datetimeformat": [48, 79, 89, 105, 106, 112, 129, 135, 144, 150], "soar_inc_owner_id": 42, "soar_inc_plan_statu": 42, "soar_inc_resolution_id": 42, "soar_incident_id": 102, "soar_label": 79, "soar_list": 123, "soar_plugin_destination_name1": [102, 103], "soar_profil": 79, "soar_search_queri": 126, "soar_search_templ": 126, "soar_sever": 135, "soar_splitpart": 79, "soar_substitut": [34, 42, 48, 79, 89, 105, 106, 112, 129, 144, 150], "soar_table_nam": 102, "soar_task_id": 20, "soar_update_cas": [89, 150], "soar_update_case_cas": 123, "soar_update_case_templ": [34, 48, 63, 105, 106, 112, 115, 123, 144, 150], "soar_update_task_templ": 63, "soar_user1": [42, 77, 79, 89, 106, 144], "soar_user2": [42, 77, 79, 89, 106, 144], "soar_utils_artifact_file_typ": 126, "soar_utils_base64cont": 126, "soar_utils_close_field": 126, "soar_utils_content_typ": 126, "soar_utils_create_field": 126, "soar_utils_descript": 126, "soar_utils_extract_file_path": 126, "soar_utils_file_nam": 126, "soar_utils_file_path": 126, "soar_utils_filter_condit": 126, "soar_utils_search_field": 126, "soar_utils_sort_field": 126, "soar_utils_string_to_convert_to_attach": 126, "soar_utils_zip_password": 126, "soar_utils_zipfile_password": 126, "soarcommun": [7, 19, 24, 30, 31, 35, 38, 45, 50, 64, 65, 66, 71, 77, 80, 85, 86, 87, 88, 89, 91, 95, 96, 103, 108, 121, 123, 125, 126, 128, 131, 134, 141, 142, 146, 152, 155, 165, 166], "soarmailbox": 131, "soarmessag": 131, "soarsupport": 110, "soarteam": 131, "soartest": 41, "soarus": 146, "sobject": 112, "soc": [20, 24, 114, 159], "social": [95, 135, 185], "social_engin": 135, "sock": 42, "soft": [40, 81], "soft_row": 81, "softlay": 14, "softwar": [34, 37, 42, 63, 73, 77, 87, 105, 106, 116, 135, 150], "software_descript": 81, "software_id": 81, "software_nam": 81, "software_platform": 81, "software_techniqu": 81, "software_typ": 81, "softwareloopback": 77, "solarwind": 89, "sold": [56, 183], "sole": [95, 186], "solicit": 186, "solid": 57, "solomon": 135, "solr": 42, "solut": [10, 12, 34, 42, 63, 67, 76, 87, 89, 105, 106, 112, 144, 150, 181], "solv": 118, "som": 135, "somali": 145, "somalia": 135, "some": [4, 9, 32, 37, 40, 42, 45, 59, 63, 68, 69, 77, 79, 87, 89, 90, 96, 102, 112, 116, 118, 123, 125, 126, 134, 164, 177, 180, 181, 183, 185, 188, 189, 190], "some_ext": 87, "some_extens": 87, "some_proxi": 148, "someapikei": 80, "someon": 177, "somepass": 9, "someregex": 34, "someth": [18, 20, 59, 102, 123, 126], "somethingnew": 73, "sometim": [101, 120], "someus": 9, "somewhat": 177, "somewher": 52, "sonar": 116, "soon": [14, 42], "sophist": 106, "sopho": [121, 142, 186], "soql": 112, "sort": [12, 17, 24, 35, 40, 42, 45, 55, 59, 68, 73, 78, 90, 97, 106, 115, 116, 126, 129, 140, 144, 166, 187], "sort_bi": 115, "sort_kei": [12, 17, 24, 45, 78, 90, 115, 129, 142, 144], "sort_list": 97, "sort_object_stat": 97, "sort_ord": 115, "sort_wf_stat": 97, "sortdat": 36, "sorted_object": 97, "sospechoso": 157, "sourc": [2, 4, 9, 20, 23, 34, 35, 36, 37, 40, 42, 56, 59, 71, 78, 80, 85, 87, 96, 97, 98, 101, 103, 105, 106, 107, 108, 109, 112, 115, 116, 121, 123, 126, 128, 129, 133, 135, 144, 145, 150, 152, 159, 160, 170, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 190], "source_address_id": 103, "source_byt": 102, "source_count": [71, 103], "source_data": 106, "source_id": [48, 95], "source_ip": 102, "source_lang": 145, "source_nam": 71, "source_network": 103, "source_packet": 102, "source_port": 102, "source_program": 55, "source_properti": 48, "source_ref": 144, "source_typ": 182, "sourceaddress": 78, "sourcebyt": 102, "sourcecount": 102, "sourced": 36, "sourceid": 68, "sourceinfo": 18, "sourceip": 102, "sourceip_count": 102, "sourceloc": 78, "sourcemateri": 78, "sourcepacket": 102, "sourceport": [78, 102], "sourceref": 97, "sourcerul": 150, "sourcesystemnam": 123, "south": [135, 145], "southern": 135, "sp": 23, "spa": 85, "space": [15, 24, 73, 84, 104, 181, 190], "spain": 135, "spam": [7, 71, 87, 98, 102, 103, 157], "spam404": [12, 142, 186], "spamhau": [12, 154], "spamhaus_dqs_kei": 127, "spamhaus_wqs_url": 127, "spamhausdbl": 12, "spamscop": 90, "span": [12, 17, 24, 34, 40, 42, 45, 48, 78, 90, 101, 115, 129, 142, 144], "span_formatt": [34, 48], "spanid": 58, "spanish": [85, 145], "spec": 97, "spec_vers": [101, 184], "special": [12, 24, 71, 77, 80, 150, 181, 189], "specif": [7, 10, 11, 12, 14, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 31, 33, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 67, 68, 70, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 137, 142, 144, 145, 146, 149, 150, 151, 152, 153, 163, 165, 177, 180, 181, 182, 188, 189], "specifi": [4, 9, 10, 11, 12, 15, 17, 18, 21, 24, 25, 26, 29, 34, 35, 37, 38, 40, 41, 42, 43, 45, 48, 52, 53, 54, 57, 58, 59, 63, 65, 67, 69, 73, 75, 76, 77, 78, 79, 81, 83, 84, 85, 86, 87, 88, 89, 90, 96, 97, 102, 105, 106, 107, 110, 112, 113, 115, 116, 123, 126, 128, 129, 131, 134, 137, 145, 146, 149, 150, 153, 155, 159, 166, 171, 176, 177, 178, 179, 180, 181, 182, 187, 188, 189], "specific_data": 17, "specifiec": 54, "speed": 124, "spell": [20, 118], "spf": [82, 90], "spf1": 142, "spike": 42, "spike_in_email_traffic_volum": 42, "spike_in_ldap_request": 42, "spike_in_rdp_sess": 42, "spike_in_rfb_sess": 42, "spike_in_round_trip_tim": 42, "spike_in_ssh_sess": 42, "spike_in_telnet_connect": 42, "spin": 4, "split": [23, 24, 42, 69, 73, 77, 79, 84, 105, 116, 119, 126, 134, 135, 153], "split_at": [48, 105, 106, 112, 135, 144, 150], "split_email": 84, "splunk": [89, 154, 156, 162, 164, 177], "splunk_add_artifact": 128, "splunk_delete_an_intel_entri": 128, "splunk_hec_fe": 182, "splunk_instance_label": 128, "splunk_intel_result": 128, "splunk_label": 128, "splunk_label1": 128, "splunk_max_count": 128, "splunk_max_return": 128, "splunk_notable_event_id": 128, "splunk_queri": 128, "splunk_query_param1": 128, "splunk_query_param10": 128, "splunk_query_param2": 128, "splunk_query_param3": 128, "splunk_query_param4": 128, "splunk_query_param5": 128, "splunk_query_param6": 128, "splunk_query_param7": 128, "splunk_query_param8": 128, "splunk_query_param9": 128, "splunk_query_parame2": 128, "splunk_search_for_an_artifact": 128, "splunk_serv": [128, 164], "splunk_system": 164, "splunk_threat_intel_kei": 128, "splunk_threat_intel_typ": 128, "splunk_update_notable_ev": 128, "splunk_user_login": 164, "splunkfe": 182, "splunkhf1": 115, "splunkpassword": 128, "spm": 135, "spn": 42, "spoof": [7, 42, 84], "spoofed_self_signed_ssl_certif": 42, "spooler": 42, "spoolsv": 107, "spreadsheet": 40, "spring": 42, "spring4shel": 42, "spywar": 116, "sq": 145, "sql": [7, 42, 55, 79, 150, 177, 180, 181, 190], "sql_artifact_valu": [86, 190], "sql_autocommit": 86, "sql_column_1": [86, 190], "sql_column_2": [86, 190], "sql_column_3": [86, 190], "sql_column_4": [86, 190], "sql_column_5": [86, 190], "sql_column_6": 86, "sql_condition_value1": [86, 190], "sql_condition_value2": 86, "sql_condition_value3": 86, "sql_connection_str": [86, 190], "sql_database_typ": 86, "sql_dialect": 180, "sql_mode": 180, "sql_number_of_records_return": 86, "sql_queri": [86, 190], "sql_query_results_dt": [86, 190], "sql_query_timeout": 86, "sql_restricted_sql_stat": 86, "sql_timestamp": [86, 190], "sql_wchar": 180, "sqlalchemi": 113, "sqlexecdirectw": 86, "sqli": 42, "sqli_attack": 42, "sqlinjectionmitig": 150, "sqlite": [113, 177, 180], "sqlite3": 180, "sqlite_fold": 113, "sqlite_sync_fil": 181, "sqllib": 180, "sqlprepar": 181, "sqlpreparew": 181, "sqlserver": [177, 180], "sqlserver_fe": [178, 179, 180, 181, 182], "sqlserverdialect": 180, "sqol": 112, "squar": [86, 101, 144, 184], "squat": 151, "sr": 145, "sr0011439ccad4ec8uqwckolaqlqaa": 20, "srattach": 20, "srb": 135, "src": [80, 101, 105, 116, 171, 184], "src_folder": 40, "src_name": [59, 126], "src_user": 128, "sri": 135, "srid": 20, "srinstanceid": 20, "srm": 20, "srmsaoiguid": 20, "srv": 90, "srv_specific_cred_id": 15, "ss": [32, 77, 113, 129], "ssc_id": 15, "ssd": 135, "ssdeep": [153, 171], "ssdp": 116, "ssh": [7, 9, 11, 28, 42, 44, 48, 51, 54, 55, 60, 67, 74, 83, 84, 94, 99, 100, 114, 120, 122, 127, 130, 139, 141, 143, 148, 159, 165, 190], "ssh2": 106, "ssh_brute_forc": 42, "ssh_dispatch": 83, "ssh_kei": 10, "ssh_key_id": 15, "ssh_unusual_loc": 42, "ssh_unusual_location_c2": 42, "ssh_url": 45, "sshd": 106, "sshk_id": 15, "sshpublickeyid": 15, "ssl": [11, 12, 38, 42, 52, 54, 55, 63, 65, 66, 70, 110, 115, 128, 165, 166], "ssl_check_hostnam": 65, "ssl_result": 90, "ssl_scan": 42, "sslend": 185, "sslstart": 185, "ssmphh_11": 55, "ssrf": 42, "ssw0rd": 84, "ssword1": 110, "st": 142, "stack": [29, 42], "stage": [28, 42, 77, 123], "stage1": [101, 184], "stage2": [101, 184], "stage3": [101, 184], "stage3_insight": [101, 184], "stai": 98, "stall": 42, "stalled_data_transf": 42, "standalon": [55, 59, 71, 110, 126, 130], "standard": [12, 17, 20, 21, 24, 32, 41, 42, 48, 78, 82, 90, 102, 107, 110, 112, 115, 131, 144, 146, 165, 166, 180], "standards_list": 48, "star": 45, "stargaz": 45, "stargazers_count": 45, "stargazers_url": 45, "starred_url": 45, "start": [4, 10, 12, 14, 17, 18, 22, 23, 24, 25, 26, 28, 29, 30, 34, 35, 38, 39, 40, 41, 42, 44, 45, 48, 54, 55, 58, 63, 65, 66, 68, 71, 72, 73, 77, 78, 79, 82, 84, 86, 88, 90, 95, 96, 98, 101, 102, 103, 105, 106, 107, 112, 115, 116, 119, 123, 128, 129, 133, 134, 135, 137, 144, 146, 153, 155, 182, 184, 189], "start_address": 148, "start_dat": [23, 34, 42, 48, 59, 65, 77, 79, 89, 97, 105, 106, 112, 126, 129, 131, 134, 135, 144, 150], "start_filt": 78, "start_po": [81, 184], "start_t": 78, "start_tim": [40, 42, 89, 97, 101, 103, 107, 184], "startat": 63, "startdat": [16, 98], "startdatetim": 36, "startedbi": 18, "startev": 97, "startevent_aqhlb25": 97, "startevent_aqhlb25_di": 97, "startevent_xkqtum": 97, "startevent_xkqtume_di": 97, "startinst": 14, "startswith": [42, 87, 153], "starttim": [18, 102, 103, 107, 123], "starttimeoffsetminut": 18, "starttimeunixtimeinm": 123, "starttimeutc": 79, "starttl": 87, "startup": [14, 24, 98], "startup417": 93, "startup_interv": [98, 99], "startxref": 90, "stat": [18, 37, 45, 97, 142, 185], "state": [4, 12, 14, 16, 18, 20, 22, 36, 48, 59, 61, 63, 73, 78, 87, 95, 97, 99, 105, 107, 112, 116, 118, 119, 126, 135, 144, 146, 148, 155, 186], "state_chang": 48, "state_machine_async": 16, "state_machine_nam": 16, "state_machine_payload": 16, "stateid": 116, "statemachinearn": 16, "statement": [9, 10, 11, 15, 28, 51, 60, 67, 86, 94, 99, 100, 106, 112, 114, 122, 127, 130, 139, 141, 144, 148, 159, 180, 181, 190], "statetocolormap": 119, "static": [35, 88, 90, 115, 118], "staticincidentdetail": 129, "staticmethod": 135, "station": 20, "statist": [73, 95, 97, 142], "statistic_counter_properti": 18, "statistic_counter_valu": 18, "statistic_query_d": 18, "statu": [10, 12, 14, 16, 17, 18, 20, 23, 24, 27, 30, 32, 34, 35, 37, 38, 40, 41, 42, 45, 48, 50, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 77, 78, 79, 80, 82, 83, 87, 88, 89, 90, 93, 97, 98, 101, 102, 103, 104, 108, 109, 110, 113, 118, 119, 120, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 137, 142, 144, 146, 147, 151, 153, 165, 166, 181, 185, 186, 188, 190], "status": [45, 89, 106, 116, 137, 144, 150], "status_cod": [41, 101, 103, 110, 131, 146], "status_colour_map": 40, "status_id": 58, "status_incid": 20, "status_map": [106, 144], "status_messag": 19, "status_msg": 116, "status_not": 19, "status_reason": [20, 109], "status_reason2": 20, "status_result": 150, "status_set": 101, "status_str": 101, "status_text": 24, "status_thread_nam": 58, "status_typ": 116, "statuscategori": 63, "statuscategorychanged": 63, "statuschangedat": 150, "statuscod": 37, "statusdetail": 18, "statuses_url": 45, "statusmessag": 190, "statusretentiontimeindai": 18, "statustext": 185, "statvoo": 142, "staxx": 154, "staxx_auto_approv": 9, "staxx_confid": 9, "staxx_ind": 9, "staxx_indicator_typ": 9, "staxx_ip": 9, "staxx_max_result": 9, "staxx_password": 9, "staxx_port": 9, "staxx_sever": 9, "staxx_tlp": 9, "staxx_us": 9, "stayintouchnot": 112, "stayintouchsignatur": 112, "stayintouchsubject": 112, "stderr": [10, 84], "stderr_json": 84, "stderr_lin": 10, "stdin": 10, "stdin_add_newlin": 10, "stdout": [10, 84, 190], "stdout_json": 84, "stdout_lin": 10, "ste_soln0002844": 20, "steal": 98, "stealth_web": 116, "step": [2, 13, 15, 29, 42, 48, 55, 60, 63, 78, 79, 82, 85, 86, 87, 89, 97, 100, 102, 103, 104, 105, 114, 116, 122, 127, 131, 132, 139, 141, 146, 155, 175, 176, 178, 179, 180, 182], "step_label": 97, "steven": 90, "still": [3, 42, 84, 87, 88, 110, 112, 116, 120, 150], "sting": [15, 153], "stix": [81, 101, 184], "stix2": [81, 101, 184], "stock": 20, "stolen": [87, 102, 107, 112, 135, 152], "stolen_devic": 135, "stomp": [29, 110], "stomp_prefetch_limit": 134, "stop": [23, 28, 40, 55, 73, 113, 116, 150, 188, 190], "stop_tim": [101, 184], "stopandquarantin": 77, "stopandquarantinefil": 77, "stopdat": 16, "stopforumspam": [142, 186], "stopspam": 151, "storag": [112, 176, 180], "storage_stat": 37, "storagenam": 115, "storagetyp": 115, "store": [40, 42, 55, 63, 68, 80, 87, 110, 117, 118, 120, 123, 131, 146, 166, 180, 183], "storealertpublish": 79, "stori": 63, "storm": 165, "storylin": 115, "stp": 135, "str": [10, 12, 14, 15, 16, 17, 18, 20, 23, 24, 34, 35, 40, 42, 45, 54, 56, 63, 68, 71, 73, 76, 77, 78, 79, 87, 88, 89, 90, 95, 97, 101, 102, 103, 105, 107, 115, 116, 123, 124, 126, 129, 131, 135, 136, 143, 144, 146, 151, 165, 180, 184, 187, 190], "strategi": [107, 110, 123], "stream": [84, 90, 106, 126], "street": [20, 95, 112, 186], "strftime": [35, 40, 42, 95, 103, 113, 142, 150], "strict": [48, 185], "strict_trans_t": 180, "strike": 42, "string": [7, 8, 10, 12, 14, 15, 16, 17, 18, 20, 23, 24, 32, 33, 34, 35, 36, 37, 39, 41, 42, 43, 45, 46, 47, 48, 49, 50, 52, 53, 56, 57, 58, 59, 61, 63, 66, 68, 71, 75, 77, 78, 79, 81, 84, 85, 86, 88, 90, 91, 97, 98, 101, 102, 103, 105, 106, 108, 110, 112, 115, 116, 118, 121, 124, 128, 129, 131, 134, 135, 136, 137, 138, 141, 144, 147, 149, 150, 152, 153, 165, 166, 181, 184, 185, 186], "string_typ": 180, "string_valu": 68, "stringself": 58, "strip": [48, 87, 116, 131, 135], "strip_empty_end": 10, "striptag": [77, 79, 87], "strong": [12, 17, 24, 45, 59, 78, 79, 90, 115, 126, 129, 144], "stronger": 42, "strongli": [146, 180], "strptime": [105, 135], "structur": [38, 40, 52, 58, 71, 73, 76, 84, 88, 90, 101, 110, 126, 165, 166, 176, 181, 187], "structuredclon": 185, "strung": 48, "strut": 42, "stv100": 68, "style": [12, 17, 24, 27, 40, 42, 45, 53, 66, 78, 87, 90, 101, 115, 129, 142, 143, 144, 184, 188], "stylesheet": [57, 90], "su": [1, 176, 178, 179, 180, 182], "sub": [0, 12, 42, 54, 73, 83, 102, 135, 149, 153, 165, 166], "sub_dict": [12, 17, 24, 45, 78, 90, 115, 129, 144], "sub_k": 54, "sub_kei": 144, "sub_tag": 165, "sub_v": 54, "subcommand": 155, "subdirectori": 177, "subdomain": [37, 91, 132, 185], "subdomain_hit": 91, "subdomain_hits_numb": 91, "subfeature_nam": 58, "subfold": 40, "subject": [21, 40, 41, 73, 77, 80, 87, 90, 98, 112, 116, 128, 131, 135, 142, 171, 186, 189], "subject_alternative_nam": [142, 186], "subject_key_identifi": [142, 186], "subjectaltnam": 90, "subjectnam": 185, "submiss": [64, 95, 124, 139], "submit": [20, 38, 79, 80, 90, 98, 106, 119, 120, 139, 140, 143, 151, 157, 174, 179], "submit_api_kei": 139, "submit_url": 139, "submitt": [20, 185], "subnet": [34, 144], "subnet_id": 42, "subnetaddress": 73, "subnetmask": [73, 116], "subplaybook": [165, 166], "subprovid": 78, "subscrib": [45, 190], "subscribememberstocalendareventsdis": 131, "subscriber_request": 89, "subscribers_url": 45, "subscript": [10, 18, 45, 77, 78, 79, 95, 153, 190], "subscription_id": [18, 79], "subscription_url": 45, "subscriptionexternalid": 150, "subscriptionid": [77, 78, 79, 150], "subscriptionnam": 150, "subscriptions_url": 45, "subscriptiontag": 150, "subsect": [24, 71, 165], "subsequ": [48, 71, 125, 126, 135, 183], "subset": [41, 42], "substatedesc": 116, "substateid": 116, "substitut": [10, 11, 40, 79, 86, 110, 188], "subtask": 63, "subteam2": 131, "subtyp": [36, 73, 95, 98, 116], "subtype_of_threat": 98, "succe": 36, "succeed": [9, 16, 18, 73, 77, 79, 84, 88, 113, 125, 190], "success": [7, 9, 10, 11, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 28, 30, 32, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 47, 48, 49, 50, 51, 53, 54, 55, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 71, 73, 75, 76, 77, 78, 79, 80, 83, 84, 85, 86, 87, 88, 90, 91, 92, 94, 95, 96, 97, 98, 99, 100, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 120, 121, 122, 123, 125, 126, 127, 128, 129, 130, 131, 134, 135, 136, 137, 138, 139, 141, 142, 143, 144, 146, 147, 148, 150, 151, 152, 157, 159, 165, 183, 184, 186, 190], "success_count": 128, "success_statu": 115, "success_verdict": 115, "successful": 153, "successfulli": [3, 4, 14, 15, 19, 20, 23, 32, 34, 40, 42, 54, 59, 68, 73, 87, 103, 109, 110, 116, 120, 126, 128, 131, 143, 146, 150, 153, 183, 184, 185, 186, 190], "successs": 116, "succinct": 151, "sucuri": [142, 186], "sudan": 135, "sudden": 42, "sudden_decrease_in_application_bandwidth": 42, "sudden_decrease_in_device_bandwidth": 42, "sudden_decrease_in_network_bandwidth": 42, "sudo": [1, 10, 84, 85, 90, 120, 157, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182, 190], "sudo_shel": 84, "suffer": [56, 183], "suffic": [14, 15], "suffici": [84, 87], "suffix": 131, "suggest": [22, 96, 150, 157, 181], "suggested_filenam": [135, 189], "suit": [6, 37, 42, 119, 136, 181], "suitabl": [71, 110, 131, 135, 153, 165, 166, 187, 188, 189], "sullivan": 95, "sum": [33, 59, 126], "summ_head": 153, "summar": 87, "summari": [10, 12, 17, 24, 33, 34, 36, 42, 45, 63, 69, 78, 87, 89, 90, 97, 99, 101, 106, 108, 115, 120, 123, 129, 131, 144, 166], "summaris": 34, "summary_not": 42, "summary_str": 101, "summarytext": 36, "sunbelt": 121, "sunburst": 42, "super": [153, 190], "super_cat": 153, "supercategori": 153, "superceed": 52, "superman": 95, "supernova": 42, "supernova_web_shell_command": 42, "supersecret": 58, "supersed": [80, 156], "supplement": 80, "supplementari": 98, "suppli": [26, 33, 38, 42, 73, 79, 85, 86, 118, 136, 155, 189, 190], "suppliedcompani": 112, "suppliedemail": 112, "suppliednam": 112, "suppliedphon": 112, "support": [4, 13, 32, 33, 37, 43, 44, 55, 56, 69, 72, 117, 118, 120, 140, 143, 147, 154, 167, 170, 175, 176, 178, 179, 180, 182, 186, 187, 188, 189], "support_hour": 89, "support_hours_start": 89, "suppos": 110, "suppress": 73, "sur": 135, "sure": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 160, 165, 181, 189], "surfac": [105, 123], "surinam": 135, "surnam": 66, "surround": [59, 66, 84, 112, 126], "suse": 116, "suspect": [46, 79, 103, 116, 157, 189], "suspect_malwar": 144, "suspend": 107, "suspici": [34, 42, 77, 78, 79, 84, 90, 101, 103, 106, 107, 115, 116, 135, 142, 143, 148, 157, 166, 184, 186, 189], "suspicious_cif": 42, "suspicious_count": 101, "suspicious_file_download_extern": 42, "suspicious_file_download_intern": 42, "suspicious_ftp_data_read": 42, "suspicious_ftp_download": 42, "suspicious_hta_download": 42, "suspicious_http_fil": 42, "suspicious_http_port": 42, "suspicious_ipaddr": 42, "suspicious_ja3_fingerprint": 42, "suspicious_new_devic": 42, "suspicious_nfs_data_read": 42, "suspicious_nfs_file_read": 42, "suspicious_nfs_file_share_access": 42, "suspicious_observ": 101, "suspicious_rdp_cli": 42, "suspicious_smb_cifs_data_read": 42, "suspicious_smb_cifs_file_read": 42, "suspicious_smb_cifs_file_share_access": 42, "suspicious_smb_cifs_file_transf": 42, "suspicious_smb_named_pip": 42, "suspicious_tld": 42, "suspicious_user_ag": 42, "suspiciousact": 79, "suspiciousbutexpect": 79, "sv": 145, "svaid": 116, "svalbard": 135, "svc": 185, "svc_name": 116, "svc_uid": 116, "svchost": 107, "svg": [63, 101, 184], "svk": 135, "svm": 69, "svn": 135, "svn_url": 45, "sw_edit": 105, "swagger": 32, "swattr": 68, "swaziland": 135, "swe": 135, "sweden": 135, "swedish": 145, "sweep": 37, "switch": [176, 178, 179, 180, 182], "switchparamet": 18, "switzerland": 135, "swivrllc": [77, 131], "swname": 68, "swz": 135, "sxm": 135, "sy": [79, 180], "syc": 135, "sylink": 116, "symantec": [126, 154, 157], "symbian": 68, "syn": 42, "synacor": 42, "sync": [20, 34, 42, 48, 77, 78, 79, 89, 102, 103, 105, 107, 109, 117, 177, 180, 181, 182], "sync_not": 102, "sync_reference_field": 181, "sync_role_sourc": 181, "sync_task_result": 112, "synchron": [10, 16, 34, 48, 63, 66, 75, 77, 79, 86, 88, 102, 103, 105, 106, 107, 112, 115, 117, 118, 123, 128, 129, 144, 150, 177], "syncron": [34, 77], "syncrowerror": 181, "synonym": 188, "syntax": [32, 42, 52, 84, 92, 113, 124, 181], "syr": 135, "syrian": 135, "sys_ipaddr": 190, "sys_o": 190, "sys_os_vers": 190, "sys_owner_email": 190, "sys_typ": 190, "sys_us": [118, 120], "sys_user_group": [118, 120], "sysadmin": [1, 59, 97, 126], "syslog": 102, "sysmon": 103, "sysparm_queri": 118, "system": [7, 8, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 29, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 53, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 67, 68, 71, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 120, 121, 123, 124, 125, 126, 128, 129, 130, 131, 134, 135, 138, 142, 144, 145, 146, 149, 150, 151, 152, 153, 158, 160, 162, 163, 165, 170, 171, 176, 177, 179, 180, 184, 186, 190], "system1": 73, "system32": [77, 107, 144], "system_list": 76, "system_manufactur": [32, 190], "system_product_nam": [32, 190], "system_uuid": 190, "systema": 73, "systemalertid": 79, "systemassign": 18, "systemctl": 190, "systemd": 115, "systemdata": 18, "systemfamili": 53, "systemmanufactur": 53, "systemmodstamp": 112, "systemproductnam": 53, "systemskunumb": 53, "systemuuid": 53, "syswow64": 77, "sz": 89, "t": [4, 12, 15, 16, 17, 18, 24, 29, 34, 37, 45, 48, 56, 58, 73, 78, 81, 85, 87, 90, 97, 101, 106, 110, 112, 115, 116, 118, 124, 129, 131, 144, 155, 162, 179, 184, 185], "t0": 97, "t0042": 81, "t1053": 77, "t1059": 77, "t1078": [101, 102, 184], "t1210": 42, "t1547": 115, "t3qfzhncdldh3ozosrtz0mqjhkccsrqxhapw20p": 97, "t_detect_malwar": 144, "t_detect_suspect": 144, "t_name": 184, "t_rep_viru": 144, "t_run_malwar": 144, "t_run_viru": 144, "ta": [46, 97, 145], "ta0001": [101, 102, 144, 184], "ta0008": 42, "ta0011": [101, 184], "tab": [9, 10, 11, 14, 15, 17, 18, 23, 24, 25, 28, 29, 32, 33, 34, 35, 36, 37, 40, 42, 44, 46, 48, 54, 55, 60, 63, 68, 69, 74, 76, 87, 90, 97, 99, 101, 102, 105, 106, 108, 110, 112, 113, 115, 116, 118, 119, 122, 127, 135, 137, 139, 140, 143, 144, 148, 160, 164, 166, 178, 184, 187, 188, 189, 190], "tabl": [11, 47, 74, 99, 117, 119, 120, 154, 162, 164, 165, 176, 177, 180, 181, 182, 184, 188, 190], "table_addition_result": 108, "table_nam": [35, 108], "table_row": [73, 103], "table_row_object": 33, "tableau": 177, "tablet": [87, 112], "tabnam": [87, 97], "tabul": 40, "tacic": 184, "tactic": [14, 42, 79, 101, 115, 144], "tactic_cod": [81, 184], "tactic_confid": 184, "tactic_confidence_level": 102, "tactic_id": [101, 184], "tactic_nam": 184, "tactic_row": [81, 184], "tacv2": 131, "tag": [1, 4, 12, 15, 17, 18, 24, 36, 38, 45, 75, 77, 78, 79, 88, 90, 91, 97, 105, 106, 107, 115, 123, 129, 137, 142, 150, 151, 152, 165, 185, 186, 187], "tag1": 144, "tag2": 144, "tag3": 144, "tag_creat": 42, "tag_handl": 97, "tag_id": 42, "tag_list": [15, 77], "tag_nam": [15, 42, 45], "taga": 77, "tagalog": 145, "tagb": 77, "tagid": 73, "tagnam": [73, 75], "tagnot": 73, "tags_account": 18, "tags_hit": 91, "tags_hits_str": 91, "tags_result": 73, "tags_url": 45, "taiwan": 135, "tajikistan": 135, "tak": 151, "take": [18, 20, 21, 29, 35, 42, 43, 47, 48, 52, 58, 59, 61, 64, 75, 76, 79, 81, 84, 90, 100, 103, 104, 105, 113, 119, 120, 122, 126, 131, 132, 134, 137, 140, 143, 144, 146, 147, 151, 166, 181, 188, 189, 190], "takedownrequestcount": 36, "taken": [32, 35, 89, 105, 137, 155], "takeov": [42, 135], "tamil": 145, "tamper": [42, 116], "tamper_fil": 116, "tamperonoff": 116, "tandem": 110, "tanium_adapt": 17, "tanium_asset_adapt": 17, "tank": 94, "tanzania": 135, "taobao": 151, "tap": 154, "tar": [4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 28, 29, 30, 31, 33, 34, 35, 38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 50, 51, 52, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 71, 72, 73, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 136, 139, 140, 141, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 155, 157, 159, 160, 165, 167, 169, 170, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182, 184, 190], "tarbal": 45, "tarball_url": 45, "target": [4, 7, 12, 14, 17, 20, 24, 34, 37, 42, 45, 47, 48, 56, 59, 63, 67, 68, 73, 77, 78, 79, 84, 87, 89, 90, 93, 96, 98, 102, 106, 107, 108, 109, 112, 115, 116, 123, 126, 129, 135, 137, 144, 145, 171, 183, 189], "target_commitish": 45, "target_confid": 105, "target_data": 105, "target_first_seen": 105, "target_host": 55, "target_hw": 105, "target_id": 105, "target_impact_scor": 105, "target_last_seen": 105, "target_nam": 105, "target_num_detect": 105, "target_port": 55, "target_prior": 144, "target_sector": 36, "target_statu": 105, "target_sw": 105, "target_tempt": 105, "target_tim": 134, "target_valu": 144, "target_vers": 105, "target_wiki": 149, "targetdevic": 68, "targetnamespac": 97, "targetref": 97, "targetscor": 34, "task": [10, 17, 20, 27, 29, 37, 42, 43, 46, 59, 62, 72, 77, 81, 85, 90, 97, 101, 109, 110, 113, 117, 118, 119, 120, 124, 126, 131, 141, 142, 144, 146, 154, 160, 176, 177, 178, 179, 180, 181, 182, 184, 185], "task1xxa2lmwlrcvtqufsutgnuidjtudc1oao": 97, "task_at_id": [59, 107, 126], "task_chang": [59, 126], "task_count_to_salesforc": 112, "task_count_to_soar": 112, "task_custom": [59, 107, 126], "task_id": [5, 20, 27, 37, 41, 46, 59, 62, 63, 72, 73, 87, 107, 108, 109, 110, 112, 118, 124, 126, 131, 178, 186], "task_json": 112, "task_memb": [59, 107, 126], "task_nam": [59, 87, 107, 109, 126], "task_prior": 112, "task_statu": 112, "task_summari": [81, 101], "task_sync_direct": 112, "task_titl": [81, 101], "task_top": 179, "task_utils_cr": 29, "taskid": [87, 97, 108, 112, 118], "taskincident_id": 109, "tasktest": 131, "tata": 116, "taxii": [81, 184], "taxii2": 81, "tbd": 112, "tbl": 42, "tbxgjvcre1nsxao3ogs0qq": 97, "tca": 135, "tcd": 135, "tcp": [23, 37, 42, 48, 78, 82, 105, 155, 180], "tcp_null_fin_or_xmas_scan": 42, "tcp_syn_scan": 42, "tcp_urg_flag_cli": 42, "tcp_urg_flag_serv": 42, "td": [57, 87, 90], "tdadglobaldatadownloadtim": 116, "tdadglobaldataprocessingdonetim": 116, "tdadonoff": 116, "tdadstatusid": 116, "te": 145, "team": [0, 34, 45, 80, 89, 102, 107, 114, 116, 117, 118, 154, 155, 177], "teamid": 131, "teammemb": 131, "teams_channel": 131, "teams_mrkdown": 131, "teams_payload": 131, "teams_url": 45, "teamsen": 131, "teamset": 131, "teamworkuserident": 131, "tech": [77, 81, 98, 105, 184, 186], "tech3": 79, "tech_categori": 105, "tech_row": [81, 184], "techdoc": 116, "techniqu": [42, 48, 77, 78, 79, 98, 101, 115, 184], "technique_confidence_level": 102, "technique_descript": [81, 184], "technique_id": [81, 184], "technique_nam": [81, 184], "techniques_list": 98, "technologi": [20, 53, 142], "techzon": 107, "ted": 66, "telecom": [7, 14], "telemetri": 106, "telemetryhwid": 116, "telemetrymid": 116, "telephon": [66, 112], "telephone_numb": 66, "telephonenumb": [66, 158], "telephoni": 146, "tell": 162, "telnet": [42, 105, 135], "telnet_password": 42, "telnetd": 105, "telugu": 145, "temp": [112, 116], "temp4": 144, "temp_dict": 135, "templat": [3, 11, 13, 14, 20, 22, 25, 75, 78, 82, 83, 98, 107, 114, 115, 123, 124, 126, 151, 160, 162, 164], "template_dir": [65, 83], "template_fil": [22, 87, 124], "template_file_clos": 114, "template_file_escal": 114, "template_file_upd": 114, "template_help": 87, "template_xx": 87, "templateid": 20, "templates_common": [105, 106, 112, 144], "temporari": [10, 102, 110, 146], "temptat": 105, "temptation_last_modifi": 105, "temptation_scor": 105, "ten": 91, "tenabl": 105, "tenanc": [79, 86, 88], "tenant": [18, 41, 77, 78, 79, 131, 150, 155], "tenant_id": [18, 41, 77, 78, 79, 155], "tenantid": [18, 90, 131], "tend": [40, 110, 165], "tenent": 90, "teredo": 116, "term": [34, 64, 148, 149, 151, 186], "termin": [4, 15, 35, 46, 63, 97, 123, 124, 134, 144, 190], "terminateinst": 14, "terminationreason": 107, "territori": 135, "tes43": 18, "tessdata": 85, "tesseract": 85, "test": [4, 9, 11, 15, 18, 19, 20, 22, 23, 27, 28, 32, 34, 35, 37, 38, 40, 41, 42, 44, 45, 48, 50, 51, 56, 60, 63, 65, 67, 69, 73, 79, 80, 82, 84, 88, 89, 94, 97, 99, 100, 102, 103, 106, 107, 110, 111, 112, 114, 116, 117, 122, 124, 125, 126, 127, 130, 131, 132, 136, 139, 141, 143, 146, 150, 151, 153, 155, 159, 167, 169, 170, 171, 172, 173, 174, 175, 179, 180, 181, 182, 183, 185], "test1": [73, 106, 131, 151], "test123": 103, "test123456": 41, "test1254": 73, "test2": 151, "test_activity_map_1": 42, "test_clos": 65, "test_collect": 151, "test_fail": 18, "test_fold": 45, "test_for_posit": 186, "test_for_send_email": 97, "test_pol": 15, "test_pol_2": 15, "test_ref_tabe_1": 103, "test_single_request": 22, "test_tag_1": 42, "test_tag_2": 42, "test_types_utf": 35, "testbrand": 185, "testd": 89, "testdevic": 68, "tester": [41, 73, 80], "tester1324": 18, "testing352": 18, "testingv2": 124, "testit": 45, "testit_20221202_135847": 45, "testit_20221202_143109": 45, "testit_20221202_171242": 45, "testsafebrows": 185, "testservic": 89, "testus": [116, 190], "testv2": 124, "texa": 78, "text": [7, 9, 10, 14, 15, 16, 18, 19, 20, 21, 23, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 46, 48, 50, 52, 54, 56, 57, 58, 59, 61, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 79, 80, 81, 83, 84, 86, 87, 88, 89, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 116, 117, 118, 119, 121, 123, 124, 125, 126, 128, 131, 134, 135, 137, 138, 142, 145, 146, 147, 148, 149, 150, 151, 152, 153, 164, 165, 171, 180, 183, 184, 185, 186, 188, 189, 190], "text_area": 180, "text_quot": 46, "textarea": [17, 19, 23, 24, 34, 38, 40, 41, 42, 48, 58, 63, 66, 77, 78, 79, 81, 86, 87, 88, 95, 97, 102, 103, 105, 107, 108, 109, 110, 112, 115, 116, 118, 123, 124, 126, 128, 129, 135, 144, 150, 165, 166, 180], "textfsm": 83, "tfailur": [30, 40, 131, 146], "tg": 98, "tgo": 135, "th": [7, 57, 58, 90, 145], "tha": 135, "thai": 145, "thailand": [7, 135], "than": [10, 17, 18, 29, 34, 37, 42, 48, 52, 63, 66, 67, 71, 76, 77, 79, 84, 85, 86, 88, 89, 101, 102, 103, 105, 106, 110, 112, 113, 116, 118, 124, 128, 131, 134, 137, 144, 146, 155, 157, 165, 166, 177, 181, 183, 184, 189], "the_head": 90, "theantisocialengin": 12, "theartifact": 189, "thei": [15, 20, 32, 34, 37, 40, 48, 59, 63, 71, 78, 80, 84, 85, 86, 87, 88, 90, 96, 98, 101, 109, 110, 114, 117, 118, 120, 126, 131, 142, 150, 161, 166, 181], "them": [1, 4, 10, 21, 23, 24, 28, 32, 34, 37, 40, 41, 47, 48, 58, 63, 66, 69, 71, 79, 81, 85, 86, 87, 88, 90, 101, 102, 103, 106, 110, 112, 114, 115, 118, 120, 126, 128, 129, 131, 146, 166, 181, 184], "theme": 131, "themselv": 69, "therebi": [102, 110, 131], "therefor": [24, 32, 71, 97, 124, 125, 155, 189], "thi": [0, 3, 4, 5, 6, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189], "thid": 34, "thing": [59, 89, 126, 190], "think": 50, "thinkwithgoogl": 185, "third": [65, 71, 103, 118, 144, 146, 184], "thorough": 40, "those": [1, 4, 6, 12, 20, 29, 34, 35, 48, 58, 63, 66, 69, 70, 71, 84, 87, 89, 101, 102, 103, 106, 112, 119, 126, 140, 144, 150, 157, 180, 181, 185, 186, 189], "though": [101, 150, 184], "thousand": 106, "thread": [113, 131, 134, 177, 181], "thread_max": 113, "threadgrid": 26, "threadpool": 181, "threat": [4, 8, 14, 23, 34, 36, 42, 50, 51, 62, 75, 76, 78, 80, 81, 97, 99, 101, 102, 106, 114, 116, 118, 123, 142, 144, 148, 151, 154, 172, 186], "threat_actor": [101, 184], "threat_analyst_verdict": 115, "threat_collect": 128, "threat_field_nam": 128, "threat_id": [98, 115, 144], "threat_insight_dashboard": 98, "threat_intel": 128, "threat_kei": 128, "threat_level_id": 80, "threat_notes_pres": 144, "threat_source_id": [59, 126], "threat_statu": 115, "threat_templ": 98, "threat_tim": 98, "threat_typ": 128, "threatcategori": 36, "threatcent": 12, "threatentrytyp": 50, "threatfamilynam": 77, "threatfe": 165, "threathiv": [142, 186], "threathunt": 144, "threatid": 115, "threatinfo": 115, "threatlog": 12, "threatmatch": 50, "threatmin": 154, "threatmind": 132, "threatnam": [77, 115], "threatrebootrequir": 115, "threatrisklevel": 157, "threatrisklevelen": 157, "threatscor": 34, "threatseek": [142, 186], "threatservicedel": [167, 171, 175], "threatserviceedit": [167, 168, 169, 170, 171, 172, 173, 174, 175], "threatservicetest": [167, 168, 169, 170, 171, 172, 173, 174, 175], "threatsourc": [142, 186], "threatstatu": 98, "threattim": 98, "threattyp": [36, 50], "three": [4, 13, 25, 60, 65, 76, 90, 100, 101, 110, 114, 120, 122, 126, 127, 129, 139, 141, 146, 181, 184], "threshold": [3, 14, 34, 85], "throttl": [34, 41], "throttled_period": 37, "throttled_tim": 37, "throttling_data": 37, "through": [4, 10, 15, 29, 34, 39, 48, 55, 63, 65, 66, 71, 72, 84, 85, 86, 87, 88, 89, 98, 102, 103, 104, 106, 110, 113, 124, 128, 130, 150, 153, 155, 160, 166, 181, 182, 188], "throughout": 135, "throw": [23, 42, 72, 116], "thrown": [42, 63], "thu": [12, 20, 110, 134], "thug_analysi": 133, "thug_arg": 133, "thug_dir": 133, "thug_url": 133, "thumbnail": 36, "thumbnail_token": 95, "thumbnail_uuid": 105, "thumbprint": [142, 186], "thumbprint_sha256": [142, 186], "thunderbird": 87, "ti": 77, "ti_dns_host": 42, "ti_http_host": 42, "ti_http_uri": 42, "ti_ssl_sni": 42, "ti_tcp_incom": 42, "ti_tcp_outgo": 42, "tickersymbol": 112, "ticket": [20, 37, 42, 63, 73, 109, 114, 159], "ticket_id": [42, 73], "ticket_server_nam": 73, "ticket_url": 42, "ticketid": [73, 123], "ticketservernam": 73, "tickettyp": 114, "tid": [34, 77], "tidi": 190, "tie": [73, 75, 154], "tie_create_d": 76, "tie_result": 76, "tier": [20, 129], "tier1": [20, 123], "tier2": 20, "tier3": 20, "tif": 71, "tighten": [12, 17, 24, 45, 78, 90, 115, 129, 144], "time": [4, 10, 14, 17, 18, 19, 20, 23, 26, 30, 32, 34, 36, 37, 40, 41, 42, 48, 54, 55, 56, 58, 63, 64, 67, 68, 69, 71, 72, 73, 77, 78, 79, 84, 87, 88, 89, 93, 97, 98, 100, 101, 103, 105, 106, 107, 110, 111, 112, 113, 114, 115, 116, 117, 118, 120, 122, 123, 124, 127, 128, 129, 131, 134, 135, 139, 140, 141, 142, 143, 144, 146, 150, 153, 157, 158, 164, 165, 166, 176, 177, 178, 179, 180, 181, 182, 185, 186, 188], "time_before_re_auth": 116, "time_between_auth_attempt": 116, "time_end": 69, "time_for_remote_block": 116, "time_list": 134, "time_slot": 116, "time_start": 69, "time_to_l": 103, "time_to_wait": 18, "time_window": 89, "time_zon": 89, "timed_out": 16, "timedelta": 134, "timedifflastscantim": 116, "timedifflastupdatetim": 116, "timedifflastvirustim": 116, "timedout": 116, "timeestim": 63, "timefram": [136, 181], "timegener": 79, "timegenerated_m": 79, "timegm": [105, 135], "timelin": 26, "timem": 34, "timeofev": 20, "timeoriginalestim": 63, "timeout": [27, 42, 63, 64, 66, 68, 72, 73, 84, 86, 87, 89, 101, 102, 103, 107, 110, 140, 141, 142, 155, 165, 179, 186], "timeout_linux": 84, "timeout_second": 93, "timeout_typ": 103, "timer": [126, 141, 154, 181], "timer_epoch": 166, "timer_field_summarized_incident_data": [59, 126], "timer_in_parallel": 134, "timer_parallel_tim": 134, "timer_tim": [134, 166], "timesp": 63, "timestamp": [7, 9, 10, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 30, 32, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 48, 50, 54, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 83, 84, 85, 86, 87, 88, 90, 91, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 121, 123, 125, 126, 128, 129, 131, 134, 135, 136, 142, 144, 146, 148, 150, 151, 152, 153, 157, 180, 181, 183, 184, 185], "timestamp_epoch": 37, "timestamp_nanosecond": 23, "timetrack": 63, "timezon": [18, 30, 31, 35, 41, 63, 73, 90, 113, 116, 120, 123, 146, 181, 185], "timezone_offset": [63, 102], "timezonesidkei": 112, "timor": 135, "tinstanc": 18, "tip": [119, 166], "titl": [12, 14, 34, 35, 36, 42, 48, 54, 56, 58, 59, 65, 71, 73, 77, 78, 79, 89, 92, 93, 95, 105, 106, 107, 112, 115, 123, 124, 126, 131, 135, 136, 144, 146, 148, 149, 151, 181, 183, 189], "tjk": 135, "tkf5x": 77, "tkl": 135, "tkm": 135, "tl": [22, 42, 52, 55, 105, 110, 135, 142, 145, 177, 185], "tl6sqj2bp": 97, "tl9wdeyh3qkr9ik9f3thb0t7kdhvclvxna6e2xgighkwuofk": 97, "tld": [36, 93, 142], "tldextract": 29, "tlp": [9, 80], "tlp_color": 9, "tlp_white": 151, "tlpcolor": 151, "tlpcolorcod": 151, "tlpcolornam": 151, "tlpisuserdefin": 151, "tlsh": 121, "tlsstat": 185, "tlsv1": 170, "tm": [81, 90], "tma": 135, "tmp": [4, 10, 37, 180], "tmpdevic": 116, "tmppe_6ed00": 126, "tn0em1lfo3gntfvolxarv03qvnex3s4xi4xjesnsn3uwf5y42ysnd6s4zt0y09rbwi2jvq3bsd31ht3tfrwk98lvkmauzejacqs7kta": 97, "tns_admin": 180, "tnsname": 180, "tnt": 98, "to_domain": 90, "to_id": 80, "to_urg": 89, "tobago": 135, "toclient_certif": 115, "todai": [29, 177], "todo": [27, 77, 81, 109, 138, 149, 153], "togeth": [4, 48, 73, 103, 106, 110, 118, 144, 180, 184, 190], "toggl": [40, 85], "toggle_result": 66, "togo": 135, "tojson": [42, 77], "tokelau": 135, "token": [13, 18, 22, 23, 26, 34, 41, 42, 45, 52, 55, 61, 63, 78, 82, 89, 101, 102, 103, 105, 107, 112, 115, 124, 128, 131, 135, 137, 142, 146, 150, 153, 155, 158, 166, 181, 182], "token_ring_traff": 116, "token_typ": [87, 110], "token_url": [18, 87, 150, 155], "tokyo": 117, "told": 23, "toll": 146, "tollnumb": 146, "tolltyp": 146, "tom": 66, "tomcat": [42, 105], "tomcat_jsp_upload": 42, "tome": 135, "ton": 135, "tonga": 135, "too": [41, 98, 190], "took": [8, 36], "tool": [1, 4, 19, 29, 37, 42, 46, 52, 69, 70, 71, 78, 81, 90, 103, 106, 107, 110, 126, 131, 135, 144, 146, 155, 157, 180, 181], "toolset": 10, "tooltip": [7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 138, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 165, 166, 183, 184, 185, 186], "top": [4, 40, 42, 66, 70, 71, 77, 95, 97, 119, 120, 131, 132, 135, 151, 190], "top_ev": 102, "topev": 102, "topic": [31, 65, 75, 143, 179], "topic_listener_on": 75, "topic_map": 179, "topic_nam": 75, "topica": 65, "topicb": 65, "tor": [42, 154], "torecipi": 41, "torproject": 104, "tostr": 119, "total": [3, 20, 23, 34, 38, 41, 45, 59, 63, 88, 89, 101, 116, 126, 151, 153, 184, 186], "total_data": 106, "total_ep_count": 116, "total_fail_remediation_count": 116, "total_item": 106, "total_match_count": 116, "total_match_ep_count": 116, "total_not_complet": 116, "total_pag": 106, "total_remediation_count": 116, "total_remediation_ep_count": 116, "total_search": 164, "total_space_of_drive_c": 73, "total_usag": 37, "total_vot": [142, 186], "totalallocationunit": 53, "totaldiskspac": [73, 116], "totalel": 116, "totaleventcount": 107, "totalitem": 115, "totallink": 185, "totalmemori": 115, "totalpag": 116, "totalphysicalmemori": 73, "totalrecord": 91, "totalreport": 7, "totalunacknowledgedmessag": 116, "totalvot": 151, "tou": 148, "touch": 77, "tower": 154, "toxic": [101, 184], "toxic_combin": 150, "toxic_count": 101, "tp": [71, 105], "tpmdevic": 116, "tqtqz7xbqo": 97, "tr": [87, 90, 121, 145], "trace": [9, 11, 15, 28, 29, 42, 51, 60, 67, 77, 82, 94, 99, 100, 110, 114, 122, 127, 130, 139, 141, 148, 159, 185], "trace_id": 32, "traceabl": 37, "traceback": 29, "tracehead": 16, "traceid": 58, "tracepath": 84, "tracerout": [84, 163, 190], "traceroute_windows_cmd": 84, "traceroute_windows_p": 84, "tracert": [84, 116], "track": [42, 56, 63, 77, 79, 87, 97, 118, 131, 135, 181, 188], "tracker": 71, "trade": [56, 183], "trader": [56, 183], "tradestyl": 112, "tradit": [85, 110, 145], "traffic": [20, 23, 24, 42, 78, 109, 116], "traffictypediagnost": 90, "trail": [76, 99, 180], "trailer": [87, 90], "train": 69, "traineddata": 85, "transact": [42, 135], "transactionid": 41, "transfer": [1, 20, 34, 42, 181, 184], "transfersitelistsid": 73, "transform": 106, "transit": [15, 181], "transition_id": 63, "translat": [154, 180], "translatedcategori": 157, "transmiss": [65, 186], "transmit": [131, 181], "transpar": [50, 135], "transparencyreport": 50, "transport": [84, 90, 141], "trap": [154, 177], "trash": 40, "travers": 42, "treck": 42, "tree": [12, 17, 24, 40, 45, 69, 73, 78, 90, 101, 115, 116, 129, 144, 160, 165, 180, 190], "trees_url": 45, "trend": 102, "tresourceid": 18, "tri": 165, "triag": [23, 45, 90, 123], "trial": 116, "triangl": 148, "tricki": 48, "trickli": 181, "trigger": [7, 8, 9, 12, 14, 15, 16, 19, 21, 23, 27, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 42, 46, 47, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 61, 62, 68, 74, 75, 76, 78, 81, 83, 85, 86, 87, 89, 91, 92, 93, 95, 96, 97, 101, 106, 108, 109, 110, 113, 116, 118, 121, 123, 126, 129, 133, 134, 135, 136, 137, 138, 143, 145, 147, 149, 152, 153, 162, 166, 172, 174, 189], "trigger_log_entry_refer": 89, "triggercondit": 107, "triggercondition_lookup": 107, "triggerdid": 34, "triggered_job": 113, "triggeredcompon": 34, "triggeredfilt": 34, "triggerev": 107, "trim": [10, 67, 79], "trinidad": 135, "tristan": 135, "trivial": 177, "troj": 121, "trojan": [121, 144], "troubleshoot": [34, 165], "troubleshootinfo": 77, "troup": 95, "troyhunt": [56, 183], "true": [7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 30, 32, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 47, 48, 49, 50, 52, 53, 54, 55, 56, 58, 59, 61, 62, 63, 64, 65, 66, 68, 69, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 117, 118, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 137, 140, 142, 144, 146, 147, 148, 150, 151, 152, 153, 157, 160, 165, 166, 167, 176, 178, 179, 180, 181, 182, 183, 184, 185, 187, 189, 190], "true_posit": [115, 144], "trueposit": [65, 77, 79], "truncat": 180, "trust": [42, 75, 76, 87, 107, 110, 135, 141, 186], "trust_cert": 72, "trust_level": [75, 76], "trustboard": 135, "trusted_white_list": 144, "trusteer": 154, "trusteer_endpoint_protection_device_id": 135, "trusteer_ppd_application_id": 135, "trusteer_ppd_classif": 135, "trusteer_ppd_device_id": 135, "trusteer_ppd_dt_act": 135, "trusteer_ppd_dt_c": 135, "trusteer_ppd_dt_classif": 135, "trusteer_ppd_dt_countri": 135, "trusteer_ppd_dt_date_ad": 135, "trusteer_ppd_dt_device_id_and_link": 135, "trusteer_ppd_dt_event_received_at": 135, "trusteer_ppd_dt_new_device_ind": 135, "trusteer_ppd_dt_organ": 135, "trusteer_ppd_dt_reason": 135, "trusteer_ppd_dt_recommend": 135, "trusteer_ppd_dt_risk_scor": 135, "trusteer_ppd_dt_session_id": 135, "trusteer_ppd_dt_trusteer_alert": 135, "trusteer_ppd_dt_user_ip_address": 135, "trusteer_ppd_feed_item_type_support": 135, "trusteer_ppd_feedback": 135, "trusteer_ppd_fraud_mo": 135, "trusteer_ppd_link_to_puid": 135, "trusteer_ppd_puid": 135, "trusteer_ppd_result": 135, "trusteer_ppd_session_id": 135, "trustlevel": 76, "trustout": 87, "trustwav": [142, 186], "trustworthi": 189, "try": [12, 15, 17, 23, 24, 37, 42, 45, 46, 56, 58, 70, 78, 79, 80, 81, 86, 87, 90, 101, 115, 116, 119, 124, 129, 135, 143, 144, 148, 153, 180, 184, 190], "tserver": 116, "tsl": [54, 55], "ttl": [26, 142], "tto": 135, "ttp": 144, "tu": [131, 146, 155], "tue": 12, "tun": 135, "tunisia": 135, "tunnel": [40, 42], "tupl": [97, 105, 106, 112, 144, 181], "tuple_list": 97, "tur": 135, "turk": 135, "turkei": 135, "turkish": 145, "turkmenistan": 135, "turn": [40, 75, 78, 99, 105, 106, 112, 115, 129, 144, 150], "tutori": [37, 190], "tuv": 135, "tuvalu": 135, "tvfuc51lhg6dgjcl": 97, "tvpqaaiaaaaeaa8a": 116, "tvq": 77, "tw": 145, "twc": 14, "tweet": 137, "twice": [102, 190], "twilio": 154, "twilio_account_sid": 136, "twilio_account_sid1": 136, "twilio_after_d": 136, "twilio_after_date_t": 136, "twilio_auth_token": 136, "twilio_date_s": 136, "twilio_date_sent_t": 136, "twilio_phone_numb": 136, "twilio_sms_destin": 136, "twilio_sms_log": 136, "twilio_sms_messag": 136, "twilio_src_address": 136, "twilio_statu": 136, "twilio_wait_timeout": 136, "twitter": [139, 154], "twitter_api_kei": 137, "twitter_api_secret": 137, "twitter_search_tweet_count": 137, "twitter_search_tweet_str": 137, "twn": 135, "two": [1, 4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 32, 34, 35, 37, 38, 40, 41, 42, 43, 44, 45, 46, 48, 50, 52, 54, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 68, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 139, 141, 142, 143, 144, 145, 146, 150, 151, 152, 153, 165, 166, 177, 181, 183, 184, 188, 189, 190], "two_text_inputs_in_a_form": 12, "twython": 137, "txt": [0, 27, 34, 45, 46, 82, 87, 106, 112, 116, 126, 129, 142, 151, 180, 182, 183], "tyler": 90, "type": [5, 7, 8, 9, 10, 12, 16, 17, 18, 19, 20, 21, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 44, 45, 46, 47, 48, 49, 50, 52, 53, 55, 56, 57, 58, 59, 61, 62, 63, 64, 65, 66, 71, 73, 75, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 99, 101, 103, 105, 106, 107, 109, 110, 113, 114, 115, 116, 118, 119, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 136, 137, 138, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 157, 160, 164, 165, 166, 172, 174, 176, 177, 178, 179, 181, 182, 183, 184, 185, 186, 188, 189, 190], "type_": 48, "type_dict": 180, "type_distribut": 17, "type_filt": 98, "type_id": [35, 58, 73, 97, 103, 108, 126], "type_lookup": [77, 112, 113], "type_map": [34, 42], "type_nam": [73, 97, 103, 181], "type_of_threat": 98, "typeerror": 153, "typeid": 73, "typelabel": 34, "typelookup": [142, 186], "typenam": [34, 73], "typic": [12, 14, 17, 24, 37, 45, 78, 79, 85, 89, 90, 102, 110, 113, 115, 126, 129, 144, 163, 166, 176, 178, 179, 180, 182, 187], "typo": 103, "tz": [40, 105, 185], "tza": 135, "tzlocal": 41, "u": [1, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 35, 36, 37, 40, 41, 42, 43, 44, 45, 46, 48, 51, 52, 53, 54, 55, 56, 58, 59, 61, 62, 63, 66, 68, 69, 70, 71, 72, 73, 75, 76, 77, 78, 79, 81, 82, 83, 84, 87, 89, 90, 93, 94, 95, 97, 98, 99, 100, 103, 104, 105, 106, 107, 109, 110, 111, 113, 114, 115, 116, 120, 122, 124, 126, 127, 128, 129, 130, 131, 132, 133, 135, 136, 137, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 153, 157, 158, 159, 160, 165, 167, 170, 171, 172, 173, 174, 175, 176, 178, 179, 180, 182, 183, 184, 185, 186, 187, 189, 190], "u001b": 10, "u0026": [66, 108, 116], "u0026amp": 87, "u0026appid": 116, "u0026exvsurl": 41, "u0026format": 116, "u0026gt": [97, 116], "u0026interval_typ": 42, "u0026languag": 116, "u0026lt": [97, 116], "u0026orgkei": 144, "u0026path": 41, "u0026quot": [102, 116, 183], "u0026tabnam": 108, "u0026until": 42, "u0026valu": 129, "u0026viewmodel": 41, "u0027": [10, 18, 34, 35, 41, 66, 78, 79, 87, 88, 90, 97, 101, 102, 103, 123], "u00272022": 123, "u00272638443927": 66, "u0027847075616325894144": 123, "u002789": 101, "u0027_blank": 87, "u0027a": 35, "u0027al": 10, "u0027autotester24": 18, "u0027b": 35, "u0027bas": 18, "u0027bb": 103, "u0027blocked_us": 88, "u0027c": 90, "u0027california": 90, "u0027canada": 18, "u0027cloudflar": 90, "u0027cmd": 102, "u0027cn": [66, 90], "u0027context": 103, "u0027custom": 97, "u0027cv": 97, "u0027defend": 97, "u0027descript": 18, "u0027destin": 103, "u0027disablelocalauth": 18, "u0027dynam": 102, "u0027ec": 103, "u0027ecbb": 103, "u0027ecdsa": 90, "u0027endpointid": 123, "u0027exampl": 78, "u0027frequ": 18, "u0027get_all_runbook": 18, "u0027http": 87, "u0027id": 150, "u0027javascript": 102, "u0027keynam": 18, "u0027l": 90, "u0027lastseenat": 123, "u0027ldap": 97, "u0027load": 103, "u0027loc": 18, "u0027manu": 123, "u0027nam": 18, "u0027o": 90, "u0027onetim": 18, "u0027password": 18, "u0027playbook": 97, "u0027primari": 18, "u0027properti": 18, "u0027publicnetworkaccess": 18, "u0027qr": 97, "u0027qradar": 97, "u0027reaqta": 97, "u0027runbook_nam": 18, "u0027san": 90, "u0027sku": 18, "u0027slack": 97, "u0027sni": 90, "u0027soartest": 41, "u0027someth": 18, "u0027sourc": 103, "u0027sql": 97, "u0027st": 90, "u0027starttim": 18, "u0027symantec": 97, "u0027t": [78, 79, 116, 183], "u0027tag": 18, "u0027tes43": 18, "u0027tester1324": 18, "u0027u": 90, "u0027us": 150, "u0027user2": 41, "u0027usernam": 18, "u0027watson": 97, "u0027winword": 102, "u0027yyyi": 103, "u003": [34, 40, 41, 42, 45, 63, 84, 87, 88, 90, 97, 101, 102, 105, 106, 107, 108, 115, 116, 123, 126, 129, 144, 150, 183, 184], "u003c": [40, 41, 42, 45, 63, 87, 88, 90, 97, 101, 102, 105, 106, 107, 108, 115, 116, 123, 126, 129, 144, 150, 183, 184], "u003c2022": 90, "u003c3e563564e5cc44a6aebb26f41da9d570": 40, "u003c3e563564exxxxxxxxxxxxxxxx570": 40, "u003c53fe9fb07c4b48218c611b835c1e9603": 40, "u003c6c7f6d14acca4dc8ab34fd78de50e9da": 40, "u003c6c7f6d14axxxxxxxxxxxxxxxx9da": 40, "u003c8a9cc4cff1414ae38fa9b3fa85674f04": 40, "u003ca": [63, 87, 102, 108, 116, 183], "u003cassess": 126, "u003cb": [42, 115, 129, 144], "u003cbodi": [40, 41, 90], "u003cbpmndi": 97, "u003cbr": [40, 87, 108, 115, 116, 129, 144], "u003cdacfdd29ab69473b8c7dad28366ca4d9": 40, "u003cdacfdd29axxxxxxxxxxxxxxxx4d9": 40, "u003cdefinit": 97, "u003cdir": 84, "u003cdiv": [40, 63, 105, 106, 107, 108, 123, 150], "u003cdm6pr08mb60609aba5a1c0455aff7c26c954b9": 41, "u003cdocument": 97, "u003cem": 183, "u003cendev": 97, "u003centri": 88, "u003cextensionel": 97, "u003cf2ff33ff93104e74b33f0371b655ace8": 40, "u003cf2ff33ff9xxxxxxxxxxxxxxxxce8": 40, "u003ch2": [87, 90], "u003chead": [40, 41], "u003chtml": [40, 41, 90], "u003cimg": [101, 184], "u003cincom": 97, "u003cli": [101, 184], "u003cmemb": 88, "u003cmeta": [40, 41], "u003cmsg": 88, "u003cn": 34, "u003comgdc": 97, "u003comgdi": 97, "u003copt": 126, "u003coutgo": 97, "u003cp": [40, 45, 101, 129, 150, 184], "u003cprocess": 97, "u003cresili": 97, "u003cresilienthighlight": 126, "u003crespons": 88, "u003cresult": 88, "u003crollup": 126, "u003cscript": 97, "u003cscripttask": 97, "u003csequenceflow": 97, "u003cservicetask": 97, "u003cspan": 40, "u003cstartev": 97, "u003cstyl": 40, "u003ctabl": 90, "u003ctd": 90, "u003cth": 90, "u003ctr": 90, "u003cul": [101, 184], "u003cus": 88, "u003e0": 115, "u003e000webhost": 183, "u003e1": 102, "u003e100": 102, "u003e13477": 126, "u003e1641df58c1027a00f670d41491a2eecff931604c": 115, "u003e2": [102, 126, 144], "u003e2796": 108, "u003e2799": 108, "u003e2802": 108, "u003e404": 63, "u003e8fit": 183, "u003e8track": 183, "u003ea": 183, "u003ead": 129, "u003eadmin": 106, "u003eadministr": 129, "u003eani": 102, "u003eapp": 126, "u003eartist": 90, "u003ebi": 108, "u003eblocked_us": 88, "u003eblocked_user_2": 88, "u003ebob": 90, "u003ebonni": 90, "u003ecisco": 102, "u003eclos": 107, "u003ecommand": 88, "u003edefault": 116, "u003edehash": 183, "u003edidn": 183, "u003edolli": 90, "u003eec": 102, "u003eempir": 90, "u003eexperi": 102, "u003eextrahop": 42, "u003eflow_6b7udwv": 97, "u003eflow_9af41ea": 97, "u003eflow_gvkozkt": 97, "u003eflow_hbegkz1": 97, "u003eflow_qgvwubw": 97, "u003eflow_y10ymbl": 97, "u003efn_slack": 126, "u003efor": 116, "u003efrom": 129, "u003egari": 90, "u003egreatest": 90, "u003ehid": 90, "u003ehour": 102, "u003eincid": 87, "u003ejeff": 88, "u003ejohndo": 40, "u003ejra": 63, "u003elog": 102, "u003emark": 105, "u003emi": [90, 129], "u003emicrosoft": 102, "u003eminut": 102, "u003enot": [108, 123, 129], "u003enotifi": 87, "u003eon": 108, "u003epassword": 116, "u003ereleas": 45, "u003erepli": 108, "u003es": 40, "u003escript": 97, "u003esend": 40, "u003esentinelon": 115, "u003esom": 45, "u003esourc": 102, "u003estil": 90, "u003esur": 108, "u003esymantec": 129, "u003etask": 108, "u003etest": [41, 150], "u003ether": [101, 126, 184], "u003ethi": 108, "u003etitl": 90, "u003eus": 129, "u003eusernam": 102, "u003evmwar": 144, "u003ex": [101, 184], "u003ezip": 126, "u00a0": 79, "u00a0and": 142, "u00a0assign": 142, "u00a0corpor": 142, "u00a0for": 142, "u00a0nam": 142, "u00a0numb": 142, "u00e4chtig": 157, "u0414": 151, "u041b": 151, "u043": 151, "u0430": 151, "u0433": 151, "u0438": 151, "u043d": 151, "u043f": 151, "u0440": 151, "u044c": 151, "u044f": 151, "u0i": 97, "u1oglu6m": 97, "u200cdescript": 123, "u2019": [56, 183], "u3044": 157, "u3057": 157, "u308f": 157, "u30b9": 157, "u30d1": 157, "u30e0": 157, "u3t46nen": 97, "u4ef6": 157, "u53ef": 157, "u573": 157, "u5783": 157, "u7591": 157, "u90a": 157, "u90f5": 157, "u_ibm_resilient_incident_id": 119, "ua": 14, "uax01": 107, "ubi": 4, "ubi8": 84, "ubuntu": [58, 116], "uc": 185, "ucf": 90, "udid": 68, "udp": 42, "udp_port_scan": 42, "ue": 185, "uesdbbqacagiabakifuaaaaaaaaaaaaaaaakaaaazxhwb3j0lnjlc80z227bopz9v4lwc2rlsmzlqtaz7syfiu0nkw6wi81aoetkziujgljkyhtz73ti6kbjsz10go1lg5pnfufrt78hnmnjxxghz": 97, "uesdbbqacagiabowifuaaaaaaaaaaaaaaaakaaaazxhwb3j0lnjlc80z227bopz9v4lwc2trastbnrptjgwk7q2tdrclzucgrmpmk4kauupifppve0jqrsljnxsa7usbk": 97, "ufeffssn": 46, "ufoakqrxarcjakabf7ui7pv6v7": 97, "uga": 135, "uganda": 135, "ui": [4, 18, 40, 45, 48, 63, 72, 73, 78, 94, 102, 109, 114, 118, 119, 159, 178, 181, 184, 185], "ui_them": [59, 126], "uid": [0, 34, 66, 86, 102, 116, 158, 180, 190], "uihbvitfyuwfttbjc1": 185, "uk": [145, 185], "ukljorzdz5llpr": 97, "ukr": 135, "ukrain": 135, "ukrainian": 145, "ul": [12, 17, 24, 45, 78, 90, 101, 115, 129, 144, 184], "ulimit": 190, "ultim": 101, "ultra": 42, "umbinv_dns_typ": 26, "umbinv_resourc": 26, "umbrella": [142, 154, 185], "umbrella_classifi": 26, "umbrella_dns_rr_hist": 26, "umbrella_domain_co_occurr": 26, "umbrella_domain_related_domain": 26, "umbrella_domain_security_info": 26, "umbrella_domain_status_and_categori": 26, "umbrella_domain_volum": 26, "umbrella_domain_whois_info": 26, "umbrella_ip_as_info": 26, "umbrella_ip_latest_malicious_domain": 26, "umbrella_pattern_search": 26, "umbrella_threat_grid_sampl": 26, "umbrella_timelin": 26, "umfd": 107, "umi": 135, "ump0ga": 97, "umqlqjsqfdoabyz3eucmgghx1x82jy5dhoqmedh6l9n5juudr87jpwp": 97, "un": [34, 77, 116, 131], "unabl": [23, 30, 40, 65, 70, 87, 105, 106, 109, 112, 131, 135, 136, 144, 146, 150, 155, 181], "unack_output": 34, "unapprov": 42, "unapproved_saa": 42, "unarchiv": 131, "unari": 52, "unassign": [42, 59, 102, 126], "unauthent": [42, 87], "unauthor": [14, 42, 106], "unauthoris": 36, "unauthorized_caller_error": 42, "unauthorizedaccess": 14, "unavail": [41, 42, 99], "unblock": 88, "uncategoris": 36, "unchang": [4, 123], "uncom": [3, 4, 10, 25, 26, 30, 35, 37, 44, 69, 87, 88, 90, 110, 112, 113, 142, 146, 148, 179, 189], "uncompress": [29, 132], "unconvent": 42, "unconventional_data_transf": 42, "unconventional_new_external_host": 42, "unconventional_new_internal_host": 42, "unconventional_new_protocol": 42, "unconventional_rdp_behavior": 42, "unconventional_rdp_data_transf": 42, "unconventional_rfb_behavior": 42, "unconventional_rfb_data_transf": 42, "unconventional_smb_cifs_data_transf": 42, "unconventional_ssh_behavior": 42, "unconventional_ssh_data_transf": 42, "unconventional_telnet_data_transf": 42, "unconvertedcont": 151, "undecid": 106, "undefin": [48, 115, 129], "under": [3, 9, 10, 11, 14, 15, 25, 28, 29, 32, 34, 40, 42, 45, 46, 47, 51, 55, 60, 63, 66, 67, 69, 71, 79, 86, 87, 88, 94, 100, 102, 103, 110, 112, 113, 114, 120, 122, 127, 128, 130, 131, 133, 139, 141, 148, 155, 159, 160, 166, 176, 177, 178, 179, 180, 181, 182, 190], "underli": 118, "underscor": [96, 124, 180], "understand": [119, 149], "undesir": 131, "undetect": [142, 186], "undetermin": [79, 135], "undo": 116, "unencrypt": [0, 42, 110], "unencrypted_zoom": 42, "unexpect": [14, 15, 42, 48, 153, 181], "unexpected_dropped_connect": 42, "unexpected_service_access": 42, "unfilt": 15, "unfortun": [87, 181], "unfoundus": 131, "unicod": [9, 10, 12, 15, 17, 19, 24, 32, 42, 45, 52, 63, 66, 78, 90, 115, 129, 142, 144, 153, 180, 189], "unifi": [87, 106, 131], "unifiedtravelerdeviceid": 68, "unimport": 135, "uninstal": [7, 8, 10, 12, 13, 14, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 30, 31, 33, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 55, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 120, 121, 123, 124, 125, 126, 128, 129, 131, 132, 134, 135, 138, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 157, 160, 167, 181, 185], "uninstall_cod": 144, "unintend": 37, "uniq_countries_int": 185, "uniq_url": 90, "uniqcountri": 185, "uniqu": [1, 14, 17, 23, 24, 32, 34, 40, 42, 56, 58, 60, 68, 71, 81, 95, 96, 98, 113, 116, 118, 119, 131, 146, 165, 183, 189], "unique_ip": 90, "unique_item": 17, "unique_kei": [71, 165], "unique_list_items_to_csv_str": 17, "uniqueid": 116, "uniqueidtyp": 41, "unisol": 77, "unit": [7, 12, 55, 61, 66, 84, 95, 129, 134, 135, 141, 144, 146, 148, 150, 166, 182], "univers": [4, 95, 116], "universal_avatar": 63, "university_domain": 71, "unixodbc": 180, "unixvolum": 53, "unknown": [7, 9, 23, 41, 42, 48, 62, 64, 77, 78, 79, 102, 103, 105, 106, 112, 115, 116, 136, 143, 144, 153, 183, 185], "unknown_app": 144, "unknown_md5_str": 153, "unknown_public_dns_serv": 42, "unknown_s3_bucket_upload": 42, "unlaw": 186, "unless": [58, 102, 176, 177, 178, 179, 180, 181, 182, 189], "unlimit": [110, 165], "unlist": 92, "unlock": 87, "unlock_cod": 23, "unlockedmeetingjoinsecur": 146, "unmanag": 116, "unnecessari": [42, 96, 181], "unoffici": 181, "unpack": 157, "unprivileg": [176, 178, 179, 180, 182], "unrat": [142, 157, 186], "unread": 40, "unresolv": [42, 77, 79, 103, 106, 107, 115, 123, 144, 150], "unrestrict": 77, "unrestrictcodeexecut": 77, "unsaf": [42, 50], "unsafe_ldap_auth": 42, "unsign": [45, 115], "unsolicit": 186, "unsort": [35, 58], "unspecifi": [84, 106, 182], "unspecified_xpn_project_statu": 48, "unstyl": 151, "unsuccess": [19, 23, 66, 76, 77, 107, 116, 128], "unsupport": [9, 29, 33, 80, 101], "unsupportedalerttyp": 77, "untag": 45, "until": [10, 40, 73, 79, 120, 143, 178], "untrust": 84, "unus": [29, 48, 110, 178, 182, 190], "unusu": [14, 34, 42], "unusual_iot_protocol": 42, "unusual_kerberos_fingerprint": 42, "unusual_protocol_for_enterprise_softwar": 42, "unusual_s3_download": 42, "unusual_user_login_tim": 42, "unusual_working_hour": 55, "unusualapisaccountprofil": 14, "unusualapisuseridentityprofil": 14, "unusualasnsaccountprofil": 14, "unusualasnsuseridentityprofil": 14, "unusualbehavior": 14, "unusualuseragentsaccountprofil": 14, "unusualuseragentsuseridentityprofil": 14, "unusualusernamesaccountprofil": 14, "unusualusertypesaccountprofil": 14, "unverifi": 183, "unwant": [99, 106], "unwanted_valu": 69, "unwantedsoftwar": 77, "unwieldi": 17, "unzip": [9, 10, 11, 15, 28, 29, 44, 51, 54, 60, 67, 80, 94, 99, 100, 114, 120, 122, 127, 130, 132, 136, 139, 140, 141, 143, 148, 155, 159, 165, 166, 167, 169, 170, 172, 173, 174, 176, 178, 179, 180, 182, 183, 184, 185, 186, 190], "up": [9, 10, 11, 12, 15, 17, 24, 28, 33, 38, 45, 47, 48, 50, 51, 52, 56, 60, 67, 68, 74, 75, 77, 78, 81, 87, 90, 94, 95, 99, 100, 102, 105, 113, 114, 115, 116, 117, 120, 122, 127, 128, 129, 130, 133, 135, 138, 139, 141, 143, 144, 148, 149, 153, 155, 159, 176, 178, 179, 180, 181, 182, 183, 190], "up_to_d": 116, "upd_det_datetim": 42, "updat": [3, 4, 7, 8, 9, 10, 13, 14, 18, 19, 20, 21, 22, 23, 24, 26, 28, 31, 32, 33, 34, 38, 40, 41, 52, 55, 56, 58, 59, 60, 63, 64, 69, 70, 72, 74, 75, 80, 81, 82, 86, 87, 88, 89, 90, 94, 98, 99, 101, 104, 106, 107, 108, 109, 110, 111, 114, 117, 119, 120, 122, 126, 127, 130, 133, 134, 139, 140, 142, 144, 148, 150, 151, 152, 153, 157, 158, 160, 165, 168, 171, 173, 175, 176, 177, 178, 179, 180, 181, 182, 183, 186, 187, 188, 189, 190], "update_agent_result": 115, "update_alert_data_t": 135, "update_cas": [34, 48, 63, 106, 112, 115, 144], "update_case_templ": 129, "update_datat": 14, "update_defender_alert_templ": 77, "update_defender_incident_templ": 77, "update_detection_ok": 42, "update_detection_result": 42, "update_ev": 128, "update_field": 14, "update_incident_templ": [77, 79], "update_kei": 48, "update_object_stat": 97, "update_result": 66, "update_sentinel_incident_templ": 79, "update_statu": 112, "update_status_result": 115, "update_task": 63, "update_tim": [42, 48], "update_watchlist_result": 42, "update_workflow_stat": 97, "updateauthor": 63, "updated_allowlist": 153, "updated_allowlist_url": 153, "updated_at": [14, 45, 89, 106], "updated_customlist": 153, "updated_d": 101, "updated_kei": 48, "updated_mark": 48, "updated_valu": 48, "updatedat": [14, 115, 150], "updateddatetim": 36, "updatedon": 77, "updatetim": 76, "upgrad": [10, 14, 24, 35, 41, 42, 44, 52, 55, 56, 63, 65, 66, 73, 77, 79, 80, 84, 86, 87, 88, 89, 90, 98, 102, 103, 107, 113, 116, 117, 118, 124, 128, 131, 140, 142, 151, 155, 176, 178, 179, 180, 181, 182, 185, 188, 189], "uphfynnfimjgtg6ynou81a5o9xokisdbhdphpmnd9wti": 97, "upload": [45, 46, 48, 63, 72, 115, 124, 126, 165], "upload_commandid": 116, "upload_result": 129, "upload_url": 45, "uploadd": 15, "upnp": [42, 116], "upon": [40, 64, 71, 110, 111, 118, 120, 131, 141, 146], "upper": [8, 34, 48, 112, 116, 135, 144], "uppercas": 15, "upsellopportunity__c": 112, "upsert": 179, "upstream": 150, "upto": 33, "upward": 58, "ur": 145, "urdu": 145, "urgenc": [20, 89, 109, 118], "urgency_chang": 89, "uri": [36, 42, 50, 57, 64, 71, 80, 91, 110, 118, 120, 128, 131, 135, 146, 152, 153, 155, 165, 171, 172, 174, 185, 186], "uri_frag": 142, "uriclicksecurityst": 78, "urilookup": 142, "url": [7, 8, 9, 11, 12, 13, 17, 18, 19, 23, 24, 25, 28, 30, 31, 33, 34, 36, 37, 38, 40, 41, 42, 44, 45, 47, 50, 51, 54, 57, 60, 63, 64, 67, 68, 71, 72, 73, 74, 77, 78, 79, 80, 81, 82, 85, 87, 88, 90, 91, 95, 98, 99, 100, 101, 102, 105, 106, 107, 110, 112, 113, 114, 115, 116, 119, 120, 121, 122, 123, 124, 127, 128, 129, 130, 131, 132, 133, 137, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 154, 155, 157, 159, 165, 167, 171, 172, 174, 178, 184, 185, 186, 187], "url_analysi": 71, "url_artifact__c": 112, "url_bas": 166, "url_count": 153, "url_encod": 144, "url_filt": 153, "url_formatt": 34, "url_frag": 186, "url_html": [81, 184], "url_list": 8, "url_lookup": 166, "url_map": 97, "url_of_your_jira_serv": 63, "url_part": 12, "urlhau": [12, 71, 142, 154, 186], "urllib": 144, "urllib3": 155, "urllist": 84, "urlparamet": 78, "urlqueri": [142, 186], "urlscan": [71, 126, 154], "urlscan_phish": 71, "urlscanio": [140, 174, 185], "urlscanio_api_kei": 140, "urlscanio_publ": 185, "urlscanio_refer": 185, "urlscanio_report_url": 140, "urlscanio_screenshot_url": 140, "urlscanio_url": [140, 185], "urlscanio_userag": 185, "urlss": 153, "urltodns_url": 138, "urlvir": 12, "urlvoid": 12, "urn": 53, "uruguai": 135, "us": [0, 1, 2, 4, 5, 6, 7, 9, 10, 11, 12, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 47, 48, 50, 51, 52, 53, 54, 56, 57, 58, 59, 60, 62, 64, 65, 67, 68, 69, 70, 71, 73, 74, 75, 76, 78, 79, 80, 83, 84, 85, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 100, 105, 106, 108, 109, 111, 112, 113, 114, 115, 116, 117, 118, 120, 121, 122, 123, 124, 125, 126, 127, 129, 130, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 168, 169, 170, 172, 173, 174, 176, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189], "us05web": 31, "us1": 150, "us12": 106, "us2": [106, 150], "us3": 106, "usa": 135, "usabl": 4, "usag": [33, 43, 87, 101, 154], "usage_in_kernelmod": 37, "usage_in_usermod": 37, "usagetyp": 7, "usb": 116, "usc2": 147, "usc3": 147, "use_cas": 20, "use_commit": 83, "use_private_secret": 87, "use_ssl": [158, 182], "use_support_hour": 89, "use_textfsm_templ": 83, "used_in_group": 23, "user": [8, 10, 11, 13, 14, 17, 18, 19, 20, 21, 22, 23, 24, 28, 29, 30, 31, 34, 36, 38, 39, 40, 42, 45, 46, 48, 52, 53, 56, 58, 59, 60, 63, 66, 68, 69, 70, 71, 72, 74, 77, 78, 79, 81, 84, 86, 87, 89, 93, 94, 97, 100, 101, 102, 103, 105, 106, 107, 110, 114, 115, 116, 118, 119, 122, 123, 124, 126, 127, 128, 129, 131, 134, 135, 139, 140, 141, 144, 146, 150, 151, 152, 153, 155, 158, 161, 164, 166, 171, 172, 174, 176, 178, 179, 180, 181, 182, 183, 184, 185, 188, 189], "user1": [40, 41, 66, 88, 110, 131], "user1686331325735812": 112, "user2": [40, 41, 66, 88, 110, 131], "user_ag": 93, "user_agent_str": 135, "user_delet": 73, "user_dn": 66, "user_email": [58, 93], "user_fnam": [59, 126], "user_id": [58, 59, 95, 126], "user_imperson": 18, "user_info": 124, "user_ip_address": 135, "user_list": 88, "user_lnam": [59, 126], "user_messag": 131, "user_mod_tim": 42, "user_nam": [14, 15, 58, 59, 73, 126], "user_overrid": [101, 102, 184], "user_refer": 89, "user_st": 78, "user_statu": 66, "user_tag": 105, "user_typ": 14, "user_update_timestamp": 144, "user_workflow_upd": 144, "usera": 87, "useraccount": 77, "useraccountcontrol": 66, "useraccounttyp": 78, "useractionsneed": 115, "userag": 14, "useragentcategori": 14, "userassignedident": 18, "userb": 87, "userd": [101, 184], "userdomain": 68, "userid": [15, 112, 151], "useridentitytyp": 131, "usermod": 190, "usernam": [11, 14, 15, 18, 19, 20, 24, 28, 34, 37, 38, 40, 42, 55, 58, 62, 63, 65, 66, 68, 73, 83, 84, 87, 88, 95, 98, 101, 102, 103, 109, 110, 112, 113, 114, 116, 118, 120, 124, 128, 129, 144, 152, 153, 160, 164, 171, 187, 189, 190], "username_count": 103, "userpassword": 66, "userpermissionscallcenterautologin": 112, "userpermissionsinteractionus": 112, "userpermissionsjigsawprospectingus": 112, "userpermissionsknowledgeus": 112, "userpermissionsliveagentus": 112, "userpermissionsmarketingus": 112, "userpermissionsofflineus": 112, "userpermissionssfcontentus": 112, "userpermissionssiteforcecontributorus": 112, "userpermissionssiteforcepublisherus": 112, "userpermissionssupportus": 112, "userpermissionsworkdotcomuserfeatur": 112, "userpreferencesactivityreminderspopup": 112, "userpreferencesapexpagesdevelopermod": 112, "userpreferencescachediagnost": 112, "userpreferencescontentemailasandwhen": 112, "userpreferencescontentnoemail": 112, "userpreferencescreatelexappswtshown": 112, "userpreferencesdisableallfeedsemail": 112, "userpreferenceseventreminderscheckboxdefault": 112, "userpreferencesexcludemailappattach": 112, "userpreferencesfavoritesshowtopfavorit": 112, "userpreferencesfavoriteswtshown": 112, "userpreferencesglobalnavbarwtshown": 112, "userpreferencesglobalnavgridmenuwtshown": 112, "userpreferenceshascelebrationbadg": 112, "userpreferenceshassentwarningemail": 112, "userpreferenceshassentwarningemail238": 112, "userpreferenceshassentwarningemail240": 112, "userpreferenceshidebiggerphotocallout": 112, "userpreferenceshidechatteronboardingsplash": 112, "userpreferenceshidecsndesktoptask": 112, "userpreferenceshidecsngetchattermobiletask": 112, "userpreferenceshideenduseronboardingassistantmod": 112, "userpreferenceshidelightningmigrationmod": 112, "userpreferenceshides1browserui": 112, "userpreferenceshidesecondchatteronboardingsplash": 112, "userpreferenceshidesfxwelcomemat": 112, "userpreferencesjigsawlistus": 112, "userpreferenceslightningexperiencepref": 112, "userpreferencesnativeemailcli": 112, "userpreferencesnewlightningreportrunpageen": 112, "userpreferencespathassistantcollaps": 112, "userpreferencespreviewcustomthem": 112, "userpreferencespreviewlightn": 112, "userpreferencesreceivenonotificationsasapprov": 112, "userpreferencesreceivenotificationsasdelegatedapprov": 112, "userpreferencesrecordhomereservedwtshown": 112, "userpreferencesrecordhomesectioncollapsewtshown": 112, "userpreferencesremindersoundoff": 112, "userpreferencesreverseopenactivitiesview": 112, "userpreferencesshowcitytoexternalus": 112, "userpreferencesshowcitytoguestus": 112, "userpreferencesshowcountrytoexternalus": 112, "userpreferencesshowcountrytoguestus": 112, "userpreferencesshowemailtoexternalus": 112, "userpreferencesshowemailtoguestus": 112, "userpreferencesshowfaxtoexternalus": 112, "userpreferencesshowfaxtoguestus": 112, "userpreferencesshowforecastingchangesign": 112, "userpreferencesshowmanagertoexternalus": 112, "userpreferencesshowmanagertoguestus": 112, "userpreferencesshowmobilephonetoexternalus": 112, "userpreferencesshowmobilephonetoguestus": 112, "userpreferencesshowpostalcodetoexternalus": 112, "userpreferencesshowpostalcodetoguestus": 112, "userpreferencesshowprofilepictoguestus": 112, "userpreferencesshowstatetoexternalus": 112, "userpreferencesshowstatetoguestus": 112, "userpreferencesshowstreetaddresstoexternalus": 112, "userpreferencesshowstreetaddresstoguestus": 112, "userpreferencesshowtitletoexternalus": 112, "userpreferencesshowtitletoguestus": 112, "userpreferencesshowworkphonetoexternalus": 112, "userpreferencesshowworkphonetoguestus": 112, "userpreferencessrhoverrideact": 112, "userpreferencessuppresseventsfxremind": 112, "userpreferencessuppresstasksfxremind": 112, "userpreferencestaskreminderscheckboxdefault": 112, "userpreferencesuserdebugmodepref": 112, "userprincipalnam": [66, 77, 78, 79], "userproperty1": 73, "userproperty2": 73, "userproperty3": 73, "userproperty4": 73, "userproperty5": 73, "userproperty6": 73, "userproperty7": 73, "userproperty8": 73, "userroleid": 112, "users_dn": 66, "users_list": 88, "usersid": [77, 107], "userslist": 73, "userst": 78, "usertrigg": 34, "usertyp": [14, 112], "useruniqnam": 123, "userworkflowdto": 144, "usio": 174, "usnchang": 66, "usncreat": 66, "usr": [9, 11, 15, 22, 28, 51, 55, 60, 67, 85, 94, 99, 100, 114, 122, 127, 130, 139, 141, 148, 159, 180], "usr1": 84, "usr2": 84, "usual": [57, 71, 77, 84, 110, 119, 120], "usw2": 147, "usxx": 106, "utah": 117, "utc": [18, 78, 90, 105, 113, 116, 135, 146, 180], "utc_tim": [105, 135], "utcnow": 78, "utf": [12, 40, 41, 59, 90, 97, 110, 112, 126, 165, 180, 190], "util": [4, 10, 29, 32, 57, 58, 63, 68, 76, 77, 83, 86, 101, 104, 116, 118, 129, 131, 136, 146, 150, 154, 160, 163, 182, 188], "utilities_artifact_hash": 141, "utilities_attachment_to_base64": 29, "utilities_base64_to_attach": 47, "utilities_call_rest_api": 29, "utilities_expand_url": 29, "utilities_json2html": 29, "utilities_pdfid": 141, "utl": 77, "utleywrrbuv4shbacstvqukvchvpqt09": 31, "utuxaixy5vo0cmi2digm7mq0h9sbf0vdjydor6h2oapubuhddcui01r1ubp": 97, "uuid": [5, 26, 32, 34, 42, 53, 58, 59, 80, 97, 107, 115, 116, 120, 126, 151, 185], "uuid_hash": 87, "uunet": 14, "uw": 185, "uwf": 116, "uwz": 121, "ux": [116, 155], "uxjycnksimc": 110, "uz5dii8mpssxwwe0eu8jkpzbn5mn0g": 84, "uzb": 135, "uzbekistan": 135, "v": [4, 12, 17, 20, 24, 31, 42, 45, 54, 73, 77, 78, 79, 90, 97, 115, 116, 118, 129, 142, 144, 155, 166, 180, 185], "v0": [23, 34], "v1": [8, 10, 11, 14, 20, 23, 26, 32, 35, 40, 42, 48, 52, 57, 65, 78, 82, 86, 87, 88, 89, 95, 98, 101, 102, 105, 106, 107, 116, 119, 120, 123, 128, 131, 140, 142, 146, 150, 151, 153, 167, 180, 182, 185, 187, 189], "v2": [7, 17, 18, 31, 35, 40, 41, 51, 56, 60, 62, 63, 66, 73, 78, 89, 91, 98, 101, 102, 103, 106, 115, 118, 120, 124, 129, 131, 132, 142, 144, 150, 155, 167], "v3": [45, 56, 80, 114, 142, 186, 190], "v30": [8, 33], "v31": [8, 33, 51, 58, 74, 94, 119, 130, 159], "v32": [67, 99], "v33": 51, "v3333333laalt": 18, "v34": 55, "v35": [9, 55, 60, 68, 75, 100, 114, 122, 127, 139, 140, 143, 148], "v36": [11, 28, 138, 149], "v37": [4, 181], "v39": 180, "v391ac8zxajydao6oyrndwwk8cosdrt5aykiy66innwcyswjwjgdqqg5nlxe6j8goxprgzwp54makmxfvhgo6ymi4vwn5fgiqpjae52a6hccwaobsorq": 97, "v3lqfkmx": 92, "v4": [42, 50, 71, 141, 148, 189], "v40": [3, 180], "v42": 141, "v43": [96, 126], "v45": [73, 96, 186], "v46": 113, "v47": 188, "v48": 181, "v5": 34, "v50": [10, 89], "v51": [117, 120, 166], "v58": 112, "v5vnr": 97, "v6": [42, 71, 144, 189], "v7": [144, 185], "v9": 88, "v_info": 14, "vade": 62, "vagrant": 34, "vaku": 42, "val": 101, "valid": [4, 15, 23, 37, 42, 45, 71, 79, 84, 87, 88, 89, 90, 94, 96, 101, 102, 103, 110, 117, 119, 120, 128, 129, 136, 142, 153, 154, 165, 184, 186, 188], "valid_from": 101, "valid_sinc": 95, "validate_field": [23, 42, 116], "validatedinruntim": 150, "validationerror": 15, "validationset": 18, "validfrom": 185, "validto": 185, "valu": [3, 7, 8, 9, 10, 11, 12, 14, 15, 17, 18, 19, 20, 22, 23, 24, 25, 26, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 47, 48, 50, 52, 53, 54, 55, 56, 58, 59, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 118, 119, 121, 123, 124, 125, 126, 128, 129, 133, 134, 135, 136, 138, 140, 141, 142, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 157, 158, 159, 160, 161, 165, 166, 167, 176, 178, 180, 181, 182, 183, 184, 185, 186, 187, 189, 190], "value1": [66, 80, 113], "value2": [66, 80, 113], "value3": 66, "value_data": [8, 33], "value_playbook": 97, "value_typ": 101, "value_workflow": 97, "valueerror": [15, 23, 42, 116, 153], "valuefrompipelin": 18, "valuefrompipelinebypropertynam": 18, "valuefromremainingargu": 18, "van": 17, "vancouv": 117, "vanuatu": 135, "var": [9, 10, 11, 15, 28, 29, 34, 42, 46, 48, 51, 52, 60, 63, 67, 76, 79, 89, 90, 94, 99, 100, 105, 106, 112, 114, 115, 119, 122, 124, 127, 130, 139, 141, 144, 148, 150, 159, 180, 188, 190], "varbinari": 180, "varchar": 180, "vari": [40, 71, 110, 155, 165, 180], "variabl": [1, 10, 17, 31, 43, 45, 46, 104, 119, 135, 140, 150, 180, 189, 190], "variable_1": 129, "variant": [98, 101, 128, 135], "varieti": [110, 162, 189], "variou": [28, 37, 71, 110, 126, 155], "vat": 135, "vatican": 135, "vault": [142, 186], "vazsyk8r9y3idc7bt5llq2qjspsntyh": 97, "vc": [33, 121], "vc2": 33, "vc_collect": 33, "vcenter": [42, 105], "vcenter_host_url": 144, "vcenter_nam": 144, "vcenter_serv": 105, "vcenter_uuid": 144, "vct": 135, "vd": 107, "vdi": 73, "vdi_base_devic": 144, "vdi_provid": 144, "ve": 63, "vector": [56, 131, 183, 189], "ven": 135, "vendor": [20, 33, 42, 78, 98, 105, 112, 121, 150], "vendor_sever": 150, "vendorinform": 78, "vendornam": 79, "vendorsever": 150, "venezuela": 135, "venu": 40, "venv_3": 155, "ver": [59, 63, 107, 126], "verbos": [83, 120, 155, 186], "verbose_msg": 186, "verd": [135, 157], "verdict": [71, 77, 93, 115, 142, 185, 186], "verdict_nam": 71, "veri": [10, 17, 46, 52, 84, 90, 101, 113, 126, 134, 180, 184, 190], "verif": [11, 38, 45, 63, 73, 77, 87, 107, 108, 110, 155], "verifi": [4, 9, 11, 12, 15, 20, 22, 28, 36, 45, 51, 55, 60, 63, 65, 67, 77, 79, 80, 82, 87, 94, 99, 100, 105, 109, 110, 112, 114, 115, 117, 120, 122, 127, 130, 139, 141, 148, 151, 155, 159, 165, 166, 183, 185, 187, 188, 189, 190], "verify_cert": [22, 40, 53, 63, 74, 80, 101, 102, 103, 128, 190], "verify_for_scan_failed_flag": 185, "verifyflag": [89, 160], "verisign": 77, "verita": 116, "versa": 15, "version": [0, 1, 3, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 26, 27, 28, 29, 30, 32, 33, 35, 36, 37, 38, 41, 42, 43, 44, 46, 47, 48, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 64, 66, 67, 68, 69, 70, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 99, 100, 101, 103, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 120, 121, 122, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 136, 138, 139, 140, 141, 145, 146, 147, 148, 149, 151, 152, 155, 157, 159, 160, 161, 165, 166, 167, 170, 176, 177, 178, 179, 181, 182, 183, 184, 185, 186, 187, 188, 189], "version_info": 180, "versionedrepresent": 63, "versionid": 107, "vertic": [85, 185], "verydarkmod": [59, 126], "veryhigh": 185, "vgauth": 107, "vgauthservic": 107, "vgb": 135, "vi": [44, 114, 145], "via": [17, 20, 21, 23, 32, 39, 41, 42, 54, 63, 64, 77, 80, 81, 84, 87, 88, 99, 105, 107, 109, 112, 115, 116, 118, 124, 132, 135, 136, 148, 151, 159, 160, 166, 180, 181, 182, 188], "viabl": 110, "vice": 15, "victim": [34, 42, 77], "video": 84, "viet": 135, "vietnames": 145, "viettel": [142, 186], "view": [9, 11, 12, 14, 15, 27, 28, 31, 36, 37, 42, 51, 60, 61, 63, 67, 73, 77, 94, 99, 100, 102, 103, 105, 112, 114, 120, 122, 123, 125, 127, 130, 138, 139, 141, 144, 148, 149, 153, 159, 166, 181, 187, 188, 189], "view_item": 97, "vignette1": 95, "vignette3": 95, "vim": 190, "vincent": 135, "violat": [15, 55, 102, 103], "vip": [20, 26], "vipr": [142, 186], "vir": 135, "virgin": 135, "viriback": [71, 142, 186], "virilist": 71, "virtual": [2, 3, 40, 53, 58, 78, 79, 103, 110], "virtual_machin": [144, 150], "virtual_private_cloud_id": 144, "virtualbox": [32, 190], "virtualenv": 3, "virtualization_provid": 144, "virtualizationplatform": 116, "virtualmachin": [77, 78, 79], "viru": [27, 116, 121, 126, 144], "virus": 27, "virustot": [126, 154], "virustotal_gui_url": 142, "visibl": [34, 45, 102, 106, 114, 125, 131, 185, 190], "visit": [26, 148, 152, 158, 175, 186], "vista": 42, "visual": [4, 34, 134], "vivisect": 43, "viz": 51, "vl1oaaaaaaaaaapaaigalajaaabqaaaagaaaaaaaaaaaaaaagaaaaaabaaqaaaaagaaaaagaabaaaaaaaaaagaaaaaaaaaabgaaaaagaaaaaaaamayiuaaeaaaaaaaabaaaaaaaaaaaaqaaaaaaaaiaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaabaaadmbaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaajdiaabwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa": 77, "vl8olqvjcjiagesiwe231vleelxf39": 97, "vlanid": 42, "vm": [107, 190], "vm3dservic": 107, "vm_bruteforc": 79, "vm_ip": 144, "vm_name": 144, "vm_profile_list": 72, "vm_uuid": 144, "vmem": 37, "vmid": 77, "vmmetadata": 77, "vmrai": 154, "vmray_analyzer_report_request_timeout": 143, "vmray_analyzer_url": 143, "vmray_api_kei": 143, "vmsa": 105, "vmtoolsd": 107, "vmware": [42, 53, 105, 107, 116, 154], "vmware_cbc_alert_id": 144, "vmware_cbc_alert_link": 144, "vmware_cbc_alert_note_text": 144, "vmware_cbc_alert_reason_cod": 144, "vmware_cbc_alert_typ": 144, "vmware_cbc_attack_tact": 144, "vmware_cbc_closure_reason": 144, "vmware_cbc_descript": 144, "vmware_cbc_determin": 144, "vmware_cbc_determination_valu": 144, "vmware_cbc_device_act": 144, "vmware_cbc_device_dt": 144, "vmware_cbc_device_id": 144, "vmware_cbc_device_toggl": 144, "vmware_cbc_id": 144, "vmware_cbc_incident_id": 144, "vmware_cbc_note_text": 144, "vmware_cbc_note_typ": 144, "vmware_cbc_observ": 144, "vmware_cbc_observations_dt": 144, "vmware_cbc_override_list": 144, "vmware_cbc_process_id": 144, "vmware_cbc_processes_dt": 144, "vmware_cbc_reputation_overrid": 144, "vmware_cbc_statu": 144, "vmware_cbc_tag": 144, "vmware_cbc_threat_id": 144, "vmware_cbc_workflow_closure_reason": 144, "vmware_cbc_workflow_statu": 144, "vn": 157, "vnc": 42, "vnc_unusual_loc": 42, "vnm": 135, "vnyqebod5gmevzh8sg": 97, "vodafon": 14, "void": 12, "voip": [7, 42], "voip_call_failur": 42, "voip_unavailability_error": 42, "vol": [37, 84], "volatil": 84, "volatility_loc": 84, "volum": [4, 26, 37, 42, 53, 84, 126, 168, 186], "voluntari": 110, "vote": 63, "votesbenign": 185, "votesmalici": 185, "votestot": 185, "vp2so1rbhgcyeoz9nfzbmfrogryw2mmlc9anepctqfbnkbiozeh": 84, "vpc_id": 42, "vpn": [7, 42, 71, 116, 166], "vpn_gateway_unusual_loc": 42, "vpnthplupv8dougaxumusacyqxhx8g004mj": 97, "vr": 185, "vr683nzzsule1nteli4urq6vpy8pkaaimjif3": 185, "vrgxswcjqftp6zs1nf4qep8dhysehemi76": 185, "vrsn": 142, "vsa": 42, "vscode": 190, "vsicstatu": 116, "vsphere": 105, "vsy": 88, "vsys1": 88, "vt_data": [142, 186], "vt_id": 142, "vt_scan_result": 142, "vt_type": [142, 186], "vti": 143, "vti_scor": 143, "vu": 12, "vul": 151, "vuln": 150, "vulner": [19, 33, 42, 48, 80, 102, 105, 114, 122, 171], "vulnerability_configur": 33, "vulnerability_count": 102, "vulnerability_descript": 150, "vulnerability_nam": 150, "vulnerability_result": 150, "vulnerability_scor": 144, "vulnerability_sever": 144, "vulnerabilityst": 78, "vulnerable_asset_id": 150, "vulnerable_asset_o": 150, "vulnerable_asset_typ": 150, "vulnerable_configur": 33, "vulnerable_configuration_cpe_2_2": 33, "vulnerable_obj_outli": 55, "vulnerableasset": 150, "vuner": 77, "vut": 135, "vv": 75, "vvv": 190, "vw": 42, "vx": [142, 186], "vxvault": 71, "vxvault_virilist": 71, "vz8": 185, "vzgkpzwo2340y78na1ns4azjcpzkufshq": 97, "w": [25, 41, 42, 45, 62, 77, 83, 110, 116, 155, 160, 190], "w3": 97, "w32": 121, "w7x64": 64, "wa": [10, 12, 14, 15, 17, 18, 20, 23, 24, 25, 32, 34, 37, 40, 41, 42, 46, 56, 58, 63, 68, 73, 75, 76, 77, 78, 79, 80, 81, 84, 86, 87, 88, 95, 97, 98, 101, 102, 105, 106, 109, 112, 115, 116, 117, 118, 120, 124, 129, 131, 134, 135, 143, 144, 148, 150, 153, 157, 160, 166, 177, 183, 184, 190], "wa_impact_lik": [59, 126], "wai": [9, 11, 15, 18, 20, 28, 29, 33, 34, 37, 48, 51, 60, 63, 66, 67, 76, 80, 86, 87, 88, 90, 94, 96, 99, 100, 102, 103, 105, 106, 107, 110, 112, 113, 114, 116, 122, 125, 126, 127, 128, 130, 131, 134, 139, 141, 144, 146, 148, 159, 163, 181, 188, 189], "wait": [16, 18, 19, 32, 41, 42, 55, 63, 64, 72, 73, 75, 79, 87, 89, 97, 102, 106, 107, 110, 116, 120, 123, 134, 136, 142, 143, 166, 190], "wait_sec": 166, "wake_ag": 73, "wakeup": 73, "walk": [12, 17, 20, 24, 42, 45, 78, 90, 115, 129, 144], "walldata": 123, "walli": 135, "walltim": 185, "want": [17, 32, 42, 46, 48, 58, 63, 66, 69, 73, 88, 97, 101, 112, 118, 119, 120, 126, 131, 134, 161, 177, 180, 182, 189], "wappa": 185, "warn": [10, 15, 58, 67, 84, 87, 97, 128, 135, 151, 181], "wascrack": 129, "washington": 117, "watch": [63, 124], "watchcount": 63, "watched_us": [101, 184], "watcher": [45, 63], "watchers_count": 45, "watchlist": 144, "watchlist_upd": 42, "watso": 101, "watson": [154, 184], "watson_translate_not": 145, "wave": 36, "waypoint": 97, "wbem": 107, "we": [4, 8, 12, 13, 17, 20, 24, 32, 33, 37, 40, 41, 46, 48, 52, 58, 78, 81, 82, 85, 90, 95, 97, 101, 115, 116, 118, 119, 120, 126, 129, 131, 135, 140, 144, 147, 150, 154, 155, 160, 177, 182, 184, 190], "we9b": 98, "weak": 42, "weak_ciph": 42, "weak_kerberos_encryption_attempt": 42, "weasyprint": 57, "web": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 56, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 137, 142, 144, 145, 146, 150, 151, 152, 153, 155, 160, 165, 166, 183, 186], "web_directory_scan": 42, "web_issu": 42, "web_pag": [12, 36], "web_service_issu": 42, "webdomain": 116, "webernet": 105, "webesit": 146, "webex": 154, "webex_add_all_memb": 146, "webex_email": 30, "webex_incident_id": 146, "webex_meeting_agenda": [30, 146], "webex_meeting_attende": 146, "webex_meeting_dur": 146, "webex_meeting_end_tim": [30, 146], "webex_meeting_nam": [30, 146], "webex_meeting_password": [30, 146], "webex_meeting_start_tim": [30, 146], "webex_password": 30, "webex_room_id": 146, "webex_room_nam": 146, "webex_sit": 30, "webex_site_url": [30, 146], "webex_task_id": 146, "webex_team_id": 146, "webex_team_nam": 146, "webex_timezon": [30, 146], "webexapi": 146, "webgoat": 150, "webhookb2": 131, "weblink": [41, 146], "weblog": [42, 165], "weblogic_admin_console_handle_rc": 42, "weblogic_xml_deseri": 42, "webmail": 98, "webpag": 57, "webpuls": 157, "webroot": [142, 186], "webroot_ip": 36, "webserv": [169, 171, 172, 174], "webservic": [62, 107, 116, 129], "websit": [7, 10, 12, 14, 15, 17, 18, 19, 20, 23, 24, 31, 33, 34, 35, 38, 40, 41, 42, 45, 48, 50, 57, 58, 63, 64, 65, 66, 71, 73, 77, 78, 79, 80, 81, 84, 85, 86, 88, 89, 90, 91, 96, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 140, 142, 144, 146, 150, 151, 152, 153, 165, 181], "weburl": 131, "wed": 185, "weed": 106, "week": [18, 42, 69, 70, 134], "weekdai": 18, "weekli": [40, 42], "weight": [20, 34, 42, 87, 101, 102, 103], "weightedcomponentlist": 34, "welcom": 154, "welcomeemaildis": 131, "weli8vz1g": 84, "well": [41, 48, 63, 64, 69, 76, 79, 85, 87, 90, 101, 108, 118, 120, 131, 136, 140, 154, 155, 157, 177, 180, 181], "welsh": 145, "were": [14, 15, 19, 20, 23, 32, 35, 42, 46, 48, 56, 76, 79, 84, 98, 101, 102, 109, 115, 116, 131, 153, 181, 183, 184], "weren": 34, "werkzeug": 155, "west": [14, 63], "western": 135, "wet": 81, "wf": 97, "wf_amp_add_artifact_from_act": 23, "wf_amp_add_artifact_from_ev": 23, "wf_amp_add_artifact_from_trajectori": 23, "wf_amp_delete_file_list_fil": 23, "wf_amp_get_act": 23, "wf_amp_get_computer_by_guid": 23, "wf_amp_get_computer_by_nam": 23, "wf_amp_get_computer_refresh": 23, "wf_amp_get_computer_trajectori": 23, "wf_amp_get_computer_trajectory_by_act": 23, "wf_amp_get_ev": 23, "wf_amp_get_event_typ": 23, "wf_amp_get_events_by_typ": 23, "wf_amp_get_file_list": 23, "wf_amp_get_file_list_fil": 23, "wf_amp_get_group": 23, "wf_amp_get_group_name_by_guid": 23, "wf_amp_move_comput": 23, "wf_amp_set_file_list_fil": 23, "wf_aws_guardduty_refresh_find": 14, "wf_aws_iam_add_user_to_group": 15, "wf_aws_iam_attach_user_polici": 15, "wf_aws_iam_change_profile_password": 15, "wf_aws_iam_deactivate_access_kei": 15, "wf_aws_iam_delete_access_kei": 15, "wf_aws_iam_delete_access_key_for_artifact": 15, "wf_aws_iam_delete_login_profil": 15, "wf_aws_iam_delete_us": 15, "wf_aws_iam_delete_user_for_artifact": 15, "wf_aws_iam_detach_all_user_polici": 15, "wf_aws_iam_get_access_kei": 15, "wf_aws_iam_get_access_key_for_artifact": 15, "wf_aws_iam_get_us": 15, "wf_aws_iam_get_user_for_artifact": 15, "wf_aws_iam_list_access_kei": 15, "wf_aws_iam_list_us": 15, "wf_aws_iam_refresh_access_kei": 15, "wf_aws_iam_refresh_us": 15, "wf_aws_iam_remove_user_from_all_group": 15, "wf_extrahop_rx_create_tag": 42, "wf_extrahop_rx_search_detect": 42, "wf_get_workflow_data": 97, "wf_get_workflow_frequ": 97, "wf_list": 97, "wf_name": [14, 15, 116, 153], "wf_sep_add_fingerprint_list": 116, "wf_sep_assign_fingerprint_list_to_lockdown_group": 116, "wf_sep_delete_fingerprint_list": 116, "wf_sep_delete_hash_from_fingerprint_list": 116, "wf_sep_get_blacklist_inform": 116, "wf_sep_get_endpoint_detail": 116, "wf_sep_get_endpoint_details_for_artifact": 116, "wf_sep_get_endpoints_statu": 116, "wf_sep_get_endpoints_status_detail": 116, "wf_sep_get_endpoints_status_refresh": 116, "wf_sep_get_file_content_as_base64_str": 116, "wf_sep_get_groups_inform": 116, "wf_sep_get_quarantine_statu": 116, "wf_sep_get_remediation_statu": 116, "wf_sep_get_scan_result": 116, "wf_sep_get_upload_statu": 116, "wf_sep_initiate_eoc_scan_for_artifact": 116, "wf_sep_move_endpoint": 116, "wf_sep_quarantine_endpoint": 116, "wf_sep_remediate_artifact_on_endpoint": 116, "wf_sep_upload_file_to_sepm": 116, "wf_stat": 97, "wf_zia_add_artifact_to_allowlist": 153, "wf_zia_add_artifact_to_blocklist": 153, "wf_zia_add_artifact_to_customlist": 153, "wf_zia_add_custom_categori": 153, "wf_zia_add_to_customlist": 153, "wf_zia_add_url_categori": 153, "wf_zia_add_urls_to_allowlist": 153, "wf_zia_add_urls_to_blocklist": 153, "wf_zia_add_urls_to_customlist": 153, "wf_zia_get_allowlist": 153, "wf_zia_get_blocklist": 153, "wf_zia_get_customlist": 153, "wf_zia_get_sandbox_report": 153, "wf_zia_get_url_categori": 153, "wf_zia_remove_artifact_from_allowlist": 153, "wf_zia_remove_artifact_from_blocklist": 153, "wf_zia_remove_artifact_from_customlist": 153, "wf_zia_remove_from_allowlist": 153, "wf_zia_remove_from_blocklist": 153, "wf_zia_remove_from_customlist": 153, "wf_zia_url_lookup": 153, "wgcgl": 42, "wgyf8z8cgvm2qmxpnbnldrcltvk4xqfn": 142, "what": [8, 9, 11, 12, 15, 20, 28, 47, 51, 54, 58, 60, 63, 67, 71, 85, 87, 94, 96, 97, 99, 100, 101, 114, 118, 119, 122, 127, 130, 139, 141, 148, 159, 181], "whatev": [46, 120], "whatever_name_you_w": 46, "whatid": 112, "whatif": 18, "when": [1, 5, 9, 10, 11, 12, 14, 15, 17, 19, 20, 21, 22, 23, 24, 28, 29, 32, 34, 35, 37, 38, 40, 41, 42, 44, 45, 46, 48, 51, 54, 55, 57, 58, 60, 64, 65, 67, 68, 70, 71, 73, 74, 75, 76, 77, 78, 79, 84, 85, 87, 89, 90, 94, 96, 97, 98, 99, 100, 101, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 120, 122, 123, 124, 125, 127, 129, 130, 131, 134, 135, 139, 140, 141, 143, 144, 146, 148, 150, 153, 155, 159, 160, 162, 166, 167, 172, 174, 178, 179, 180, 181, 182, 185, 187, 188, 189, 190], "whenchang": 66, "whencreat": 66, "where": [1, 4, 14, 24, 29, 37, 38, 41, 47, 48, 52, 54, 55, 58, 63, 65, 66, 68, 69, 73, 74, 75, 77, 79, 81, 85, 86, 88, 97, 99, 102, 103, 105, 106, 108, 110, 112, 113, 116, 117, 118, 119, 120, 126, 128, 134, 138, 141, 144, 149, 150, 155, 158, 166, 176, 177, 180, 181, 189, 190], "wherea": [110, 113], "wherewew": 116, "whether": [14, 15, 16, 17, 23, 34, 41, 48, 58, 65, 68, 73, 75, 79, 81, 95, 96, 97, 101, 103, 105, 106, 110, 112, 116, 153, 166, 181], "which": [1, 4, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 29, 30, 31, 34, 35, 37, 38, 40, 41, 42, 45, 46, 47, 48, 49, 50, 52, 54, 55, 56, 57, 58, 59, 61, 62, 63, 64, 65, 66, 68, 69, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 117, 118, 120, 121, 122, 123, 124, 125, 126, 128, 129, 130, 131, 134, 135, 136, 137, 138, 140, 142, 144, 145, 146, 147, 149, 150, 151, 152, 153, 155, 159, 165, 166, 168, 170, 176, 177, 178, 179, 180, 181, 182, 183, 184, 188, 189], "while": [32, 42, 48, 71, 78, 79, 102, 110, 116, 131, 146, 153], "whilst": [183, 190], "white": [80, 95, 101, 151], "white_list": 144, "whitehat": [56, 183], "whitelist": [23, 71, 143], "whitelisturl": 153, "whiteningopt": 115, "whl": 180, "who": [15, 21, 32, 54, 55, 56, 58, 71, 112, 118, 126, 131, 135, 146, 155, 183, 188, 189], "whoi": [8, 26, 59, 82, 84, 101, 126, 132, 142, 154, 171, 186], "whois_dat": [142, 186], "whois_https_proxi": 147, "whois_queri": [147, 148], "whole": [34, 41], "whom": 102, "whose": [15, 41, 105, 106, 189], "why": [32, 47, 54, 118, 144], "wicf": 186, "wide": [126, 134], "wider": 126, "widget": 35, "width": [87, 97, 101, 116, 184], "wifi": 42, "wifi_auth_issu": 42, "wifimacaddress": 68, "wiki": [12, 151, 154, 180, 181], "wiki_bodi": 149, "wiki_contents_as_json": 149, "wiki_create_if_miss": 149, "wiki_path": 149, "wiki_search_term": 149, "wikia": 95, "wikimedia": 71, "wikipedia": [113, 151], "wild": [80, 116], "wildcard": [42, 45, 66, 97, 105, 153, 180, 182, 189], "williballenthin": 43, "win": [23, 73, 116, 121], "win10": [34, 71, 116], "win1234": 190, "win221": 144, "win2345": 190, "win2k": 116, "win2k3": 116, "win2k8": 116, "win2k8r2": 116, "win32": [77, 121], "win64": 185, "win7": 116, "win7sp0x64": 84, "win8": 116, "windomain": 34, "window": [9, 11, 17, 19, 23, 28, 32, 34, 42, 44, 51, 54, 60, 66, 67, 68, 73, 77, 79, 87, 94, 100, 102, 103, 107, 114, 116, 121, 122, 127, 130, 139, 141, 143, 144, 148, 155, 159, 171, 185, 190], "windows10": [77, 78, 129], "windows20": 123, "windows_event_account": 107, "windows_event_descript": 107, "windows_event_ipport": 107, "windows_event_workst": 107, "windows_firewal": 116, "windows_firewall_notif": 116, "windows_platform": 144, "windows_processor_id": 23, "windowsdefenderatp": 77, "windowspowershel": [77, 107], "windowsvmo": [77, 78], "windowsvmos2": [77, 108], "winemb7": 116, "winemb8": 116, "winemb81": 116, "winfundament": 116, "wininit": 107, "winlogon": 107, "winnt": 116, "wino": 23, "winrm": 84, "winserv": 116, "winserver2022": 144, "winserver221": 144, "winvista": 116, "winword": 77, "winxp": 116, "winxpemb": 116, "winxpprof64": 116, "wireless": 116, "wish": [34, 37, 63, 66, 86, 88, 96, 131, 135, 136, 147, 182], "withgoogl": 185, "within": [2, 4, 10, 14, 20, 27, 29, 33, 34, 35, 38, 40, 45, 52, 58, 59, 63, 71, 72, 75, 76, 77, 81, 84, 87, 88, 97, 102, 108, 109, 110, 116, 119, 123, 126, 131, 138, 146, 149, 153, 165, 177, 178, 180, 181, 182, 188, 189, 190], "without": [23, 35, 37, 47, 48, 77, 85, 101, 110, 124, 129, 131, 134, 135, 155, 180, 186, 189, 190], "withyoutub": 185, "wiz": 154, "wiz_descript": 150, "wiz_issue_id": 150, "wiz_issue_statu": 150, "wiz_num_result": 150, "wiz_project_id": 150, "wiz_projects_t": 150, "wiz_query_filt": 150, "wiz_resolution_reason": 150, "wiz_resolution_summari": 150, "wiz_soar_not": 150, "wiz_vulnerabilities_t": 150, "wizard": 17, "wjby4zta6umo4afsh5vudf6agvidumz1fdmbzrjul5lu": 97, "wksf": 84, "wl": 185, "wlf": 135, "wm": 185, "wmhp8bpqem5q": 97, "wmi": 42, "wmi_act": 42, "wmi_create_process": 42, "wmi_enumeration_queri": 42, "wmiprvs": 107, "wn": 185, "wocquhzhyq3kv9zdc": 97, "wokflow": 49, "won": 177, "wont_fix": 150, "word": [34, 85, 102, 118, 181], "word2vec": 70, "wordpress": 42, "wordpress_brute_forc": 42, "worflow": 97, "work": [1, 7, 32, 38, 40, 45, 47, 58, 60, 63, 72, 76, 80, 84, 87, 88, 91, 95, 96, 100, 102, 110, 112, 114, 118, 119, 120, 122, 127, 139, 140, 141, 146, 167, 189, 190], "work_not": [118, 119], "workerfetchstart": 185, "workerreadi": 185, "workerrespondwithsettl": 185, "workerstart": 185, "workflow": [2, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 19, 21, 23, 24, 27, 28, 30, 31, 32, 33, 35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 52, 53, 54, 56, 57, 58, 59, 60, 61, 62, 65, 66, 68, 69, 70, 72, 73, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 87, 88, 89, 90, 91, 92, 93, 95, 96, 98, 99, 100, 101, 103, 104, 109, 113, 115, 116, 117, 121, 122, 123, 124, 128, 129, 130, 131, 133, 134, 136, 137, 138, 140, 141, 142, 143, 145, 146, 147, 149, 151, 152, 153, 156, 157, 158, 166, 180, 181, 184, 186, 187, 188], "workflow_cont": 97, "workflow_data": 97, "workflow_guardium_insights_block_us": 54, "workflow_guardium_insights_classification_report": 54, "workflow_id": 97, "workflow_instance_id": 97, "workflow_nam": 97, "workflow_statu": 144, "workflow_typ": 97, "workflow_usag": 97, "workflowsstatu": 123, "workgroup": 116, "workload": 115, "worklog": [63, 114], "worknot": 119, "worknotessplit": 119, "workratio": 63, "workspac": [59, 79, 124, 126, 178, 179, 181, 182, 188], "workspace_nam": 79, "workspaceid": 79, "workstat": [23, 42, 73, 107], "world": [10, 20, 73, 92, 114, 131, 137], "worstinfectionidx": 116, "worth": 78, "would": [4, 18, 20, 32, 34, 37, 40, 65, 76, 79, 85, 87, 90, 105, 106, 107, 110, 112, 113, 118, 119, 120, 131, 135, 144, 146, 150, 168, 177, 189], "wqcmaawhqydvr0obby": 84, "wrap": [40, 84, 111, 141], "wrapper": [28, 52, 165], "wri4x0k7x0lleowhquw2957i4tq2": 97, "writabl": 151, "write": [12, 17, 20, 23, 30, 34, 40, 42, 59, 68, 90, 93, 103, 106, 108, 109, 110, 112, 113, 115, 126, 129, 131, 142, 144, 164, 166, 176, 177, 178, 180, 181, 189], "write_file_attach": 140, "write_to_artifact": 40, "writeabl": 151, "writefiltersstatu": 116, "written": [10, 17, 24, 34, 35, 40, 41, 90, 92, 106, 129, 144, 161, 176, 177], "wrong": 42, "wrote": [17, 63], "wsm": 135, "wsman_act": 42, "wssstatu": 116, "wsymqyv90": 23, "www": [1, 7, 12, 23, 24, 26, 38, 48, 49, 50, 55, 56, 62, 64, 68, 71, 84, 87, 90, 94, 95, 97, 101, 105, 110, 122, 132, 142, 145, 147, 148, 151, 160, 167, 181, 183, 186], "x": [1, 9, 10, 11, 12, 15, 20, 21, 28, 29, 31, 32, 33, 34, 35, 44, 51, 54, 58, 60, 67, 71, 73, 75, 84, 87, 88, 90, 94, 97, 99, 100, 101, 105, 107, 110, 111, 114, 115, 116, 117, 120, 122, 123, 127, 130, 131, 135, 139, 140, 141, 143, 148, 155, 159, 166, 169, 170, 171, 172, 173, 174, 178, 180, 184, 185, 190], "x03": 103, "x11": 93, "x1b": 83, "x1b5cfyivdyumz0uhj5bhpw5p5bijdcxiy644tft": 97, "x25519": 185, "x509": [84, 87, 90, 155, 171], "x53vezc3rqdhherrlzb123456mwhub": 18, "x64": [77, 107, 116, 144, 185], "x86": [77, 107], "x86_64": [14, 53, 73, 84, 93, 115], "x_": 135, "x_ibm_security_relev": [101, 184], "x_ibm_security_tox": [101, 184], "x_ibmrt_resili": [118, 120], "x_ibmrt_resilient_ibm_resilient_reference_id": 119, "x_ibmrt_resilient_ibm_resilient_reference_link": 119, "x_ibmrt_resilient_ibm_resilient_typ": 119, "x_ibmrt_resilient_ibm_soar_reference_id": 119, "x_ibmrt_resilient_ibm_soar_reference_link": 119, "x_ibmrt_resilient_ibm_soar_typ": 119, "x_mitre_detect": [81, 184], "xcitium": [142, 186], "xcv": 9, "xdr": [106, 107, 144], "xe4chtig": 157, "xen": 116, "xeon": 107, "xfa": 90, "xfe": [101, 184], "xforc": [33, 102, 154, 188, 190], "xforce_apikei": 151, "xforce_baseurl": 151, "xforce_collection_id": 151, "xforce_collection_typ": 151, "xforce_password": 151, "xforce_queri": 151, "xfta": 151, "xgno7g": 110, "xhbqaaaafzukdcak7ohokaaamauexurundq2qot": 185, "xjx": 97, "xlarg": 14, "xlmwfayfpv": 97, "xma": 42, "xml": [19, 23, 59, 88, 97, 126, 165], "xml_respons": 88, "xml_stylesheet_dir": 90, "xml_transform": 90, "xmln": 97, "xmlschema": 97, "xmltodict": 88, "xmltransform": 90, "xmode": 72, "xoxb": 124, "xp": [17, 42], "xpath": 88, "xpnprojectstatu": 48, "xref": 90, "xs2vr": 125, "xsd": 97, "xsi": 97, "xsl": 90, "xslt": 90, "xslx": 40, "xsmall": 63, "xss": [12, 42], "xss_attack": 42, "xtrnnqe": 110, "xvc8xxvlogrlr83vn7hrd1lyhogkkmhaqaiz7mwajhc34": 97, "xvcxoku62cfnqudzi": 97, "xvf": 184, "xwr": 37, "xx": [23, 131, 165, 180], "xxk": 135, "xxx": [12, 17, 20, 23, 24, 36, 41, 45, 49, 66, 78, 87, 90, 93, 105, 107, 109, 112, 115, 129, 135, 140, 144, 150, 181, 187, 190], "xxx3aef168e8aeadfb606bf2637cxxx": 135, "xxxx": [21, 22, 25, 53, 68, 79, 98, 105, 118, 144], "xxxxx": [22, 25, 95], "xxxxxx": [25, 106, 115], "xxxxxxx": [25, 160], "xxxxxxxx": 79, "xxxxxxxxx": [106, 124], "xxxxxxxxxxx": [124, 139, 146], "xxxxxxxxxxxx": [79, 102, 124], "xxxxxxxxxxxxx": 124, "xxxxxxxxxxxxxxxxxx": 122, "xxxxyyyi": 144, "xymzsqflu": 97, "xytozv8txb9j0rsenxxpknkzir3j8l1lnhok8uoa5nk96rmgtuwyxoxrhnugk6yyp1elj1oswpv6jhj4hmshpvlwfa3bavdb0rokvdvceyzx4jai5pbu6pmdgrd9dltu6v3xbkravk0j9okcoejkf2yfan0d4akyi3q": 97, "xyz": [116, 153], "y": [4, 8, 9, 10, 11, 15, 28, 35, 40, 42, 44, 51, 54, 55, 60, 63, 67, 89, 94, 95, 97, 99, 100, 103, 105, 111, 113, 114, 120, 122, 127, 130, 135, 139, 141, 142, 143, 148, 150, 190], "y20a9hexgkyhns4hw5kgva": 110, "y2lzy29zcgfyazovl3vybjpurufnonvzlxdlc3qtml9yl1jpt00vzmu4zjfmntatmwewmy0xmwvklwjizdktmzcwmdcyntiymgjl": 146, "y2lzy29zcgfyazovl3vybjpurufnonvzlxdlc3qtml9yl1rfqu0vzmu4zjfmntatmwewmy0xmwvklwjizdktmzcwmdcyntiymgjl": 146, "y2lzy29zcgfyazovl3vzl1bft1bmrs85odm0yjblyi1mzmy1ltrjy2ytytcwoc04nzk1ymfjyjq3nzu": 146, "ya": 151, "yallahomsa": 98, "yaml": 10, "yandex": [142, 186], "yara": 64, "ybufnwte4yi12eyprtdmfhvj": 18, "ydca551c7dxxxd54b971xxxxxxxxx": 146, "ydca551c7dxxxx930aexxxx509cda551c7ddxxxx930ae68d54b971xxxxxxxxx": 146, "ydl83ap8pkx3gyw2llumhsgtbeccauxafdcuu9mw6axlw60tqh9is6op36lhorkezrev": 97, "ye": [7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 32, 34, 35, 36, 37, 38, 40, 41, 42, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 56, 57, 58, 59, 61, 62, 63, 64, 65, 66, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 136, 137, 139, 140, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 159, 161, 165, 166, 184, 185, 186, 188, 190], "year": [35, 95, 103], "yearstart": 112, "yellow": [119, 143, 190], "yem": 135, "yemen": 135, "yesterdai": 112, "yet": [153, 184], "yeti": [126, 154], "yeti_artifact_typ": 152, "yeti_artifact_valu": 152, "yeti_instance_usernam": 152, "yeti_observables_queri": 152, "yeti_threat_servic": 175, "yfcxg4ggrkazxu": 110, "yfqcgaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaiaaloqaa4ftannibgbtm0hkjbuaglzihbyb2dyyw0gbxvzdcbizsbydw4gdw5kzxigv2lumzinciq3aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabqrqaataejao3nqfyaaaaaaaaaaoaadgmlaquaaaahaabgagaaaaaaccaaaaaqaaaaeceaaabaaaaqaaaaagaabaaaaaaaaaafaaaaaaaaaaawjwaabgaaaaaaaaiaaaaaabaaacaaaaaaeaaaeaaaaaaaabaaaaaa4cmasqeaaacqiwbwowaaapajaaceaaaaaaaaaaaaaaaaaaaaaaaaajakaiidagaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagcmagaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadqiwdlbgaaaaaaaaaaaaaaaaaaaaaaac50zxh0aaaaaaahaaaqaaaa": 116, "yfrujyo": 107, "yfwpc": 97, "yield": [84, 190], "yiwo": 77, "yml": 10, "york": [49, 117], "you": [1, 3, 4, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 44, 45, 46, 47, 48, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 136, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 159, 161, 164, 165, 166, 176, 178, 179, 180, 181, 182, 186, 187, 188, 189, 190], "your": [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 44, 45, 46, 47, 48, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 73, 74, 75, 76, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 139, 140, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 157, 159, 160, 161, 162, 164, 165, 166, 167, 170, 171, 172, 173, 174, 176, 177, 178, 179, 180, 181, 182, 186, 187, 188, 189], "your_api_kei": [28, 151], "your_api_password": 151, "your_ca": 87, "your_ca_priv": 87, "your_compani": 4, "your_custom_app": 4, "your_epo_password": 73, "your_epo_serv": 73, "your_epo_usernam": 73, "your_google_project_id": 46, "your_proxi": 140, "your_resilient_serv": 69, "your_smime_us": 87, "yourcompani": 98, "yourdb": 181, "yourorg": [178, 182], "yq": 18, "yqojqr1mxgmesti0hualy79dgw1qbn2wwshnem3kdmfq8zbmqrymedr": 97, "yum": [4, 10, 85, 90, 190], "yuo_vc": 157, "ywucamgwvkci6dib7wvobcdy8gapy6mero5posdiuut8trzmbdpttttlxbasgu4zqf": 97, "yy": 131, "yyqffmcbqjaptkuhd8xr": 97, "yyyi": [32, 35, 69, 80, 103, 113], "z": [12, 17, 24, 35, 36, 41, 45, 56, 78, 90, 115, 129, 144], "z1d": 20, "z1d_activity_typ": 20, "z1d_activitydate_tab": 20, "z1d_associationdescript": 20, "z1d_char02": 20, "z1d_ci_formnam": 20, "z1d_cog_autosuppgrppredrul": 20, "z1d_cog_suppgrpworkinfotag": 20, "z1d_command": 20, "z1d_communicationsourc": 20, "z1d_confirmgroup": 20, "z1d_createdfrombackendsynchwi": 20, "z1d_detail": 20, "z1d_formnam": 20, "z1d_interfaceact": 20, "z1d_secure_log": 20, "z1d_sr_instanceid": 20, "z1d_summari": 20, "z1d_view_access": 20, "z1d_workinfosubmitt": 20, "z1d_worklogdetail": 20, "z2af_act_attachment_1": 20, "z4e": 18, "za": [12, 17, 24, 45, 78, 90, 115, 129, 144], "zabbix": 89, "zaf": 135, "zak": 31, "zambia": 135, "zatoxp": 121, "zbot": 144, "zdn": 186, "zealand": 135, "zealous_chaplygin": 37, "zendesk": 183, "zero": [42, 78, 97, 105, 106, 112, 115, 129, 144], "zerocert": [142, 186], "zerologon": 42, "zfqg91qkwvnnjciyhleojzjgqljl": 97, "zgy8hwh7brvr2oatez1wviwsdnmzpd27c": 185, "zh": [145, 157], "zh_tw": 157, "zheng": 151, "zia_activ": 153, "zia_add_artifact_to_allowlist": 153, "zia_allowlist": 153, "zia_allowlisturl": 153, "zia_api_base_url": 153, "zia_api_kei": 153, "zia_blocklist": 153, "zia_blocklisturl": 153, "zia_category_id": 153, "zia_cloud_nam": 153, "zia_configured_nam": 153, "zia_configured_name_input": 153, "zia_custom_categori": 153, "zia_custom_onli": 153, "zia_customlist": 153, "zia_full_report": 153, "zia_keyword": 153, "zia_keyword_filt": 153, "zia_md5": 153, "zia_name_filt": 153, "zia_password": 153, "zia_report_typ": 153, "zia_sandbox_report_summari": 153, "zia_super_categori": 153, "zia_url": 153, "zia_url_categori": 153, "zia_url_filt": 153, "zia_usernam": 153, "zijrpphpjv": 97, "zimbabw": 135, "zimbra": 42, "zip": [4, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 33, 34, 35, 38, 40, 41, 42, 44, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 120, 121, 122, 123, 124, 125, 127, 128, 129, 130, 131, 132, 134, 135, 136, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 155, 157, 159, 165, 166, 167, 169, 170, 172, 173, 174, 176, 178, 179, 180, 182, 190], "zip_cod": 95, "zipbal": [43, 45], "zipball_url": 45, "zipfil": 126, "zipfile_password": 126, "zmb": 135, "zmfvuo9zlvnjbsgna9o5dcsebwjt9": 97, "zoho": 42, "zone": [18, 20, 42, 63, 102, 148], "zoom": [42, 154], "zoom_account_id": 31, "zoom_adapt": 17, "zoom_agenda": 31, "zoom_api_timezon": 31, "zoom_api_url": 31, "zoom_client_id": 31, "zoom_client_secret": 31, "zoom_marketplace_account_email": 31, "zoom_password": 31, "zoom_record_meet": 31, "zoom_top": 31, "zpa": 97, "zqiut1xe9g4": 97, "zraef3fw0gvw4a": 84, "zsapi": 153, "zscaler": 154, "zscalerbeta": 153, "zstb6ilbvcdqcnajvjfql": 84, "ztmpeventguid": 20, "zvelo": [142, 186], "zwe": 135, "zwm0xjs6acvtdocqrqgo2i": 97, "zxhhbxbszqo": 85, "zz": 131, "zznuzkxu4usabj4": 97, "\u00e5land": 135}, "titles": ["Setup", "Repository Mirror Scripts", "History", "Utility scripts for automatic app refreshment", "App Host Conversion Files", "Base Input Fields for Function Development", "IBM SOAR Python Documentation", "AbuseIPDB", "AlienVault OTX", "Anomali Staxx", "Ansible for SOAR", "Ansible Tower", "APIVoid Threat Analysis APIs", "About Apility.IO", "fn_aws_guardduty", "AWS IAM", "AWS Utilities", "Axonius", "Azure Automation Utilities", "BigFix", "BMC Helix", "Calendar Invite", "CarbonBlack Protection", "Cisco Secure Endpoint", "Cisco ASA", "Cisco Umbrella Enforcement", "Cisco Umbrella Investigate", "ClamAV", "Cloud Foundry", "App Host Components", "Cisco WebEx", "Zoom", "CrowdStrike Falcon", "CVE Search", "Darktrace <!-- omit in toc -->", "Datatable Utilities", "Digital Shadows Search", "Docker", "ElasticSearch", "Email Header Validation", "Microsoft Exchange", "Microsoft Exchange Online", "ExtraHop", "Floss", "Google Geocoding", "GitHub", "Google Cloud DLP", "Google Cloud Functions", "Google Cloud Security Command Center", "Google Maps", "Google Safe Browsing", "GreyNoise", "gRPC Interface", "GRR", "Guardium Insights Integration", "Guardium Integration Application for IBM Resilient.", "Have I Been Pwned", "HTML to PDF", "Symantec ICDx", "Incident Utilities", "IOC Parser", "IPInfo", "IsItPhishing", "Jira", "Joe Sandbox Analysis", "Kafka", "IBM SOAR LDAP Utilities", "Log Capture", "MaaS360", "Machine Learning", "NLP Search", "Mandiant Threat Intelligence", "McAfee ATD", "McAfee ePO", "McAfee ESM", "McAfee OpenDXL", "McAfee TIE", "Microsoft Defender", "Microsoft Security Graph Integration for SOAR", "Microsoft Sentinel", "MISP", "MITRE ATT&amp;CK", "About MxToolBox", "netMiko", "Network Utilities", "Image OCR", "ODBC Query", "Outbound Email", "Palo Alto Panorama", "PagerDuty", "Parse Utilities", "PassiveTotal", "PasteBin Creator", "Phish.AI", "PhishTank Lookup", "Pipl", "Playbook Maker", "Playbook Utils", "Proofpoint TAP", "Proofpoint TRAP", "Pulsedive", "QRadar Advisor Functions", "QRadar Enhanced Data Migration", "QRadar Integration", "TOR", "Randori", "Rapid7 InsightIDR", "QRadar EDR", "Parent/Child Relationships", "Remedy", "REST API Functions for SOAR", "RSA NetWitness", "Salesforce", "Scheduler", "Secureworks CTP", "SentinelOne", "Symantec Endpoint Protection", "ServiceNow", "SOAR Customization Guide", "ServiceNow Customization Guide", "ServiceNow Installation Guide", "Shadowserver", "Shodan", "Siemplify", "Slack", "Snapshot URL", "SOAR Utilities", "Spamhaus Lookup", "Splunk", "Symantec DLP", "Task Utilities", "Microsoft Teams", "ThreatMiner", "Thug", "Timer Function", "Trusteer Pinpoint Detect", "Twilio SMS", "Twitter Search API", "URL to DNS", "URLhaus", "URLScan.io", "Utilities (Deprecated)", "VirusTotal", "VMRay Sandbox Analyzer", "VMware Carbon Black Cloud", "Watson Translate", "Cisco Webex", "Whois", "Whois RDAP", "SOAR Wiki", "Wiz", "IBM XForce Collections", "Yeti", "Zscaler Internet Access Functions for IBM SOAR", "IBM Security QRadar SOAR Apps", "OAuth Utilities", "Older integration applications", "Bluecoat Site Review", "LDAP Search", "SOAR to ICD", "Risk Fabric", "Query CSV Files From Resilient", "Query-Runner Component", "Shell-Runner", "&lt;no title&gt;", "ISC SANS", "CriminalIP Threat Enrichment for IP Address and URL Artifacts", "AbuseIPDB Threat Service", "Google Safe Browsing Threat Searcher", "Have I Been Pwned Threat Searcher", "McAfee TIE Threat Searcher", "MISP Threat Searcher", "RiskIQ PassiveTotal", "ShadowServer Threat Service", "URLScan IO Threat Searcher", "YETI Threat Service", "Data Feed FileFeed Plugin", "Data Feed Extension", "Data Feed Elasticsearch Plugin", "Data Feed KafkaFeed Plugin", "Data Feeder for ODBC Databases", "Data Feeder for SOAR", "Data Feed plugin for Splunk", "SOAR Content Package for Have I Been Pwned", "QRadar SOAR Content Package for QRadar Advisor and MITRE ATT&amp;CK<sup>TM</sup>", "SOAR Content Package for URLScan.io", "SOAR Content Package for VirusTotal v1.1", "Convert JSON to Rich Text Script", "IBM SOAR Email Approval Process Content Pack", "IBM SOAR example email message parsing script", "Technical Workshop Guide: <em>resilient-circuits</em>"], "titleterms": {"": [66, 81, 188], "0": [9, 10, 14, 24, 28, 35, 41, 44, 51, 62, 63, 65, 66, 67, 68, 73, 74, 75, 77, 79, 80, 86, 87, 88, 89, 90, 94, 99, 100, 102, 103, 107, 110, 113, 114, 117, 122, 124, 127, 128, 131, 132, 135, 138, 139, 142, 143, 151, 155, 159, 178, 180, 181, 182, 189], "1": [9, 10, 14, 24, 28, 35, 37, 41, 42, 51, 55, 62, 63, 65, 66, 68, 73, 74, 75, 77, 79, 86, 87, 88, 89, 90, 94, 98, 99, 100, 102, 107, 110, 113, 117, 119, 120, 124, 127, 128, 129, 131, 132, 138, 139, 142, 143, 144, 151, 171, 178, 180, 182, 186, 190], "10": [102, 190], "11": 190, "12": 190, "13": 190, "14": 190, "15": 190, "16": 190, "17": 190, "18": 190, "19": 190, "2": [10, 24, 35, 37, 41, 44, 51, 55, 65, 66, 68, 73, 74, 75, 77, 80, 87, 88, 99, 102, 103, 107, 110, 113, 117, 119, 120, 124, 131, 139, 144, 155, 182, 190], "20": 190, "21": 190, "22": 190, "23": 190, "24": 190, "25": 190, "26": 190, "27": 190, "28": 190, "29": 190, "3": [12, 17, 24, 41, 45, 55, 63, 80, 88, 90, 99, 102, 103, 107, 110, 115, 117, 119, 120, 144, 166, 189, 190], "30": 190, "365": 155, "4": [41, 88, 102, 117, 120, 128, 190], "4a": 55, "4b": 55, "5": [55, 102, 117, 120, 144, 180, 190], "6": [120, 190], "7": [120, 190], "8": [120, 190], "9": [117, 120, 190], "A": 118, "But": 107, "By": [17, 55, 144], "For": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 138, 142, 144, 145, 146, 149, 150, 151, 152, 153, 155, 165, 166], "If": 108, "No": 66, "On": 32, "The": [15, 126, 133, 135, 189], "To": [15, 37, 39, 133, 153], "With": [7, 40, 42, 48, 50, 85, 91, 116, 121, 124, 129, 131], "abil": 13, "abort": 115, "about": [1, 2, 8, 13, 29, 33, 37, 55, 82], "abuseipdb": [7, 167], "access": [14, 15, 55, 66, 153, 177], "access_token": 110, "account": [18, 112, 190], "acknowledg": 34, "act": 126, "action": [9, 11, 14, 15, 19, 28, 32, 51, 60, 67, 68, 94, 99, 100, 114, 122, 127, 130, 139, 141, 144, 148, 159, 160], "activ": [18, 20, 23, 24, 55, 96, 126], "activitymap": 42, "actor": 14, "ad": [29, 77, 97, 143], "add": [15, 24, 34, 35, 42, 55, 66, 73, 79, 103, 106, 112, 116, 118, 120, 123, 128, 133, 153, 190], "addit": [29, 180, 182], "addnot": 119, "address": [88, 166, 189], "adit": 133, "adject": 188, "advanc": 4, "advisor": [101, 184], "affect": 14, "after": 29, "agent": [18, 24, 73, 115], "ai": 93, "alert": [77, 78, 79, 106, 107, 135, 144], "alert_filt": 77, "alien": 8, "alienvault": 8, "all": [1, 35, 55, 73, 81, 103, 154], "allowlist": [153, 189], "along": 107, "alto": 88, "amass": 37, "amongst": 190, "amp": 23, "an": [32, 33, 36, 37, 46, 73, 106, 112, 120, 126], "analysi": [12, 64, 101, 184], "analyz": 143, "anomali": 9, "anoth": 190, "ansibl": [10, 11], "api": [12, 14, 15, 17, 18, 19, 20, 23, 24, 29, 32, 34, 35, 36, 37, 40, 41, 42, 48, 54, 58, 63, 66, 68, 73, 76, 77, 79, 81, 86, 87, 88, 95, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 113, 115, 116, 118, 119, 120, 123, 124, 128, 131, 135, 137, 144, 150, 153, 155, 165, 166], "apikey_permiss": 4, "apil": 13, "apivoid": 12, "app": [1, 3, 4, 7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 32, 34, 35, 36, 37, 38, 40, 42, 44, 45, 46, 47, 48, 49, 50, 52, 53, 54, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 83, 84, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 118, 120, 121, 122, 123, 124, 125, 127, 128, 129, 131, 134, 135, 136, 137, 138, 139, 140, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 165, 166, 178, 180, 181, 182, 190], "appendix": [59, 77, 126, 129], "apphost": 15, "applianc": 177, "applic": [55, 119, 131, 156], "approv": 188, "ar": [63, 66, 86, 88, 102, 103, 125, 128, 190], "architectur": 119, "archiv": [14, 58, 124, 131], "argument": 155, "artifact": [14, 15, 19, 24, 34, 37, 40, 41, 42, 68, 71, 76, 77, 95, 98, 101, 102, 107, 108, 113, 118, 123, 126, 135, 166, 171, 188], "asa": 24, "asset": [19, 48, 73, 102], "assign": [42, 73, 108, 116, 120], "associ": 34, "atd": 72, "att": [81, 184], "attach": [15, 37, 41, 47, 87, 106, 107, 110, 112, 118, 123, 124, 126], "attribut": [80, 129], "authent": [46, 87, 110, 146, 155], "author": 87, "auto": 108, "autom": 18, "automat": [3, 102, 120, 186], "aw": [14, 15, 16], "axoniu": 17, "azur": [18, 77, 131], "b": 143, "backoff": 110, "base": [5, 90], "base64": [47, 116, 126], "basic": [68, 87], "been": [22, 26, 56, 169, 183], "behavior": 181, "between": 112, "bidirect": [63, 181], "bigfix": 19, "binari": 129, "black": 144, "block": [54, 55], "blocklist": [123, 153], "bluecoat": 157, "bmc": 20, "bodi": 110, "both": 131, "br": 143, "branch": 45, "breach": [34, 54, 56, 183], "broker": 65, "brows": [33, 50, 168], "bucket": 14, "bug": 107, "build": [4, 69, 70], "bundl": 110, "byte": 85, "c": 32, "calendar": 21, "call": [165, 166], "campaign": [98, 189], "can": [107, 126, 133, 144, 177], "cancel": 116, "captur": 67, "carbon": 144, "carbonblack": 22, "case": [34, 42, 48, 55, 63, 101, 105, 106, 112, 123, 129, 135, 144, 150], "casenam": 119, "categori": [102, 153], "cbc": 144, "cbprotect": 22, "center": 48, "cento": 90, "cert": 84, "certif": [15, 87, 90, 110], "chang": [4, 10, 14, 24, 33, 35, 42, 63, 65, 66, 73, 77, 86, 87, 88, 89, 90, 98, 102, 103, 117, 124, 128, 131, 142, 151, 178, 180, 181, 182, 189], "changelog": 140, "channel": [124, 131], "check": 190, "child": 108, "circuit": [9, 11, 15, 28, 51, 60, 67, 94, 99, 100, 114, 122, 127, 130, 139, 141, 148, 159, 190], "cisco": [23, 24, 25, 26, 30, 146], "ck": [81, 184], "clamav": 27, "class": [176, 178, 179, 180, 181, 182], "classif": [54, 135], "clear": [34, 35, 105], "client": [24, 55, 73, 110, 112, 131, 155], "client_auth_cert": 110, "client_auth_kei": 110, "client_auth_pem": 110, "close": [20, 59, 65, 107, 108, 109, 114, 118, 123, 126, 129], "cloud": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 47, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165], "cmdb": 190, "code": [110, 190], "collect": [77, 151], "column": [14, 15, 17, 18, 19, 20, 23, 24, 32, 34, 35, 36, 37, 40, 41, 42, 48, 54, 58, 63, 66, 68, 73, 76, 77, 79, 81, 86, 87, 95, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 113, 115, 116, 118, 123, 124, 128, 135, 144, 150, 153], "command": [48, 84, 116, 190], "comment": [63, 79, 105, 106, 112, 123], "commit": 45, "common": 87, "compat": [178, 182], "compil": 110, "compliant": 116, "compon": [29, 44, 126, 157, 162, 176, 178, 179, 180, 182], "comput": [23, 116], "config": [32, 36, 37, 47, 49, 53, 56, 61, 63, 66, 77, 84, 86, 88, 102, 103, 118, 128, 133, 136, 137, 140, 147, 182, 190], "configur": [1, 7, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 112, 113, 115, 116, 120, 121, 123, 124, 125, 128, 129, 131, 133, 134, 135, 138, 142, 144, 145, 146, 149, 150, 151, 152, 153, 155, 160, 181, 182, 188, 189, 190], "connect": [37, 87, 112, 115, 135, 177, 180], "consent": 155, "consider": [10, 34, 63, 77, 105, 106, 107, 110, 112, 113, 124, 144, 150, 178, 180, 181, 182], "contact": [112, 126], "contain": [4, 15, 29, 37], "content": [1, 7, 8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 138, 142, 143, 144, 145, 146, 147, 149, 150, 151, 152, 153, 155, 183, 184, 185, 186, 188], "context": 101, "continu": 107, "convers": [4, 87, 124], "convert": [12, 17, 24, 45, 78, 90, 115, 129, 144, 165, 166, 187, 190], "copi": [108, 119], "correct": [119, 120], "count": 17, "creat": [18, 20, 24, 30, 31, 35, 40, 41, 42, 45, 59, 63, 66, 68, 73, 77, 80, 86, 88, 89, 92, 95, 98, 101, 102, 103, 107, 109, 112, 113, 118, 119, 120, 126, 128, 131, 135, 146, 149, 155, 160, 177, 190], "creation": 77, "creator": 92, "credenti": [15, 18, 112, 155, 190], "criminalip": 166, "criteria": 144, "critic": 116, "crowdstrik": 32, "csv": [35, 161], "ctp": 114, "custom": [11, 14, 15, 17, 18, 19, 20, 23, 24, 34, 40, 41, 42, 43, 48, 54, 55, 63, 66, 68, 69, 70, 72, 73, 74, 76, 77, 78, 79, 80, 81, 86, 87, 95, 97, 98, 99, 101, 102, 103, 105, 106, 107, 108, 109, 112, 113, 114, 115, 116, 117, 118, 119, 120, 123, 128, 129, 135, 144, 150, 153, 189, 190], "customize_and_reload": 3, "cve": 33, "darktrac": 34, "data": [14, 15, 17, 18, 19, 20, 23, 24, 32, 33, 34, 35, 37, 40, 41, 42, 48, 54, 55, 58, 59, 63, 66, 68, 73, 76, 77, 79, 81, 86, 87, 95, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 113, 115, 116, 118, 123, 124, 126, 128, 135, 144, 150, 153, 176, 177, 178, 179, 180, 181, 182], "databas": [86, 177, 180, 181], "datat": [35, 36, 37, 68, 97, 108, 113, 135], "datetim": 180, "db": [55, 177, 181], "de": 46, "deactiv": 15, "deal": 189, "debian": 85, "debug": 190, "decis": 126, "defend": 77, "defin": 119, "deisol": 107, "delai": 110, "deleg": 131, "delet": [15, 18, 23, 35, 40, 41, 45, 68, 73, 77, 103, 116, 128, 131, 146], "depend": [43, 47, 69, 70, 183, 184, 185, 186], "deploy": 29, "deprec": 141, "descript": [69, 70, 165, 166, 183, 184, 185, 186], "destin": [29, 102, 111, 161, 177, 190], "detach": 15, "detail": [14, 24, 34, 55, 78, 98, 115, 116, 129, 133, 144], "detect": [23, 42, 105, 135], "determin": 106, "develop": [5, 7, 17, 23, 24, 31, 34, 39, 40, 42, 45, 48, 50, 65, 71, 85, 91, 98, 101, 105, 106, 107, 112, 116, 121, 123, 124, 126, 129, 131, 133, 135, 142, 144, 150, 153, 154, 190], "devic": [15, 17, 32, 34, 42, 68, 144], "diagram": 119, "dialect": 180, "digit": 36, "directli": 177, "directori": 45, "disconnect": 115, "discoveri": 105, "disk": 115, "displai": [8, 32, 33, 36, 37, 97], "distanc": 84, "distribut": [39, 68, 133], "dlp": [46, 129], "dn": 138, "do": 102, "docker": [37, 190], "dockerfil": 4, "document": [6, 62, 117, 182], "doe": 177, "domain": [84, 116, 189], "download": [69, 120], "driver": 86, "dxl": 75, "dynam": 126, "each": [126, 144], "edit": 88, "edr": 107, "elasticfe": 178, "elasticsearch": [38, 178], "email": [39, 40, 87, 90, 135, 188, 189], "enabl": [131, 135], "encod": 180, "encrypt": 87, "endpoint": [7, 23, 38, 40, 42, 48, 50, 71, 85, 91, 98, 101, 107, 110, 116, 121, 124, 129, 131, 155], "enforc": [17, 25], "enhanc": [87, 102, 107], "enrich": 166, "ensur": 190, "enter": 120, "entiti": [79, 123], "entitl": 55, "entri": 123, "entrypoint": 4, "environ": [7, 10, 12, 13, 14, 15, 16, 17, 18, 19, 20, 22, 23, 24, 26, 27, 29, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 63, 64, 65, 66, 71, 73, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 155, 158, 165, 167, 175], "eoc": 116, "epo": 73, "escal": [14, 42], "esm": 74, "etc": 126, "event": [23, 34, 58, 80, 102, 103, 107, 116, 128], "evid": 106, "exampl": [1, 2, 26, 35, 55, 66, 68, 84, 98, 102, 110, 136, 143, 158, 160, 183, 184, 185, 187, 189], "except": 116, "exchang": [40, 41], "exclus": 144, "execut": [16, 18, 73, 77, 112], "exist": 119, "expand": 84, "export": [97, 165, 166], "extend": 189, "extens": [177, 189], "extern": [76, 126], "extract": [84, 126], "extrahop": 42, "fabric": 160, "falcon": 32, "faq": 177, "featur": [7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 38, 40, 41, 42, 45, 46, 48, 50, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 115, 116, 117, 121, 123, 124, 125, 128, 129, 130, 131, 135, 138, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 166, 181, 187, 188], "feed": [135, 176, 177, 178, 179, 182], "feeder": [180, 181], "fetch": 87, "field": [5, 14, 17, 18, 20, 34, 42, 48, 54, 55, 63, 66, 77, 78, 79, 80, 81, 87, 96, 98, 101, 102, 103, 105, 106, 107, 108, 112, 115, 118, 123, 129, 135, 144, 150, 180], "file": [0, 4, 23, 29, 45, 76, 77, 90, 107, 110, 116, 133, 161, 182, 190], "filefe": 176, "filter": [48, 77, 79, 105, 106, 112, 144], "find": [14, 40, 48, 58, 73, 77, 103], "fingerprint": 116, "firewal": [24, 116], "first": 102, "fix": 107, "floss": 43, "flow": [102, 112], "fn": [65, 96, 144, 190], "fn_aws_guardduti": 14, "fn_cisco_umbrella_inv": 26, "fn_kafka": 65, "fn_netdevice_config": 83, "fn_netdevice_queri": 83, "fn_odbc_queri": 86, "fn_qradar_enhanced_data": 102, "fn_reaqta": 107, "fn_service_now": 120, "fn_slack": 124, "fn_util": 126, "folder": [40, 41], "follow": 15, "forc": 151, "forens": 98, "form": [24, 110], "format": [110, 143, 187], "foundri": 28, "from": [15, 23, 24, 41, 42, 55, 66, 73, 77, 84, 85, 95, 105, 106, 112, 115, 126, 135, 143, 144, 153, 161], "full": 125, "function": [5, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 45, 46, 47, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 61, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 132, 133, 134, 135, 136, 137, 138, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 165, 166, 183, 185, 186, 190], "functions_2": 15, "futur": 107, "gcp": 47, "gener": [55, 106], "geocod": 44, "get": [16, 17, 18, 23, 24, 32, 34, 35, 40, 41, 42, 45, 48, 56, 58, 68, 73, 77, 78, 79, 81, 88, 93, 97, 98, 102, 103, 105, 106, 107, 112, 115, 116, 123, 126, 129, 135, 136, 144, 149, 151, 153, 160, 183], "getresilientreferenceid": 119, "getresilientreferencelink": 119, "getresilienttyp": 119, "github": 45, "give": 120, "given": 81, "gliderecord": 119, "global": 96, "gmail": 155, "googl": [44, 46, 47, 48, 49, 50, 155, 168], "graph": 78, "greater": 107, "greynois": 51, "group": [15, 23, 24, 34, 66, 73, 81, 88, 116, 120, 131], "grpc": 52, "grr": [53, 190], "guardduti": 14, "guardium": [54, 55], "guid": [118, 119, 120, 190], "gz": 133, "hash": [76, 115, 126], "have": [22, 26, 56, 102, 169, 183], "header": 39, "helix": 20, "helper": [42, 118], "hint": 110, "histor": 177, "histori": [1, 2, 29, 41, 44, 56, 60, 107, 111, 141, 147, 148, 149, 166, 167, 178, 179, 181, 187, 188, 189], "hit": [165, 183, 185, 186], "hive_label": 107, "host": [1, 4, 9, 10, 11, 28, 29, 44, 46, 54, 60, 76, 90, 114, 120, 122, 127, 139, 140, 143, 148, 160, 178, 180, 181, 182], "how": [25, 39, 63, 66, 86, 88, 102, 103, 128, 133, 177], "html": [57, 62], "i": [56, 108, 169, 177, 183, 190], "iam": 15, "ibm": [6, 55, 59, 66, 97, 101, 120, 135, 151, 153, 154, 177, 188, 189], "icd": 159, "icdx": 58, "icon": 4, "id": [15, 17, 68, 144, 151], "identifi": [46, 189], "imag": [1, 37, 85, 125], "impact": 105, "import": [0, 9, 29, 97, 166, 183, 184, 185, 186], "inbound": 135, "incid": [8, 20, 32, 33, 34, 36, 37, 55, 59, 65, 69, 77, 79, 87, 89, 102, 108, 109, 114, 120, 126, 129, 135, 143, 160, 189], "incident_close_templ": 79, "incident_create_templ": 79, "incident_update_templ": 79, "includ": [165, 166, 188], "inclus": 87, "incom": 131, "indic": 77, "individu": 126, "info": [37, 40, 116, 126], "inform": [18, 38, 40, 77, 81, 107, 110, 165], "initi": [1, 2, 115], "input": [5, 8, 32, 33, 36, 37, 47, 49, 53, 56, 61, 96, 110, 136, 137, 143, 147], "insid": 160, "insight": 54, "insightidr": 106, "inspect": 46, "instal": [7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 28, 29, 30, 31, 33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 48, 50, 51, 52, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 138, 139, 140, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 157, 159, 160, 165, 166, 169, 170, 171, 172, 173, 174, 176, 178, 179, 180, 181, 182, 183, 185, 186, 187, 188, 189, 190], "instanc": [14, 190], "instruct": [166, 167, 187, 189], "integr": [9, 10, 11, 15, 28, 37, 44, 46, 54, 55, 60, 78, 85, 90, 103, 113, 114, 120, 122, 125, 126, 127, 139, 140, 143, 148, 156, 178, 179, 180, 181, 182], "intel": 128, "intellig": 71, "interfac": 52, "intern": 77, "internet": 153, "introduct": [4, 157, 176, 177, 178, 179, 180, 182], "inventory_apps_server_vers": 3, "investig": [26, 77, 106], "invit": 21, "invoc": 37, "invok": 16, "io": [13, 140, 174, 185], "ioc": [32, 60], "ip": [77, 102, 160, 166, 189], "ipinfo": 61, "isc": 165, "isitphish": 62, "isn": 177, "isol": [23, 77, 107], "issu": [37, 48, 63, 73, 87, 102, 150], "item": [103, 128], "jinja": [42, 79, 105, 106, 112, 144], "jira": 63, "job": [18, 113, 144], "joe": 64, "json": [12, 17, 24, 45, 78, 90, 110, 115, 129, 144, 165, 166, 187], "just": 177, "jwt": 110, "kafka": 65, "kafkafe": 179, "kei": [0, 7, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 31, 34, 38, 40, 41, 42, 45, 46, 48, 50, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 115, 116, 117, 120, 121, 123, 124, 125, 128, 129, 130, 131, 135, 138, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 188], "kill": [107, 144], "known": [37, 48], "label": [63, 65, 66, 86, 88, 102, 103, 128], "lambda": 16, "languag": 145, "last": 102, "latest": 45, "layout": [8, 11, 14, 17, 18, 19, 20, 23, 24, 33, 34, 40, 41, 42, 48, 54, 63, 68, 73, 74, 76, 77, 79, 81, 86, 95, 97, 98, 99, 101, 102, 103, 105, 106, 107, 108, 109, 112, 113, 114, 115, 116, 120, 123, 128, 135, 144, 150, 153], "ldap": [66, 158, 190], "ldap_search": 158, "learn": 69, "legaci": 110, "level": 108, "licens": [176, 177, 178, 179, 180, 181, 182, 190], "limit": [10, 17, 112, 181], "line": 110, "link": [87, 109, 118, 119, 120, 135], "linux": 84, "list": [15, 18, 23, 34, 45, 48, 55, 58, 73, 77, 80, 89, 106, 107, 113, 116, 123, 126, 131, 153], "listen": 65, "local": [84, 96, 101], "locat": 68, "lock": 68, "log": [9, 11, 15, 28, 33, 51, 60, 67, 94, 99, 100, 114, 122, 127, 130, 139, 141, 148, 159, 180], "login": 15, "lookup": [94, 118, 127, 149, 153], "m": 131, "maas360": 68, "machin": [69, 77, 107], "maco": 85, "mailbox": 40, "main": [30, 35], "maintain": [177, 190], "make": [96, 190], "maker": 96, "manag": 101, "mandiant": 71, "manual": [77, 102], "map": [49, 101, 180, 184], "mark": 48, "mask": 48, "matching_incident_field": 181, "mcafe": [72, 73, 74, 75, 76, 170], "mechan": 110, "meet": [30, 31, 40, 41, 146], "messag": [29, 41, 87, 111, 124, 131, 136, 161, 188, 189, 190], "method": [110, 181], "mfa": 15, "microsoft": [40, 41, 77, 78, 79, 131, 155], "mid": 120, "migrat": [44, 102, 107, 113], "mirror": 1, "misp": [80, 171], "mitig": 160, "mitr": [81, 102, 184], "mode": [39, 133], "model": [34, 59, 69, 70, 126, 160], "modif": 180, "modifi": [113, 119, 180], "modul": [10, 18], "move": [23, 40, 41, 116], "msg": 90, "msgconvert": 90, "mssp": 102, "multi": 63, "multipart": 110, "multipl": [87, 102], "must": 77, "mxtoolbox": 82, "my": 177, "name": [14, 15, 17, 18, 19, 20, 23, 24, 29, 32, 34, 35, 36, 37, 40, 41, 42, 48, 54, 55, 58, 63, 66, 68, 73, 76, 77, 79, 81, 86, 87, 95, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 113, 115, 116, 118, 123, 124, 128, 135, 144, 150, 153], "need": 120, "netmiko": 83, "netwit": 111, "network": [24, 84, 115], "new": [70, 77, 110, 131, 154, 155, 177, 190], "nlp": 70, "node": 18, "non": 116, "notabl": 128, "note": [7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 132, 133, 134, 135, 138, 139, 140, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 159, 165, 171, 177, 180, 182], "noteformat": 119, "notetext": 119, "now": 113, "nsrl": 37, "oauth": [63, 87, 110, 146, 155], "oauth2_generate_refresh_token": 155, "object": [24, 55, 98, 119], "observ": [101, 144], "ocr": 85, "odbc": [86, 180], "odbcfe": 180, "offens": [101, 102, 103, 184], "older": 156, "omit": [21, 34, 46, 48, 52, 71, 105, 107, 110, 117], "one": 190, "onli": 120, "onlin": 41, "open": [63, 177], "opendxl": 75, "openldap": 190, "oper": [188, 189], "option": [37, 119, 190], "orchestr": 126, "order": 77, "org": 190, "organ": [106, 190], "other": 140, "otx": 8, "our": 190, "outbound": 87, "outlier": 55, "outlook": [90, 155], "output": [8, 32, 33, 36, 37, 47, 49, 53, 56, 61, 136, 137, 143, 147, 187], "overrid": 144, "overview": [3, 7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 134, 135, 138, 139, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 159, 165, 171], "own": 119, "owner": [135, 189], "p12": 87, "pack": 188, "packag": [1, 2, 8, 29, 33, 39, 43, 55, 69, 70, 77, 87, 133, 155, 183, 184, 185, 186, 190], "packet": 42, "page": 149, "pagerduti": 89, "pair": 24, "pak": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165], "palo": 88, "panorama": 88, "paramet": [55, 110, 119], "parent": 108, "pars": [34, 90, 135, 189], "parser": 60, "partial": 94, "passivetot": [91, 172], "password": 66, "past": [56, 183], "pastebin": 92, "path": [40, 105], "paus": 113, "pb": [97, 186], "pdf": 57, "pdfid": 90, "pem": 110, "perform": [102, 177], "permiss": [23, 29, 41, 42, 73, 87, 88, 115, 129, 131, 135, 144, 150, 153, 155], "persist": [113, 160], "person": 95, "phish": [93, 189], "phishtank": 94, "picklist": 112, "pinpoint": 135, "pipl": 95, "plan": 160, "platform": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165], "playbook": [10, 14, 17, 18, 20, 23, 24, 34, 35, 40, 41, 42, 45, 63, 64, 65, 66, 71, 73, 77, 79, 80, 84, 88, 89, 90, 96, 97, 98, 102, 103, 105, 106, 107, 110, 112, 113, 115, 118, 123, 124, 125, 126, 128, 129, 131, 135, 142, 144, 150, 151, 165, 166, 186, 188], "plugin": [102, 176, 178, 179, 182], "point": 126, "polici": [15, 73, 107, 116], "poller": [14, 34, 42, 63, 77, 79, 89, 102, 105, 106, 107, 112, 144, 150], "poller_filters_templ": 79, "polling_filter_criteria_": 144, "popul": [17, 54, 144], "portal": 131, "post": [8, 32, 33, 36, 37, 49, 53, 56, 61, 96, 106, 112, 124, 131, 136, 137, 140, 143, 144, 147], "postgresql": [177, 181], "powershel": 84, "ppd": 135, "pre": [8, 32, 33, 36, 37, 47, 49, 53, 56, 61, 119, 136, 137, 140, 143, 147], "prerequisit": [7, 8, 10, 15, 17, 23, 26, 33, 34, 41, 42, 45, 48, 50, 55, 65, 87, 89, 91, 101, 105, 106, 115, 119, 120, 124, 129, 132, 135, 136, 142, 144, 150, 153, 155, 170, 183, 185, 186, 190], "prioriti": 106, "privat": 110, "procedur": 189, "process": [8, 32, 33, 36, 37, 47, 49, 53, 56, 61, 96, 107, 136, 137, 140, 143, 144, 147, 188], "product": 190, "profil": [15, 41], "programmat": 134, "project": [150, 155], "proofpoint": [98, 99], "properti": [34, 42, 48], "protect": [22, 116], "provid": [22, 26, 37, 107, 110], "proxi": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 165], "public": 15, "publish": 75, "pull": [37, 150], "pulsed": 100, "pwned": [56, 169, 183], "py": [2, 3], "python": [6, 7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 23, 24, 27, 29, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 63, 64, 65, 66, 71, 73, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 155, 165, 176, 178, 179, 180, 182, 190], "python2": 2, "qr": 102, "qradar": [101, 102, 103, 107, 154, 177, 184], "quarantin": [77, 116], "queri": [9, 17, 19, 38, 41, 58, 66, 73, 86, 103, 112, 148, 150, 151, 161, 162, 177], "ran": 32, "randori": 105, "rapid7": 106, "rdap": 148, "re": 119, "read": [85, 131], "real": 102, "rebuild": [3, 69, 70], "rebuild_image_nam": 3, "receiv": 136, "recent": 154, "record": [112, 118, 119], "refer": [63, 102, 103, 109, 190], "refresh": [3, 14, 102], "refresh_token": 110, "regard": 113, "regener": 18, "region": 106, "regist": 131, "registr": [18, 155], "relat": [77, 102, 108], "relationship": 108, "releas": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 132, 134, 135, 138, 139, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 159, 165, 171, 177, 180, 182], "remedi": [19, 109], "remot": 84, "remov": [15, 24, 66, 73, 108, 113, 123, 153], "report": [18, 54, 55, 93, 153, 189], "repositori": [1, 45], "reput": [76, 115, 144], "request": [12, 110], "requir": [4, 7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 127, 128, 129, 130, 131, 135, 138, 139, 141, 142, 143, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 159, 165, 175, 179, 180, 181, 188], "requisit": 37, "res_reference_id": 119, "reserv": 180, "resili": [4, 9, 11, 13, 15, 16, 22, 26, 27, 28, 30, 46, 51, 52, 54, 55, 57, 60, 62, 67, 76, 77, 82, 83, 92, 93, 94, 99, 100, 104, 114, 122, 127, 130, 134, 139, 141, 145, 148, 159, 161, 190], "resilientfe": 181, "resilienthelp": 119, "resolv": 115, "resourc": 14, "respons": [120, 126, 136], "rest": [24, 110, 165, 166], "rest_retry_backoff": 110, "rest_retry_delai": 110, "rest_retry_tri": 110, "restart": [29, 115], "result": [19, 32, 41, 55, 66, 76, 86, 87, 101, 116, 126, 128, 133, 157, 187, 189, 190], "resum": 113, "retri": 110, "return": [112, 119, 126], "reveal": 42, "review": 157, "revis": [29, 167], "rf": 160, "rhel": 90, "rich": [12, 17, 24, 45, 78, 90, 115, 129, 144, 166, 187], "risk": [55, 160], "riski": 55, "riskiq": 172, "role": 120, "room": 146, "row": [35, 103, 144], "rsa": 111, "rule": [7, 8, 9, 12, 15, 16, 19, 21, 22, 23, 27, 30, 31, 32, 33, 36, 37, 38, 46, 47, 48, 49, 50, 52, 53, 54, 55, 56, 57, 58, 59, 61, 62, 68, 75, 76, 78, 81, 83, 85, 86, 87, 91, 92, 93, 95, 96, 101, 102, 107, 108, 109, 111, 113, 116, 121, 123, 126, 129, 132, 134, 135, 136, 137, 138, 143, 145, 147, 149, 152, 153, 161, 184, 190], "run": [17, 37, 55, 73, 84, 102, 113, 119, 190], "runbook": 18, "runner": [162, 163], "s3": 14, "safe": [50, 168], "salesforc": 112, "sampl": [8, 26, 157], "san": 165, "sandbox": [47, 64, 143, 153], "save": [69, 87], "scan": [27, 77, 93, 115, 116, 185, 186], "scc": 48, "schedul": [18, 113], "scope": 119, "score": [55, 105], "scr_amp_add_artifact_from_act": 23, "scr_amp_add_artifact_from_ev": 23, "scr_amp_add_artifact_from_trajectori": 23, "scr_sep_add_artifact_from_scan_result": 116, "scr_sep_parse_email_notif": 116, "screen": [125, 155], "screenshot": [15, 30, 35, 47, 65, 96, 138, 143, 144], "script": [1, 3, 8, 9, 11, 12, 15, 17, 23, 24, 28, 32, 33, 34, 36, 37, 41, 42, 45, 47, 49, 51, 53, 56, 60, 61, 66, 67, 68, 77, 78, 84, 87, 90, 94, 95, 96, 97, 98, 99, 100, 101, 102, 114, 115, 116, 119, 122, 126, 127, 129, 130, 135, 136, 137, 139, 140, 141, 143, 144, 147, 148, 159, 160, 165, 166, 187, 189, 190], "sdk": 4, "search": [2, 32, 33, 36, 42, 55, 59, 66, 68, 70, 76, 77, 78, 80, 95, 101, 102, 103, 126, 128, 137, 144, 158, 190], "searcher": [168, 169, 170, 171, 174], "secret": [17, 55, 110, 131, 155], "section": [8, 37, 77, 134], "secur": [7, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 57, 58, 59, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 142, 144, 145, 146, 150, 151, 152, 153, 154, 165], "securework": 114, "see": 77, "select": 112, "send": [16, 37, 40, 41, 65, 87, 105, 115, 118, 126, 129, 150], "sensit": [55, 110], "sensor": 42, "sentinel": 79, "sentinel_close_incident_templ": 79, "sentinel_update_incident_templ": 79, "sentinelon": 115, "sep": 116, "separ": 110, "sepm": 116, "server": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 44, 45, 46, 48, 50, 52, 54, 58, 59, 60, 62, 63, 64, 65, 66, 71, 73, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 109, 110, 112, 113, 114, 115, 116, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 134, 135, 139, 140, 142, 143, 144, 145, 146, 148, 150, 151, 152, 153, 161, 165, 178, 179, 180, 181, 182], "servic": [15, 42, 89, 167, 173, 175], "servicenow": [117, 118, 119, 120], "servicenowallowedtablenam": 120, "set": [17, 23, 32, 36, 37, 47, 49, 53, 56, 61, 66, 73, 76, 77, 102, 103, 106, 118, 131, 134, 136, 137, 140, 147, 155], "setup": [0, 29, 35, 37, 43, 60, 69, 70, 140, 161, 167, 175, 181, 190], "sh": [1, 3, 4], "shadow": 36, "shadowserv": [121, 173], "share": 190, "shell": [84, 163, 190], "shodan": 122, "shutdown": 115, "side": 110, "siem": [98, 103], "siemplifi": 123, "sight": 80, "sign": [15, 87], "similar": [34, 144], "simpl": 23, "simplifi": 126, "singl": [63, 66, 86, 88, 102, 103, 128], "sir": 120, "site": 157, "slack": 124, "sm": [16, 136], "smtp": 155, "sn": 16, "sn_table_nam": 118, "snapshot": 125, "snow": 118, "snrecordid": 119, "snticketst": 119, "snticketstatecolor": 119, "soar": [2, 6, 7, 10, 12, 14, 15, 17, 18, 19, 20, 21, 23, 24, 31, 34, 35, 38, 40, 41, 42, 45, 48, 50, 58, 59, 63, 64, 65, 66, 71, 73, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 120, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 141, 142, 144, 146, 149, 150, 151, 152, 153, 154, 159, 165, 177, 181, 183, 184, 185, 186, 188, 189], "soar_close_cas": [105, 106, 112, 144], "soar_close_incid": 42, "soar_create_cas": [105, 106, 112, 144], "soar_create_case_with_artifact": 112, "soar_create_incid": 42, "soar_ticketid_incid": 42, "soar_update_cas": [105, 106, 112, 144], "soar_update_incid": 42, "softwar": [68, 81], "solut": 189, "sourc": [48, 55, 102], "spamhau": 127, "specif": [15, 37], "specifi": [98, 144], "splunk": [128, 182], "splunkhecfe": 182, "spotter": 55, "sql": 86, "sqlite": 181, "sqlitefe": 180, "sqlserver": 86, "ssh": [15, 37], "sshpass": 10, "ssl": [84, 90], "standalon": 42, "start": [43, 69, 70, 190], "statement": 29, "statist": 18, "statu": [9, 11, 15, 19, 28, 51, 60, 67, 94, 99, 100, 105, 106, 107, 112, 114, 115, 116, 122, 127, 130, 139, 141, 148, 150, 159], "staxx": 9, "step": [3, 16, 37, 119, 120, 166, 181, 187, 190], "stop": 68, "storag": 106, "store": 190, "stream": 27, "string": [119, 126, 180], "structur": 0, "subscrib": 75, "summari": [102, 116, 153], "sup": 184, "support": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 27, 28, 30, 31, 34, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 138, 139, 141, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 159, 165, 166, 171, 177, 181], "sure": 190, "symantec": [58, 116, 129], "sync": [63, 108, 112, 120, 123, 150], "synchron": 181, "sys_id": 118, "system": [69, 70, 73, 90], "t": 177, "tab": [114, 120], "tabl": [1, 7, 8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 45, 46, 48, 50, 52, 54, 55, 57, 58, 59, 62, 63, 64, 65, 66, 68, 71, 73, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 115, 116, 118, 121, 123, 124, 125, 126, 128, 129, 131, 134, 135, 136, 138, 142, 143, 144, 145, 146, 147, 149, 150, 151, 152, 153, 155], "tactic": [81, 102, 184], "tag": [34, 42, 73, 80, 144], "taken": 126, "tap": 98, "tar": 133, "target": 105, "task": [63, 73, 87, 108, 112, 123, 130, 188], "team": [131, 146], "technic": 190, "techniqu": [81, 102], "templat": [34, 42, 48, 63, 65, 77, 79, 87, 89, 105, 106, 112, 129, 144, 150, 188], "tenanc": 63, "test": [120, 161, 190], "text": [12, 17, 24, 45, 78, 85, 90, 115, 129, 144, 166, 187], "thi": [1, 2, 8, 29, 33, 55, 77, 177, 190], "threat": [12, 71, 98, 115, 128, 160, 166, 167, 168, 169, 170, 171, 173, 174, 175], "threatmin": 132, "thug": 133, "tie": [76, 170], "time": 102, "timeout": 100, "timer": [134, 166], "timer_epoch": 134, "timezon": [40, 180], "tip": 181, "tl": 87, "tm": 184, "toc": [21, 34, 46, 48, 52, 71, 105, 107, 110, 117], "toggl": 66, "token": [87, 110], "tool": 177, "top": 102, "tor": 104, "tower": 11, "trajectori": 23, "transfer": 190, "transform": 90, "transit": [63, 89], "translat": 145, "trap": 99, "tri": 110, "trigger": [102, 107], "troubleshoot": [7, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 28, 29, 30, 31, 35, 38, 40, 41, 42, 45, 46, 48, 50, 51, 52, 54, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 70, 71, 73, 74, 75, 76, 77, 78, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 138, 139, 141, 142, 144, 145, 146, 148, 149, 150, 151, 152, 153, 155, 159, 166, 181, 188], "trusteer": 135, "twilio": 136, "twilio_send_sm": 136, "twitter": 137, "txt": [3, 4], "type": [14, 15, 23, 54, 68, 76, 98, 102, 108, 112, 135, 171, 180], "ubuntu": 85, "ui": [120, 190], "umbrella": [25, 26], "unacknowledg": 34, "unencrypt": 87, "uninstal": [9, 11, 28, 39, 43, 44, 51, 60, 67, 69, 70, 74, 94, 99, 100, 114, 122, 127, 130, 133, 139, 141, 159, 171, 183, 184, 186], "up": [4, 73, 131, 177], "updat": [15, 35, 42, 45, 48, 65, 66, 73, 77, 78, 79, 102, 103, 105, 112, 115, 116, 118, 123, 128, 129, 135, 149, 154], "updatestateinresili": 119, "upgrad": [9, 167], "upload": [116, 129], "upon": 126, "url": [62, 84, 93, 94, 125, 135, 138, 153, 166, 189], "urlhau": 139, "urlscan": [140, 174, 185], "us": [3, 8, 13, 16, 25, 39, 46, 55, 63, 66, 72, 77, 81, 82, 86, 87, 88, 96, 101, 102, 103, 104, 107, 110, 119, 128, 131, 133, 177, 190], "usag": [0, 1, 2, 55, 67, 97, 155, 166, 183, 184, 185, 186, 187], "usecas": 37, "user": [15, 41, 54, 55, 73, 88, 98, 112, 120, 160, 190], "util": [3, 16, 18, 33, 35, 38, 47, 59, 66, 84, 87, 90, 97, 126, 130, 141, 151, 155, 190], "v": 190, "v1": [9, 12, 17, 24, 28, 41, 44, 45, 51, 62, 67, 68, 74, 75, 77, 90, 94, 99, 100, 113, 114, 115, 117, 122, 127, 129, 132, 135, 138, 139, 143, 144, 159, 166, 171, 186], "v2": [79, 87, 113, 117, 122, 181, 189], "valid": [39, 190], "valu": 131, "vault": 8, "version": [17, 23, 24, 31, 34, 40, 45, 63, 65, 71, 98, 102, 105, 106, 107, 112, 123, 135, 142, 144, 150, 153, 180, 190], "view": [69, 190], "viewabl": 125, "virtual": 15, "virustot": [142, 186], "vmrai": 143, "vmware": 144, "volatil": 37, "vulner": [77, 150], "wake": 73, "watchlist": 42, "watson": [101, 145], "web": 110, "webex": [30, 146], "webhook": 131, "webpag": 47, "what": 188, "when": [63, 66, 86, 88, 102, 103, 128], "which": 190, "whitelist": 37, "who": 102, "whoi": [147, 148], "why": 177, "wiki": 149, "window": [84, 85], "wipe": 68, "within": 125, "without": 96, "wiz": 150, "word": 180, "workflow": [22, 26, 37, 55, 63, 86, 97, 102, 107, 111, 119, 126, 132, 144, 160, 183, 185, 190], "workshop": 190, "wrap": [4, 126], "write": [24, 41], "x": [42, 151, 177], "xforc": 151, "xml": 90, "yeti": [152, 175], "you": [107, 177], "your": [4, 77, 120, 190], "zia": 153, "zip": 126, "zoom": 31, "zscaler": 153}})
\ No newline at end of file
+Search.setIndex({"alltitles": {"1. Client Authentication Certificate (client_auth_cert)": [[111, "client-authentication-certificate-client-auth-cert"]], "1. Guardium: Run Active Risk Spotter - Risky Users Scores:": [[56, "guardium-run-active-risk-spotter-risky-users-scores"]], "1. JSON format:": [[111, "json-format"]], "1. RETRY TRIES (rest_retry_tries)": [[111, "retry-tries-rest-retry-tries"]], "1. Using Endpoint provided token": [[111, "using-endpoint-provided-token"]], "1. file bundled as a multipart/form-data:": [[111, "file-bundled-as-a-multipart-form-data"]], "1.1 Changes": [[43, "changes"], [99, "changes"]], "1.1.0 Changes": [[87, "changes"], [91, "changes"], [129, "changes"], [144, "changes"], [153, "changes"], [180, "changes"], [184, "changes"]], "1.2.0 <!-- omit in toc -->": [[108, "id2"]], "1.2.0 Changes": [[11, "changes"], [25, "changes"], [78, "changes"], [89, "id2"], [103, "id2"], [117, "changes"], [184, "id1"]], "1.3.0": [[108, "id1"]], "1.3.0 Changes": [[89, "id1"]], "1.4.0": [[42, "id2"], [129, "id1"]], "1.4.0 Changes": [[89, "changes"]], "1.4.1": [[42, "id1"]], "1: Run Docker Container": [[38, "run-docker-container"]], "1: Send Artifact To Docker Container": [[38, "send-artifact-to-docker-container"]], "2. Client Authentication Private Key (client_auth_key)": [[111, "client-authentication-private-key-client-auth-key"]], "2. Compiling a Token using JWT parameters": [[111, "compiling-a-token-using-jwt-parameters"]], "2. New-line separated (Legacy) format:": [[111, "new-line-separated-legacy-format"]], "2. RETRY DELAY (rest_retry_delay)": [[111, "retry-delay-rest-retry-delay"]], "2. file bundled as request body:": [[111, "file-bundled-as-request-body"]], "2.0 Changes": [[88, "id2"]], "2.0.0 Changes": [[67, "id1"]], "2.1 Changes": [[88, "changes"]], "2.1.0 Changes": [[36, "changes"], [67, "changes"], [74, "changes"], [133, "changes"]], "2.2.0 Changes": [[104, "id1"], [118, "changes"]], "2.3.0 Changes": [[103, "id1"], [104, "changes"]], "2.4.0 Changes": [[103, "changes"]], "2: Post-Process Script:": [[38, "id2"]], "2: Pre-Process Script:": [[38, "id1"]], "2: Send Attachment To Docker Container": [[38, "send-attachment-to-docker-container"]], "3. Client Authentication PEM (client_auth_pem)": [[111, "client-authentication-pem-client-auth-pem"]], "3. RETRY BACKOFF (rest_retry_backoff)": [[111, "retry-backoff-rest-retry-backoff"]], "3.0.2": [[81, "id1"]], "<b>Example of adding a incident note from post-processing scripts:</b><br>\nscreenshot": [[145, "example-of-adding-a-incident-note-from-post-processing-scripts"]], "A note on sn_table_name": [[119, "a-note-on-sn-table-name"]], "API Key Permission Setup": [[30, "api-key-permission-setup"]], "API Name:": [[8, "api-name"], [8, "id1"], [15, "api-name"], [15, "id1"], [15, "id3"], [15, "id5"], [15, "id7"], [15, "id9"], [16, "api-name"], [16, "id1"], [18, "api-name"], [19, "api-name"], [19, "id1"], [19, "id3"], [19, "id5"], [19, "id7"], [20, "api-name"], [21, "api-name"], [24, "api-name"], [24, "id1"], [24, "id3"], [24, "id5"], [24, "id7"], [24, "id9"], [24, "id11"], [24, "id13"], [25, "api-name"], [33, "api-name"], [33, "id9"], [36, "api-name"], [37, "api-name"], [38, "api-name"], [41, "api-name"], [41, "id1"], [42, "api-name"], [43, "api-name"], [43, "id1"], [43, "id3"], [43, "id5"], [43, "id7"], [49, "api-name"], [55, "api-name"], [59, "api-name"], [64, "api-name"], [67, "api-name"], [69, "api-name"], [69, "id1"], [74, "api-name"], [74, "id1"], [74, "id3"], [74, "id5"], [74, "id7"], [74, "id9"], [74, "id11"], [74, "id13"], [77, "api-name"], [78, "api-name"], [78, "id1"], [78, "id3"], [80, "api-name"], [80, "id1"], [82, "api-name"], [82, "id1"], [82, "id3"], [82, "id5"], [87, "api-name"], [88, "api-name"], [96, "api-name"], [98, "api-name"], [99, "api-name"], [102, "api-name"], [102, "id1"], [103, "api-name"], [103, "id3"], [103, "id5"], [103, "id7"], [103, "id9"], [103, "id11"], [103, "id13"], [103, "id15"], [104, "api-name"], [104, "id2"], [104, "id4"], [104, "id6"], [106, "api-name"], [107, "api-name"], [108, "api-name"], [108, "id3"], [109, "api-name"], [110, "api-name"], [114, "api-name"], [116, "api-name"], [117, "api-name"], [117, "id1"], [117, "id3"], [117, "id5"], [117, "id7"], [117, "id9"], [117, "id11"], [119, "api-name"], [124, "api-name"], [125, "api-name"], [129, "api-name"], [130, "api-name"], [137, "api-name"], [146, "api-name"], [146, "id3"], [146, "id5"], [152, "api-name"], [152, "id1"], [155, "api-name"], [155, "id1"], [155, "id3"], [155, "id5"], [155, "id7"]], "API Name: <!-- omit in toc -->": [[35, "api-name"], [35, "id1"], [35, "id3"]], "API Permissions": [[133, "api-permissions"], [157, "api-permissions"]], "APIVoid Threat Analysis APIs": [[13, null]], "AWS GuardDuty App  1.1.0 Changes": [[15, "aws-guardduty-app-1-1-0-changes"]], "AWS IAM": [[16, null]], "AWS Utilities": [[17, null]], "About Apility.IO": [[14, null]], "About MxToolBox": [[83, null]], "About This Package": [[30, "about-this-package"]], "About This Package:": [[9, "about-this-package"], [34, "about-this-package"]], "About the provided UseCases": [[38, "about-the-provided-usecases"]], "About this Package:": [[1, "about-this-package"], [2, "about-this-package"]], "About this package": [[56, "about-this-package"]], "AbuseIPDB": [[7, null]], "AbuseIPDB Threat Service": [[169, null]], "Activity Fields": [[21, "activity-fields"]], "Add Customized Incident Fields": [[56, "add-customized-incident-fields"]], "Add Firewall Network Object Group pairs to Activation form": [[25, "add-firewall-network-object-group-pairs-to-activation-form"]], "Add IBM SOAR tab to Security Incident UI (SIR only)": [[121, "add-ibm-soar-tab-to-security-incident-ui-sir-only"]], "Add Results table": [[56, "add-results-table"]], "Add Thug configuration details to the config file:": [[135, "add-thug-configuration-details-to-the-config-file"]], "Adding Additional Python Files after Deployment": [[30, "adding-additional-python-files-after-deployment"]], "Adding Additional Python Packages": [[30, "adding-additional-python-packages"]], "Adding Usage Data for Datatables": [[98, "adding-usage-data-for-datatables"]], "Additional Data Feed Documentation": [[184, "additional-data-feed-documentation"]], "Additional connection strings": [[182, "additional-connection-strings"]], "Aditional Notes": [[135, "aditional-notes"]], "Advanced Changes": [[4, "advanced-changes"]], "Alert Filtering": [[146, "alert-filtering"]], "AlienVault OTX": [[9, null]], "All Apps": [[156, null]], "Allowlisting": [[191, "allowlisting"]], "Amass": [[38, "amass"]], "Anomali Staxx": [[10, null]], "Anomali Staxx Notes": [[10, "anomali-staxx-notes"]], "Ansible Playbooks": [[11, "ansible-playbooks"]], "Ansible Tower": [[12, null]], "Ansible for SOAR": [[11, null]], "App Config Settings (app.config)": [[119, "app-config-settings-app-config"]], "App Configuration": [[7, "app-configuration"], [8, "app-configuration"], [11, "app-configuration"], [13, "app-configuration"], [15, "app-configuration"], [16, "app-configuration"], [17, "app-configuration"], [18, "app-configuration"], [19, "app-configuration"], [20, "app-configuration"], [21, "app-configuration"], [22, "app-configuration"], [24, "app-configuration"], [25, "app-configuration"], [28, "app-configuration"], [31, "app-configuration"], [32, "app-configuration"], [35, "app-configuration"], [36, "app-configuration"], [39, "app-configuration"], [41, "app-configuration"], [43, "app-configuration"], [46, "app-configuration"], [47, "app-configuration"], [49, "app-configuration"], [51, "app-configuration"], [53, "app-configuration"], [55, "app-configuration"], [58, "app-configuration"], [59, "app-configuration"], [60, "app-configuration"], [63, "app-configuration"], [64, "app-configuration"], [65, "app-configuration"], [66, "app-configuration"], [67, "app-configuration"], [69, "app-configuration"], [72, "app-configuration"], [74, "app-configuration"], [75, "app-configuration"], [76, "app-configuration"], [77, "app-configuration"], [78, "app-configuration"], [79, "app-configuration"], [79, "id1"], [80, "app-configuration"], [81, "app-configuration"], [84, "app-configuration"], [85, "app-configuration"], [87, "app-configuration"], [88, "app-configuration"], [89, "app-configuration"], [90, "app-configuration"], [91, "app-configuration"], [92, "app-configuration"], [93, "app-configuration"], [94, "app-configuration"], [96, "app-configuration"], [97, "app-configuration"], [98, "app-configuration"], [99, "app-configuration"], [102, "app-configuration"], [103, "app-configuration"], [104, "app-configuration"], [106, "app-configuration"], [107, "app-configuration"], [108, "app-configuration"], [109, "app-configuration"], [110, "app-configuration"], [113, "app-configuration"], [114, "app-configuration"], [116, "app-configuration"], [117, "app-configuration"], [122, "app-configuration"], [124, "app-configuration"], [125, "app-configuration"], [126, "app-configuration"], [129, "app-configuration"], [130, "app-configuration"], [131, "app-configuration"], [136, "app-configuration"], [137, "app-configuration"], [140, "app-configuration"], [144, "app-configuration"], [146, "app-configuration"], [147, "app-configuration"], [148, "app-configuration"], [150, "app-configuration"], [151, "app-configuration"], [152, "app-configuration"], [153, "app-configuration"], [154, "app-configuration"], [155, "app-configuration"]], "App Configuration (Both Permissions)": [[133, "app-configuration-both-permissions"]], "App Configuration:": [[121, "app-configuration"]], "App Development": [[156, null]], "App Format": [[145, "app-format"]], "App Host": [[10, "app-host"], [12, "app-host"], [29, "app-host"], [45, "app-host"], [55, "app-host"], [115, "app-host"], [145, "app-host"], [182, "app-host"], [184, "app-host"]], "App Host Components": [[30, null]], "App Host Configuration": [[1, "app-host-configuration"], [77, "app-host-configuration"]], "App Host Conversion Files": [[4, null]], "App Host Installation": [[11, "app-host-installation"], [180, "app-host-installation"], [183, "app-host-installation"]], "App Host Setup": [[61, "app-host-setup"], [142, "app-host-setup"]], "App Host Troubleshooting": [[30, "app-host-troubleshooting"]], "App Host sshPass Support": [[11, "app-host-sshpass-support"]], "App Registration": [[157, "app-registration"]], "App Restart": [[30, "app-restart"]], "Appendix - Create Incident Data Model": [[60, "appendix-create-incident-data-model"], [127, "appendix-create-incident-data-model"]], "Application Permission": [[133, "application-permission"]], "Application Usage and Details": [[56, "application-usage-and-details"]], "Approval Adjectives": [[190, "approval-adjectives"]], "Apps Included with Export": [[167, "apps-included-with-export"], [168, "apps-included-with-export"]], "Architectural Diagram": [[120, "architectural-diagram"]], "Arguments": [[157, "arguments"]], "Artifact Process": [[190, "artifact-process"]], "Artifacts": [[114, "artifacts"]], "Assets Field Masks": [[49, "assets-field-masks"]], "Attachments": [[111, "attachments"]], "Authenticated SMTP": [[157, "authenticated-smtp"]], "Authenticating to Google Cloud": [[47, "authenticating-to-google-cloud"]], "Authentication": [[111, "authentication"], [157, "authentication"]], "Authorize": [[88, "authorize"]], "Axonius": [[18, null]], "Axonius Development Version": [[18, "axonius-development-version"]], "Axonius Devices Data Table Field Names": [[18, "axonius-devices-data-table-field-names"]], "Axonius Devices Data Table Limit": [[18, "axonius-devices-data-table-limit"]], "Azure App Configuration": [[78, "azure-app-configuration"]], "Azure Automation Utilities": [[19, null]], "BMC Helix": [[21, null]], "BMC Helix Platform": [[21, "bmc-helix-platform"]], "Base Input Fields for Function Development": [[5, null]], "Basic Authentication": [[88, "basic-authentication"]], "Behavior": [[183, "behavior"]], "Bidirectional Synchronization": [[183, "bidirectional-synchronization"]], "BigFix": [[20, null]], "Bluecoat Site Review": [[159, null]], "Build a machine learning model": [[70, "build-a-machine-learning-model"]], "Build a model": [[70, "build-a-model"]], "Build a new NLP model": [[71, "build-a-new-nlp-model"]], "Building Your Container": [[4, "building-your-container"]], "CS Falcon: Devices": [[33, "cs-falcon-devices"]], "CS Falcon: Devices IOC Ran On Results": [[33, "cs-falcon-devices-ioc-ran-on-results"]], "CVE Browse Function": [[34, "cve-browse-function"]], "CVE Browse Function Layout:": [[34, "cve-browse-function-layout"]], "CVE Browse Post-Process Script": [[34, "cve-browse-post-process-script"]], "CVE Browse Pre-Process Script": [[34, "cve-browse-pre-process-script"]], "CVE Search": [[34, null], [34, "id1"]], "CVE Search Function": [[34, "cve-search-function"]], "CVE Search Function Layout:": [[34, "cve-search-function-layout"]], "CVE Search Post-Process Script": [[34, "cve-search-post-process-script"]], "CVE Search Pre-Process Script": [[34, "cve-search-pre-process-script"]], "Calendar Invite": [[22, null]], "Campaign identifier": [[191, "campaign-identifier"]], "CarbonBlack Protection": [[23, null]], "Case Fields Returned from Query and Case Update Limits": [[113, "case-fields-returned-from-query-and-case-update-limits"]], "Case Filtering": [[113, "case-filtering"]], "Change Log": [[34, "change-log"]], "Change log": [[182, "change-log"]], "Changelog": [[142, "changelog"]], "Changes for v2.3.0": [[191, "changes-for-v2-3-0"]], "Cisco ASA": [[25, null]], "Cisco ASA Configuration": [[25, "cisco-asa-configuration"]], "Cisco ASA Development Version": [[25, "cisco-asa-development-version"]], "Cisco Secure Endpoint": [[24, null]], "Cisco Umbrella Enforcement": [[26, null]], "Cisco Umbrella Investigate": [[27, null]], "Cisco WebEx": [[31, null]], "Cisco Webex": [[148, null]], "ClamAV": [[28, null]], "Client-side authentication with certificates": [[111, "client-side-authentication-with-certificates"]], "Close Incident Layout Tab": [[115, "close-incident-layout-tab"]], "Closing and Updating Incidents": [[66, "closing-and-updating-incidents"]], "Cloud Foundry": [[29, null]], "Cloud Pak for Security": [[7, "cloud-pak-for-security"], [8, "cloud-pak-for-security"], [11, "cloud-pak-for-security"], [13, "cloud-pak-for-security"], [15, "cloud-pak-for-security"], [16, "cloud-pak-for-security"], [17, "cloud-pak-for-security"], [18, "cloud-pak-for-security"], [19, "cloud-pak-for-security"], [20, "cloud-pak-for-security"], [21, "cloud-pak-for-security"], [22, "cloud-pak-for-security"], [24, "cloud-pak-for-security"], [25, "cloud-pak-for-security"], [28, "cloud-pak-for-security"], [31, "cloud-pak-for-security"], [32, "cloud-pak-for-security"], [35, "cloud-pak-for-security"], [36, "cloud-pak-for-security"], [39, "cloud-pak-for-security"], [41, "cloud-pak-for-security"], [42, "cloud-pak-for-security"], [43, "cloud-pak-for-security"], [46, "cloud-pak-for-security"], [47, "cloud-pak-for-security"], [49, "cloud-pak-for-security"], [51, "cloud-pak-for-security"], [53, "cloud-pak-for-security"], [55, "cloud-pak-for-security"], [58, "cloud-pak-for-security"], [59, "cloud-pak-for-security"], [60, "cloud-pak-for-security"], [63, "cloud-pak-for-security"], [64, "cloud-pak-for-security"], [65, "cloud-pak-for-security"], [66, "cloud-pak-for-security"], [67, "cloud-pak-for-security"], [72, "cloud-pak-for-security"], [74, "cloud-pak-for-security"], [77, "cloud-pak-for-security"], [78, "cloud-pak-for-security"], [79, "cloud-pak-for-security"], [80, "cloud-pak-for-security"], [81, "cloud-pak-for-security"], [82, "cloud-pak-for-security"], [84, "cloud-pak-for-security"], [85, "cloud-pak-for-security"], [86, "cloud-pak-for-security"], [87, "cloud-pak-for-security"], [88, "cloud-pak-for-security"], [89, "cloud-pak-for-security"], [90, "cloud-pak-for-security"], [91, "cloud-pak-for-security"], [92, "cloud-pak-for-security"], [93, "cloud-pak-for-security"], [94, "cloud-pak-for-security"], [96, "cloud-pak-for-security"], [97, "cloud-pak-for-security"], [98, "cloud-pak-for-security"], [99, "cloud-pak-for-security"], [102, "cloud-pak-for-security"], [103, "cloud-pak-for-security"], [104, "cloud-pak-for-security"], [106, "cloud-pak-for-security"], [107, "cloud-pak-for-security"], [108, "cloud-pak-for-security"], [109, "cloud-pak-for-security"], [110, "cloud-pak-for-security"], [111, "cloud-pak-for-security"], [113, "cloud-pak-for-security"], [114, "cloud-pak-for-security"], [116, "cloud-pak-for-security"], [117, "cloud-pak-for-security"], [122, "cloud-pak-for-security"], [124, "cloud-pak-for-security"], [125, "cloud-pak-for-security"], [126, "cloud-pak-for-security"], [127, "cloud-pak-for-security"], [129, "cloud-pak-for-security"], [130, "cloud-pak-for-security"], [131, "cloud-pak-for-security"], [133, "cloud-pak-for-security"], [136, "cloud-pak-for-security"], [137, "cloud-pak-for-security"], [144, "cloud-pak-for-security"], [146, "cloud-pak-for-security"], [147, "cloud-pak-for-security"], [148, "cloud-pak-for-security"], [150, "cloud-pak-for-security"], [152, "cloud-pak-for-security"], [153, "cloud-pak-for-security"], [154, "cloud-pak-for-security"], [155, "cloud-pak-for-security"], [167, "cloud-pak-for-security"]], "Columns:": [[8, "columns"], [8, "id2"], [15, "columns"], [15, "id2"], [15, "id4"], [15, "id6"], [15, "id8"], [15, "id10"], [16, "columns"], [16, "id2"], [18, "columns"], [19, "columns"], [19, "id2"], [19, "id4"], [19, "id6"], [19, "id8"], [20, "columns"], [21, "columns"], [24, "columns"], [24, "id2"], [24, "id4"], [24, "id6"], [24, "id8"], [24, "id10"], [24, "id12"], [24, "id14"], [25, "columns"], [33, "columns"], [33, "id10"], [36, "columns"], [37, "columns"], [38, "columns"], [41, "columns"], [41, "id2"], [42, "columns"], [43, "columns"], [43, "id2"], [43, "id4"], [43, "id6"], [43, "id8"], [49, "columns"], [55, "columns"], [59, "columns"], [64, "columns"], [67, "columns"], [69, "columns"], [69, "id2"], [74, "columns"], [74, "id2"], [74, "id4"], [74, "id6"], [74, "id8"], [74, "id10"], [74, "id12"], [74, "id14"], [77, "columns"], [78, "columns"], [78, "id2"], [78, "id4"], [80, "columns"], [80, "id2"], [82, "columns"], [82, "id2"], [82, "id4"], [82, "id6"], [87, "columns"], [88, "columns"], [96, "columns"], [98, "columns"], [99, "columns"], [102, "columns"], [102, "id2"], [103, "columns"], [103, "id4"], [103, "id6"], [103, "id8"], [103, "id10"], [103, "id12"], [103, "id14"], [103, "id16"], [104, "columns"], [104, "id3"], [104, "id5"], [104, "id7"], [106, "columns"], [107, "columns"], [108, "columns"], [108, "id4"], [109, "columns"], [110, "columns"], [114, "columns"], [116, "columns"], [117, "columns"], [117, "id2"], [117, "id4"], [117, "id6"], [117, "id8"], [117, "id10"], [117, "id12"], [119, "columns"], [124, "columns"], [125, "columns"], [129, "columns"], [130, "columns"], [137, "columns"], [146, "columns"], [146, "id4"], [146, "id6"], [152, "columns"], [152, "id2"], [155, "columns"], [155, "id2"], [155, "id4"], [155, "id6"], [155, "id8"]], "Columns: <!-- omit in toc -->": [[35, "columns"], [35, "id2"], [35, "id4"]], "Common connection issues with TLS and TroubleShooting": [[88, "common-connection-issues-with-tls-and-troubleshooting"]], "Compatibility": [[180, "compatibility"], [184, "compatibility"]], "Components": [[45, "components"], [159, "components"]], "Configuration": [[18, "configuration"], [32, "configuration"], [41, "configuration"], [42, "configuration"], [43, "configuration"], [51, "configuration"], [56, "configuration"], [73, "configuration"], [82, "configuration"], [88, "configuration"], [90, "configuration"], [97, "configuration"], [99, "configuration"], [107, "configuration"], [108, "configuration"], [116, "configuration"], [124, "configuration"], [130, "configuration"], [131, "configuration"], [144, "configuration"], [155, "configuration"], [157, "configuration"], [162, "configuration"], [183, "configuration"], [190, "configuration"], [191, "configuration"]], "Configure Ansible Tower": [[12, "configure-ansible-tower"]], "Configure Credentials.": [[157, "configure-credentials"]], "Configure IBM QRadar Advisor with Watson": [[102, "configure-ibm-qradar-advisor-with-watson"]], "Configure OAuth 2.0 credentials": [[157, "configure-oauth-2-0-credentials"]], "Configure OAuth Consent Screen.": [[157, "configure-oauth-consent-screen"]], "Configure QRadar Use Case MAnager": [[102, "configure-qradar-use-case-manager"]], "Configure SOAR Inbound Email Connection": [[137, "configure-soar-inbound-email-connection"]], "Configure ServiceNowAllowedTableNames (SIR only)": [[121, "configure-servicenowallowedtablenames-sir-only"]], "Configure Symantec DLP Custom Attributes": [[131, "configure-symantec-dlp-custom-attributes"]], "Configure Trusteer Email Feeds": [[137, "configure-trusteer-email-feeds"]], "Configuring OAuth": [[64, "configuring-oauth"]], "Configuring Real time update to Offenses": [[103, "configuring-real-time-update-to-offenses"]], "Configuring bidirectional sync": [[64, "configuring-bidirectional-sync"]], "Connection options and installation:": [[38, "connection-options-and-installation"]], "Considerations": [[11, "considerations"], [114, "considerations"], [180, "considerations"], [183, "considerations"], [184, "considerations"]], "Container Environment": [[30, "container-environment"]], "Contents:": [[112, "contents"]], "Convert JSON to Rich Text Script": [[189, null]], "Create Cisco ASA Network Object Groups": [[25, "create-cisco-asa-network-object-groups"]], "Create Own Custom ServiceNow Workflow": [[120, "create-own-custom-servicenow-workflow"]], "Create a Connected App in Salesforce": [[113, "create-a-connected-app-in-salesforce"]], "Create a client Secret Value (Both Permissions)": [[133, "create-a-client-secret-value-both-permissions"]], "Create client secret": [[157, "create-client-secret"]], "Create the new project.": [[157, "create-the-new-project"]], "Creating Playbooks when server/servers in app.config are labeled": [[104, "creating-playbooks-when-server-servers-in-app-config-are-labeled"]], "Creating playbooks when server/servers in app.config are labeled": [[67, "creating-playbooks-when-server-servers-in-app-config-are-labeled"], [89, "creating-playbooks-when-server-servers-in-app-config-are-labeled"], [129, "creating-playbooks-when-server-servers-in-app-config-are-labeled"]], "Creating workflows when database/databases in app.config are labeled": [[87, "creating-workflows-when-database-databases-in-app-config-are-labeled"]], "Creating workflows when server/servers in app.config are labeled": [[64, "creating-workflows-when-server-servers-in-app-config-are-labeled"], [103, "creating-workflows-when-server-servers-in-app-config-are-labeled"]], "CriminalIP Threat Enrichment for IP Address and URL Artifacts": [[168, null]], "CrowdStrike Falcon": [[33, null]], "Custom Artifact Type": [[77, "custom-artifact-type"]], "Custom Artifact Types": [[15, "custom-artifact-types"], [16, "custom-artifact-types"], [69, "custom-artifact-types"], [99, "custom-artifact-types"], [103, "custom-artifact-types"], [109, "custom-artifact-types"], [137, "custom-artifact-types"]], "Custom Fields": [[15, "custom-fields"], [19, "custom-fields"], [21, "custom-fields"], [35, "custom-fields"], [43, "custom-fields"], [49, "custom-fields"], [55, "custom-fields"], [64, "custom-fields"], [67, "custom-fields"], [78, "custom-fields"], [79, "custom-fields"], [80, "custom-fields"], [81, "custom-fields"], [82, "custom-fields"], [88, "custom-fields"], [99, "custom-fields"], [102, "custom-fields"], [103, "custom-fields"], [104, "custom-fields"], [106, "custom-fields"], [107, "custom-fields"], [108, "custom-fields"], [109, "custom-fields"], [113, "custom-fields"], [116, "custom-fields"], [119, "custom-fields"], [124, "custom-fields"], [130, "custom-fields"], [131, "custom-fields"], [137, "custom-fields"], [146, "custom-fields"], [152, "custom-fields"]], "Custom Layout": [[43, "custom-layout"]], "Custom Layouts": [[8, "custom-layouts"], [12, "custom-layouts"], [15, "custom-layouts"], [18, "custom-layouts"], [19, "custom-layouts"], [20, "custom-layouts"], [21, "custom-layouts"], [24, "custom-layouts"], [25, "custom-layouts"], [35, "custom-layouts"], [41, "custom-layouts"], [42, "custom-layouts"], [49, "custom-layouts"], [55, "custom-layouts"], [64, "custom-layouts"], [69, "custom-layouts"], [74, "custom-layouts"], [75, "custom-layouts"], [77, "custom-layouts"], [78, "custom-layouts"], [80, "custom-layouts"], [82, "custom-layouts"], [87, "custom-layouts"], [96, "custom-layouts"], [98, "custom-layouts"], [99, "custom-layouts"], [100, "custom-layouts"], [102, "custom-layouts"], [103, "custom-layouts"], [104, "custom-layouts"], [106, "custom-layouts"], [107, "custom-layouts"], [107, "id1"], [108, "custom-layouts"], [109, "custom-layouts"], [110, "custom-layouts"], [113, "custom-layouts"], [114, "custom-layouts"], [115, "custom-layouts"], [116, "custom-layouts"], [117, "custom-layouts"], [121, "custom-layouts"], [124, "custom-layouts"], [129, "custom-layouts"], [130, "custom-layouts"], [137, "custom-layouts"], [146, "custom-layouts"], [146, "id2"], [152, "custom-layouts"], [155, "custom-layouts"]], "Custom Templates": [[80, "custom-templates"]], "Custom poller filter template": [[80, "custom-poller-filter-template"]], "Customization": [[73, "customization"]], "Customize": [[44, "customize"], [70, "customize"], [71, "customize"], [118, "customize"]], "DXL Subscriber": [[76, "dxl-subscriber"]], "Darktrace <!-- omit in toc -->": [[35, null]], "Darktrace Development Version": [[35, "darktrace-development-version"]], "Data Feed Elasticsearch Plugin": [[180, null]], "Data Feed Extension": [[179, null]], "Data Feed FileFeed Plugin": [[178, null]], "Data Feed KafkaFeed Plugin": [[181, null]], "Data Feed plugin for Splunk": [[184, null]], "Data Feeder for ODBC Databases": [[182, null]], "Data Feeder for SOAR": [[183, null]], "Data Table": [[34, "data-table"]], "Data Table - AWS IAM Access Keys": [[16, "data-table-aws-iam-access-keys"]], "Data Table - AWS IAM Users": [[16, "data-table-aws-iam-users"]], "Data Table - Associated Devices": [[35, "data-table-associated-devices"]], "Data Table - Axonius Devices": [[18, "data-table-axonius-devices"]], "Data Table - Azure Automation Accounts": [[19, "data-table-azure-automation-accounts"]], "Data Table - Azure Automation Credentials": [[19, "data-table-azure-automation-credentials"]], "Data Table - Azure Automation Runbooks": [[19, "data-table-azure-automation-runbooks"]], "Data Table - Azure Automation Schedules": [[19, "data-table-azure-automation-schedules"]], "Data Table - Azure Automation Statistics": [[19, "data-table-azure-automation-statistics"]], "Data Table - BMC Helix Incidents": [[21, "data-table-bmc-helix-incidents"]], "Data Table - BigFix Query Results": [[20, "data-table-bigfix-query-results"]], "Data Table - CBC Device": [[146, "data-table-cbc-device"]], "Data Table - Cisco AMP Simple Custom Detections  file lists": [[24, "data-table-cisco-amp-simple-custom-detections-file-lists"]], "Data Table - Cisco AMP activity": [[24, "data-table-cisco-amp-activity"]], "Data Table - Cisco AMP computer trajectory": [[24, "data-table-cisco-amp-computer-trajectory"]], "Data Table - Cisco AMP computers": [[24, "data-table-cisco-amp-computers"]], "Data Table - Cisco AMP event types": [[24, "data-table-cisco-amp-event-types"]], "Data Table - Cisco AMP events": [[24, "data-table-cisco-amp-events"]], "Data Table - Cisco AMP file list files": [[24, "data-table-cisco-amp-file-list-files"]], "Data Table - Cisco AMP groups": [[24, "data-table-cisco-amp-groups"]], "Data Table - Cisco ASA Network Objects": [[25, "data-table-cisco-asa-network-objects"]], "Data Table - Connectivity to Internet (AlgoSec)": [[8, "data-table-connectivity-to-internet-algosec"]], "Data Table - Defender Alerts": [[78, "data-table-defender-alerts"]], "Data Table - Defender Indicators": [[78, "data-table-defender-indicators"]], "Data Table - Defender Machines": [[78, "data-table-defender-machines"]], "Data Table - Detections": [[106, "data-table-detections"]], "Data Table - Discovery Path": [[106, "data-table-discovery-path"]], "Data Table - Email Conversations": [[88, "data-table-email-conversations"]], "Data Table - Email Information": [[41, "data-table-email-information"]], "Data Table - Example CSV Datatable": [[36, "data-table-example-csv-datatable"]], "Data Table - Exchange Online Message Query Results": [[42, "data-table-exchange-online-message-query-results"]], "Data Table - ExtraHop Activitymaps": [[43, "data-table-extrahop-activitymaps"]], "Data Table - ExtraHop Devices": [[43, "data-table-extrahop-devices"]], "Data Table - ExtraHop Watchlist": [[43, "data-table-extrahop-watchlist"]], "Data Table - Extrahop Detections": [[43, "data-table-extrahop-detections"]], "Data Table - Extrahop Tags": [[43, "data-table-extrahop-tags"]], "Data Table - Finding Source Properties": [[49, "data-table-finding-source-properties"]], "Data Table - GuardDuty Action/Actor Details": [[15, "data-table-guardduty-action-actor-details"]], "Data Table - GuardDuty Finding Overview": [[15, "data-table-guardduty-finding-overview"]], "Data Table - GuardDuty Resource - Access Key Details": [[15, "data-table-guardduty-resource-access-key-details"]], "Data Table - GuardDuty Resource - Instance Details": [[15, "data-table-guardduty-resource-instance-details"]], "Data Table - GuardDuty Resource - S3 Bucket Details": [[15, "data-table-guardduty-resource-s3-bucket-details"]], "Data Table - GuardDuty Resource Affected": [[15, "data-table-guardduty-resource-affected"]], "Data Table - Guardium Insights Classification Report": [[55, "data-table-guardium-insights-classification-report"]], "Data Table - ICDx Queried Events": [[59, "data-table-icdx-queried-events"]], "Data Table - Incident Events": [[35, "data-table-incident-events"]], "Data Table - Isolation Change Requests (AlgoSec)": [[8, "data-table-isolation-change-requests-algosec"]], "Data Table - Jira Task References": [[64, "data-table-jira-task-references"]], "Data Table - LDAP Query results": [[67, "data-table-ldap-query-results"]], "Data Table - MITRE ATT&CK Groups": [[82, "data-table-mitre-att-ck-groups"]], "Data Table - MITRE ATT&CK Software": [[82, "data-table-mitre-att-ck-software"]], "Data Table - MITRE ATT&CK Tactics": [[82, "data-table-mitre-att-ck-tactics"]], "Data Table - MITRE ATT&CK Techniques": [[82, "data-table-mitre-att-ck-techniques"]], "Data Table - MaaS360 Device datatable": [[69, "data-table-maas360-device-datatable"]], "Data Table - MaaS360 Installed Software datatable": [[69, "data-table-maas360-installed-software-datatable"]], "Data Table - McAfee ePO Client Tasks": [[74, "data-table-mcafee-epo-client-tasks"]], "Data Table - McAfee ePO Groups": [[74, "data-table-mcafee-epo-groups"]], "Data Table - McAfee ePO Issues": [[74, "data-table-mcafee-epo-issues"]], "Data Table - McAfee ePO Permission sets": [[74, "data-table-mcafee-epo-permission-sets"]], "Data Table - McAfee ePO Policies": [[74, "data-table-mcafee-epo-policies"]], "Data Table - McAfee ePO Systems": [[74, "data-table-mcafee-epo-systems"]], "Data Table - McAfee ePO Users": [[74, "data-table-mcafee-epo-users"]], "Data Table - McAfee ePO tags": [[74, "data-table-mcafee-epo-tags"]], "Data Table - Meeting Information": [[41, "data-table-meeting-information"]], "Data Table - Model Breaches": [[35, "data-table-model-breaches"]], "Data Table - Observations": [[146, "data-table-observations"]], "Data Table - Pipl person data": [[96, "data-table-pipl-person-data"]], "Data Table - Playbook/Workflow Usage": [[98, "data-table-playbook-workflow-usage"]], "Data Table - Processes": [[146, "data-table-processes"]], "Data Table - Proofpoint TAP Campaign Object Details": [[99, "data-table-proofpoint-tap-campaign-object-details"]], "Data Table - QR Assets": [[103, "data-table-qr-assets"]], "Data Table - QR Categories": [[103, "data-table-qr-categories"]], "Data Table - QR Destination IPs (First 10)": [[103, "data-table-qr-destination-ips-first-10"]], "Data Table - QR Events (First 10 Events)": [[103, "data-table-qr-events-first-10-events"]], "Data Table - QR Flows": [[103, "data-table-qr-flows"]], "Data Table - QR Source IPs (First 10)": [[103, "data-table-qr-source-ips-first-10"]], "Data Table - QR Triggered Rules": [[103, "data-table-qr-triggered-rules"]], "Data Table - QRadar Advisor analysis results": [[102, "data-table-qradar-advisor-analysis-results"]], "Data Table - QRadar EDR Process List": [[108, "data-table-qradar-edr-process-list"]], "Data Table - QRadar EDR Trigger Events": [[108, "data-table-qradar-edr-trigger-events"]], "Data Table - QRadar Rules and MITRE Tactics and Techniques": [[103, "data-table-qradar-rules-and-mitre-tactics-and-techniques"]], "Data Table - QRadar SIEM Offense Events": [[104, "data-table-qradar-siem-offense-events"]], "Data Table - QRadar SIEM Reference Sets": [[104, "data-table-qradar-siem-reference-sets"]], "Data Table - QRadar SIEM Reference Table Queried Rows": [[104, "data-table-qradar-siem-reference-table-queried-rows"]], "Data Table - QRadar SIEM Reference Tables": [[104, "data-table-qradar-siem-reference-tables"]], "Data Table - Rapid7 InsightIDR Alerts": [[107, "data-table-rapid7-insightidr-alerts"]], "Data Table - Relations Child Incidents": [[109, "data-table-relations-child-incidents"]], "Data Table - Remedy Linked Incidents Reference Table": [[110, "data-table-remedy-linked-incidents-reference-table"]], "Data Table - SQL query results": [[87, "data-table-sql-query-results"]], "Data Table - Scheduler Rules": [[114, "data-table-scheduler-rules"]], "Data Table - Sentinel Incident Alerts": [[80, "data-table-sentinel-incident-alerts"]], "Data Table - Sentinel Incident Entities": [[80, "data-table-sentinel-incident-entities"]], "Data Table - SentinelOne Agent": [[116, "data-table-sentinelone-agent"]], "Data Table - Siemplify List Entries": [[124, "data-table-siemplify-list-entries"]], "Data Table - Signals": [[130, "data-table-signals"]], "Data Table - Slack Conversations": [[125, "data-table-slack-conversations"]], "Data Table - Splunk Intel Results": [[129, "data-table-splunk-intel-results"]], "Data Table - Symantec SEP - Critical Events": [[117, "data-table-symantec-sep-critical-events"]], "Data Table - Symantec SEP - EOC scan results": [[117, "data-table-symantec-sep-eoc-scan-results"]], "Data Table - Symantec SEP - Endpoint details": [[117, "data-table-symantec-sep-endpoint-details"]], "Data Table - Symantec SEP - Endpoint status summary": [[117, "data-table-symantec-sep-endpoint-status-summary"]], "Data Table - Symantec SEP - Fingerprint lists": [[117, "data-table-symantec-sep-fingerprint-lists"]], "Data Table - Symantec SEP - Groups": [[117, "data-table-symantec-sep-groups"]], "Data Table - Symantec SEP - Non-compliant Endpoints status details": [[117, "data-table-symantec-sep-non-compliant-endpoints-status-details"]], "Data Table - TIE Results": [[77, "data-table-tie-results"]], "Data Table - Trusteer Alerts": [[137, "data-table-trusteer-alerts"]], "Data Table - Watson Search with Local Context results": [[102, "data-table-watson-search-with-local-context-results"]], "Data Table - Wiz Projects Table": [[152, "data-table-wiz-projects-table"]], "Data Table - Wiz Vulnerabilities Table": [[152, "data-table-wiz-vulnerabilities-table"]], "Data Table - Zscaler Internet Access - Allowlist": [[155, "data-table-zscaler-internet-access-allowlist"]], "Data Table - Zscaler Internet Access - Blocklist": [[155, "data-table-zscaler-internet-access-blocklist"]], "Data Table - Zscaler Internet Access - Custom lists": [[155, "data-table-zscaler-internet-access-custom-lists"]], "Data Table - Zscaler Internet Access - Sandbox Report Summary": [[155, "data-table-zscaler-internet-access-sandbox-report-summary"]], "Data Table - Zscaler Internet Access - URL Categories": [[155, "data-table-zscaler-internet-access-url-categories"]], "Data Table Utils: CVE Searched Data": [[34, "data-table-utils-cve-searched-data"]], "Data Tables": [[33, "data-tables"]], "Data Tables:": [[119, "data-tables"]], "Database Support": [[183, "database-support"]], "Datatable": [[37, "datatable"]], "Datatable Utilities": [[36, null]], "Datatable:": [[38, "datatable"]], "Datatables": [[114, "datatables"]], "Datetime Fields and Timezones": [[182, "datetime-fields-and-timezones"]], "Delegated Permission": [[133, "delegated-permission"]], "Dependancies": [[48, "dependancies"]], "Description": [[70, "description"], [71, "description"], [185, "description"], [186, "description"], [187, "description"], [188, "description"]], "Determine the Rapid7 Data Storage Region": [[107, "determine-the-rapid7-data-storage-region"]], "Development Endpoint Environment": [[102, "development-endpoint-environment"]], "Development Version": [[24, "development-version"], [32, "development-version"], [41, "development-version"], [66, "development-version"], [72, "development-version"], [99, "development-version"], [108, "development-version"], [124, "development-version"], [152, "development-version"], [155, "development-version"]], "Digital Shadows Search": [[37, null]], "Digital Shadows Search Datatable": [[37, "digital-shadows-search-datatable"]], "Display a Data Table in an Incident": [[33, "display-a-data-table-in-an-incident"], [38, "display-a-data-table-in-an-incident"]], "Display the Data Table in an incident": [[34, "display-the-data-table-in-an-incident"]], "Display the Datatable in an Incident": [[37, "display-the-datatable-in-an-incident"]], "Docker": [[38, null]], "Docker Integration Invocations": [[38, "docker-integration-invocations"]], "Dockerfile": [[4, "dockerfile"]], "Documentation": [[118, "documentation"]], "Download & Install on App Host": [[121, "download-install-on-app-host"]], "Download & Install on Integration Server": [[121, "download-install-on-integration-server"]], "Download incidents": [[70, "download-incidents"]], "Drivers": [[87, "drivers"]], "ElasticFeed Class": [[180, "elasticfeed-class"]], "ElasticSearch": [[39, null]], "Email Header Validation": [[40, null]], "Email Message": [[190, "email-message"]], "Email Template": [[190, "email-template"]], "Enable the Rule: Trusteer PPD: Parse Trusteer Email v1.0.0": [[137, "enable-the-rule-trusteer-ppd-parse-trusteer-email-v1-0-0"]], "Endpoint Configuration": [[72, "endpoint-configuration"], [133, "endpoint-configuration"]], "Endpoint Developed With": [[7, "endpoint-developed-with"], [41, "endpoint-developed-with"], [43, "endpoint-developed-with"], [49, "endpoint-developed-with"], [51, "endpoint-developed-with"], [86, "endpoint-developed-with"], [92, "endpoint-developed-with"], [117, "endpoint-developed-with"], [122, "endpoint-developed-with"], [125, "endpoint-developed-with"], [131, "endpoint-developed-with"], [133, "endpoint-developed-with"]], "Endpoint Information": [[39, "endpoint-information"]], "Endpoints": [[157, "endpoints"], [157, "id2"]], "Enhancements for Multiple Templates and Attachment & Notes Inclusion": [[88, "enhancements-for-multiple-templates-and-attachment-notes-inclusion"]], "Environment": [[14, "environment"], [23, "environment"], [27, "environment"], [83, "environment"], [160, "environment"], [169, "environment"], [177, "environment"]], "Example": [[1, "example"]], "Example Create Incident Scripts": [[162, "example-create-incident-scripts"]], "Example Create Incidents with Action Plans": [[162, "example-create-incidents-with-action-plans"]], "Example Create Incidents with Risk Models": [[162, "example-create-incidents-with-risk-models"]], "Example of Have I Been Pwned Workflow with Hits": [[185, "example-of-have-i-been-pwned-workflow-with-hits"]], "Example of QRadar Advisor Offense Analysis with MITRE": [[186, "example-of-qradar-advisor-offense-analysis-with-mitre"]], "Example of URLScan.io Workflow with Hits": [[187, "example-of-urlscan-io-workflow-with-hits"]], "Example of mapping QRadar rule to tactic": [[186, "example-of-mapping-qradar-rule-to-tactic"]], "Example:  <!-- omit in toc -->": [[111, "example"], [111, "id1"], [111, "id3"]], "Example: <!-- omit in toc -->": [[111, "id2"]], "Example: Generate Guardium Client Secret": [[56, "example-generate-guardium-client-secret"]], "Example: Guardium Block User Access to DB": [[56, "example-guardium-block-user-access-to-db"]], "Example: Guardium List Parameter Names by Report Name": [[56, "example-guardium-list-parameter-names-by-report-name"]], "Example: Guardium Run Active Risk Spotter:": [[56, "example-guardium-run-active-risk-spotter"]], "Example: Guardium Search Outlier Details": [[56, "example-guardium-search-outlier-details"]], "Example: Guardium Search Report": [[56, "example-guardium-search-report"]], "Example: Guardium Search Sensitive Objects": [[56, "example-guardium-search-sensitive-objects"]], "Example: Twilio Receive Messages": [[138, "example-twilio-receive-messages"]], "Examples": [[1, "examples"], [2, "examples"], [191, "examples"]], "Examples of remote commands:": [[85, "examples-of-remote-commands"]], "Export Description": [[167, "export-description"], [168, "export-description"]], "Extending the solution to deal with Phishing reports": [[191, "extending-the-solution-to-deal-with-phishing-reports"]], "Extension and Customization": [[191, "extension-and-customization"]], "ExtraHop": [[43, null]], "ExtraHop Cloud Services": [[43, "extrahop-cloud-services"]], "ExtraHop standalone sensor": [[43, "extrahop-standalone-sensor"]], "FAQ": [[179, "faq"]], "Features": [[183, "features"]], "Features:": [[168, "features"], [189, "features"]], "Fetch the tokens": [[88, "fetch-the-tokens"]], "File Structure": [[0, "file-structure"]], "File names": [[30, "file-names"]], "FileFeed Class": [[178, "filefeed-class"]], "Files": [[4, "files"]], "Filters and Field Masks": [[49, "filters-and-field-masks"]], "Findings and Assets Filters": [[49, "findings-and-assets-filters"]], "Floss": [[44, null]], "Folder Paths": [[41, "folder-paths"]], "For App Host Environments:": [[91, "for-app-host-environments"], [91, "id4"], [91, "id5"]], "For Customers that are having performance issues related to the poller": [[103, "for-customers-that-are-having-performance-issues-related-to-the-poller"]], "For Customers who do not use the QRadar-Plugin": [[103, "for-customers-who-do-not-use-the-qradar-plugin"]], "For Integrations Servers:": [[91, "for-integrations-servers"], [91, "id2"]], "For Support": [[7, "for-support"], [8, "for-support"], [11, "for-support"], [13, "for-support"], [15, "for-support"], [16, "for-support"], [17, "for-support"], [18, "for-support"], [19, "for-support"], [20, "for-support"], [21, "for-support"], [22, "for-support"], [24, "for-support"], [25, "for-support"], [28, "for-support"], [31, "for-support"], [32, "for-support"], [35, "for-support"], [36, "for-support"], [39, "for-support"], [41, "for-support"], [42, "for-support"], [43, "for-support"], [46, "for-support"], [47, "for-support"], [49, "for-support"], [51, "for-support"], [53, "for-support"], [55, "for-support"], [58, "for-support"], [59, "for-support"], [60, "for-support"], [63, "for-support"], [64, "for-support"], [65, "for-support"], [66, "for-support"], [67, "for-support"], [69, "for-support"], [72, "for-support"], [74, "for-support"], [75, "for-support"], [76, "for-support"], [77, "for-support"], [78, "for-support"], [79, "for-support"], [80, "for-support"], [81, "for-support"], [82, "for-support"], [84, "for-support"], [85, "for-support"], [86, "for-support"], [87, "for-support"], [88, "for-support"], [89, "for-support"], [90, "for-support"], [91, "for-support"], [92, "for-support"], [93, "for-support"], [94, "for-support"], [96, "for-support"], [97, "for-support"], [98, "for-support"], [99, "for-support"], [102, "for-support"], [103, "for-support"], [104, "for-support"], [106, "for-support"], [107, "for-support"], [108, "for-support"], [109, "for-support"], [110, "for-support"], [111, "for-support"], [113, "for-support"], [114, "for-support"], [116, "for-support"], [117, "for-support"], [122, "for-support"], [124, "for-support"], [125, "for-support"], [126, "for-support"], [127, "for-support"], [129, "for-support"], [130, "for-support"], [131, "for-support"], [133, "for-support"], [136, "for-support"], [137, "for-support"], [140, "for-support"], [144, "for-support"], [146, "for-support"], [147, "for-support"], [148, "for-support"], [150, "for-support"], [151, "for-support"], [152, "for-support"], [153, "for-support"], [154, "for-support"], [155, "for-support"], [157, "for-support"], [167, "for-support"], [168, "for-support"]], "Format:": [[111, "format"]], "Formatted Output Example": [[189, "formatted-output-example"]], "Full screen images are not viewable within SOAR.": [[126, "full-screen-images-are-not-viewable-within-soar"]], "Function - AMP: Computer Isolation": [[24, "function-amp-computer-isolation"]], "Function - AMP: Delete File from List": [[24, "function-amp-delete-file-from-list"]], "Function - AMP: Get Activity": [[24, "function-amp-get-activity"]], "Function - AMP: Get Computer": [[24, "function-amp-get-computer"]], "Function - AMP: Get Computer Trajectory": [[24, "function-amp-get-computer-trajectory"]], "Function - AMP: Get Computers": [[24, "function-amp-get-computers"]], "Function - AMP: Get Event Types": [[24, "function-amp-get-event-types"]], "Function - AMP: Get Events": [[24, "function-amp-get-events"]], "Function - AMP: Get File Lists": [[24, "function-amp-get-file-lists"]], "Function - AMP: Get Files from List": [[24, "function-amp-get-files-from-list"]], "Function - AMP: Get Groups": [[24, "function-amp-get-groups"]], "Function - AMP: Move Computer": [[24, "function-amp-move-computer"]], "Function - AMP: Set File in List": [[24, "function-amp-set-file-in-list"]], "Function - APIVoid Request": [[13, "function-apivoid-request"]], "Function - AWS GuardDuty: Archive finding": [[15, "function-aws-guardduty-archive-finding"]], "Function - AWS GuardDuty: Refresh Finding": [[15, "function-aws-guardduty-refresh-finding"]], "Function - AWS IAM: Add User To Groups": [[16, "function-aws-iam-add-user-to-groups"]], "Function - AWS IAM: Attach User policies": [[16, "function-aws-iam-attach-user-policies"]], "Function - AWS IAM: Deactivate MFA Devices": [[16, "function-aws-iam-deactivate-mfa-devices"]], "Function - AWS IAM: Delete Access Keys": [[16, "function-aws-iam-delete-access-keys"]], "Function - AWS IAM: Delete Login Profile": [[16, "function-aws-iam-delete-login-profile"]], "Function - AWS IAM: Delete SSH Public Keys": [[16, "function-aws-iam-delete-ssh-public-keys"]], "Function - AWS IAM: Delete Service Specific Credentials": [[16, "function-aws-iam-delete-service-specific-credentials"]], "Function - AWS IAM: Delete Signing Certificates": [[16, "function-aws-iam-delete-signing-certificates"]], "Function - AWS IAM: Delete User": [[16, "function-aws-iam-delete-user"]], "Function - AWS IAM: Delete Virtual MFA Devices": [[16, "function-aws-iam-delete-virtual-mfa-devices"]], "Function - AWS IAM: Detach User policies": [[16, "function-aws-iam-detach-user-policies"]], "Function - AWS IAM: List MFA Devices": [[16, "function-aws-iam-list-mfa-devices"]], "Function - AWS IAM: List SSH Public Keys": [[16, "function-aws-iam-list-ssh-public-keys"]], "Function - AWS IAM: List Service Specific Credentials": [[16, "function-aws-iam-list-service-specific-credentials"]], "Function - AWS IAM: List Signing Certificates": [[16, "function-aws-iam-list-signing-certificates"]], "Function - AWS IAM: List User Access Key IDs": [[16, "function-aws-iam-list-user-access-key-ids"]], "Function - AWS IAM: List User Groups": [[16, "function-aws-iam-list-user-groups"]], "Function - AWS IAM: List User Policies": [[16, "function-aws-iam-list-user-policies"]], "Function - AWS IAM: List Users": [[16, "function-aws-iam-list-users"]], "Function - AWS IAM: Remove User From Groups": [[16, "function-aws-iam-remove-user-from-groups"]], "Function - AWS IAM: Update Access Key": [[16, "function-aws-iam-update-access-key"]], "Function - AWS IAM: Update Login Profile": [[16, "function-aws-iam-update-login-profile"]], "Function - AbuseIPDB": [[7, "function-abuseipdb"]], "Function - AlgoSec: Traffic Change Request": [[8, "function-algosec-traffic-change-request"]], "Function - AlgoSec: Traffic Change Request Details": [[8, "function-algosec-traffic-change-request-details"]], "Function - AlgoSec: Traffic Simulation Query": [[8, "function-algosec-traffic-simulation-query"]], "Function - Ansible Module": [[11, "function-ansible-module"]], "Function - Ansible Playbook": [[11, "function-ansible-playbook"]], "Function - Archive Slack Channel": [[125, "function-archive-slack-channel"]], "Function - Axonius: Get Device By ID": [[18, "function-axonius-get-device-by-id"]], "Function - Axonius: Get Device Count": [[18, "function-axonius-get-device-count"]], "Function - Axonius: Get Device by Query": [[18, "function-axonius-get-device-by-query"]], "Function - Axonius: Run Enforcement Set": [[18, "function-axonius-run-enforcement-set"]], "Function - Azure Create Account": [[19, "function-azure-create-account"]], "Function - Azure Create Credential": [[19, "function-azure-create-credential"]], "Function - Azure Create Schedule": [[19, "function-azure-create-schedule"]], "Function - Azure Delete Account": [[19, "function-azure-delete-account"]], "Function - Azure Delete Credential": [[19, "function-azure-delete-credential"]], "Function - Azure Delete Runbook": [[19, "function-azure-delete-runbook"]], "Function - Azure Delete Schedule": [[19, "function-azure-delete-schedule"]], "Function - Azure Execute Runbook": [[19, "function-azure-execute-runbook"]], "Function - Azure Get Account": [[19, "function-azure-get-account"]], "Function - Azure Get Agent Registration Information": [[19, "function-azure-get-agent-registration-information"]], "Function - Azure Get Credential": [[19, "function-azure-get-credential"]], "Function - Azure Get Job": [[19, "function-azure-get-job"]], "Function - Azure Get Module Activity": [[19, "function-azure-get-module-activity"]], "Function - Azure Get Node Report": [[19, "function-azure-get-node-report"]], "Function - Azure Get Runbook": [[19, "function-azure-get-runbook"]], "Function - Azure Get Schedule": [[19, "function-azure-get-schedule"]], "Function - Azure List Statistics by Automation Account": [[19, "function-azure-list-statistics-by-automation-account"]], "Function - Azure Regenerate Agent Registration Key": [[19, "function-azure-regenerate-agent-registration-key"]], "Function - BigFix Action Status": [[20, "function-bigfix-action-status"]], "Function - BigFix Artifact": [[20, "function-bigfix-artifact"]], "Function - BigFix Assets": [[20, "function-bigfix-assets"]], "Function - BigFix Remediation": [[20, "function-bigfix-remediation"]], "Function - CS Falcon: Device Actions": [[33, "function-cs-falcon-device-actions"]], "Function - CS Falcon: Get Devices IOC Ran On": [[33, "function-cs-falcon-get-devices-ioc-ran-on"]], "Function - CS Falcon: Search": [[33, "function-cs-falcon-search"]], "Function - Calendar Invite": [[22, "function-calendar-invite"]], "Function - Call REST API": [[167, "function-call-rest-api"], [168, "function-call-rest-api"]], "Function - Cisco ASA Add Artifact to Network Object Group": [[25, "function-cisco-asa-add-artifact-to-network-object-group"]], "Function - Cisco ASA Get Network Object Details": [[25, "function-cisco-asa-get-network-object-details"]], "Function - Cisco ASA Get Network Objects": [[25, "function-cisco-asa-get-network-objects"]], "Function - Cisco ASA Remove Network Object from Network Object Group": [[25, "function-cisco-asa-remove-network-object-from-network-object-group"]], "Function - ClamAV scan stream": [[28, "function-clamav-scan-stream"]], "Function - Create Pastebin": [[93, "function-create-pastebin"]], "Function - Create WebEx Meeting": [[31, "function-create-webex-meeting"]], "Function - Create Zoom Meeting": [[32, "function-create-zoom-meeting"]], "Function - Darktrace: Acknowledge Incident Event": [[35, "function-darktrace-acknowledge-incident-event"]], "Function - Darktrace: Acknowledge Model Breach": [[35, "function-darktrace-acknowledge-model-breach"]], "Function - Darktrace: Add Device Tags": [[35, "function-darktrace-add-device-tags"]], "Function - Darktrace: Clear Data Table": [[35, "function-darktrace-clear-data-table"]], "Function - Darktrace: Get Devices": [[35, "function-darktrace-get-devices"]], "Function - Darktrace: Get Incident Events": [[35, "function-darktrace-get-incident-events"]], "Function - Darktrace: Get Incident Group": [[35, "function-darktrace-get-incident-group"]], "Function - Darktrace: List Similar Devices": [[35, "function-darktrace-list-similar-devices"]], "Function - Darktrace: Unacknowledge Incident Event": [[35, "function-darktrace-unacknowledge-incident-event"]], "Function - Darktrace: Unacknowledge Model Breach": [[35, "function-darktrace-unacknowledge-model-breach"]], "Function - Data Table Utils: Add Row": [[36, "function-data-table-utils-add-row"]], "Function - Data Table Utils: Clear Datatable": [[36, "function-data-table-utils-clear-datatable"]], "Function - Data Table Utils: Create CSV Datatable": [[36, "function-data-table-utils-create-csv-datatable"]], "Function - Data Table Utils: Delete Row": [[36, "function-data-table-utils-delete-row"]], "Function - Data Table Utils: Delete Rows": [[36, "function-data-table-utils-delete-rows"]], "Function - Data Table Utils: Get All Data Table Rows": [[36, "function-data-table-utils-get-all-data-table-rows"]], "Function - Data Table Utils: Get Row": [[36, "function-data-table-utils-get-row"]], "Function - Data Table Utils: Get Rows": [[36, "function-data-table-utils-get-rows"]], "Function - Data Table Utils: Update Row": [[36, "function-data-table-utils-update-row"]], "Function - Defender Alert Search": [[78, "function-defender-alert-search"]], "Function - Defender App Execution": [[78, "function-defender-app-execution"]], "Function - Defender Collect Machine Investigation Package": [[78, "function-defender-collect-machine-investigation-package"]], "Function - Defender Delete Indicator": [[78, "function-defender-delete-indicator"]], "Function - Defender Find Machines by File": [[78, "function-defender-find-machines-by-file"]], "Function - Defender Find Machines by Internal IP": [[78, "function-defender-find-machines-by-internal-ip"]], "Function - Defender Find Machines by filter": [[78, "function-defender-find-machines-by-filter"]], "Function - Defender Get File Information": [[78, "function-defender-get-file-information"]], "Function - Defender Get Incident": [[78, "function-defender-get-incident"]], "Function - Defender Get Related Alert Information": [[78, "function-defender-get-related-alert-information"]], "Function - Defender List Indicators": [[78, "function-defender-list-indicators"]], "Function - Defender Machine Isolation": [[78, "function-defender-machine-isolation"]], "Function - Defender Machine Scan": [[78, "function-defender-machine-scan"]], "Function - Defender Machine Vulnerabilities": [[78, "function-defender-machine-vulnerabilities"]], "Function - Defender Quarantine File": [[78, "function-defender-quarantine-file"]], "Function - Defender Set Indicator": [[78, "function-defender-set-indicator"]], "Function - Defender Update Alert": [[78, "function-defender-update-alert"]], "Function - Defender Update Incident": [[78, "function-defender-update-incident"]], "Function - ElasticSearch Utilities: Query": [[39, "function-elasticsearch-utilities-query"]], "Function - Exchange Create Meeting": [[41, "function-exchange-create-meeting"]], "Function - Exchange Delete Emails": [[41, "function-exchange-delete-emails"]], "Function - Exchange Find Emails": [[41, "function-exchange-find-emails"]], "Function - Exchange Get Mailbox Info": [[41, "function-exchange-get-mailbox-info"]], "Function - Exchange Move Emails": [[41, "function-exchange-move-emails"]], "Function - Exchange Online: Create Meeting": [[42, "function-exchange-online-create-meeting"]], "Function - Exchange Online: Delete Message": [[42, "function-exchange-online-delete-message"]], "Function - Exchange Online: Delete Messages From Query Results": [[42, "function-exchange-online-delete-messages-from-query-results"]], "Function - Exchange Online: Get Message": [[42, "function-exchange-online-get-message"]], "Function - Exchange Online: Get User Profile": [[42, "function-exchange-online-get-user-profile"]], "Function - Exchange Online: Move Message to Folder": [[42, "function-exchange-online-move-message-to-folder"]], "Function - Exchange Online: Query Messages": [[42, "function-exchange-online-query-messages"]], "Function - Exchange Online: Send Message": [[42, "function-exchange-online-send-message"]], "Function - Exchange Online: Write Message as Attachment": [[42, "function-exchange-online-write-message-as-attachment"]], "Function - Exchange Send Email": [[41, "function-exchange-send-email"]], "Function - Extrahop Reveal(x) add detection note": [[43, "function-extrahop-reveal-x-add-detection-note"]], "Function - Extrahop Reveal(x) assign tag": [[43, "function-extrahop-reveal-x-assign-tag"]], "Function - Extrahop Reveal(x) create tag": [[43, "function-extrahop-reveal-x-create-tag"]], "Function - Extrahop Reveal(x) get activitymaps": [[43, "function-extrahop-reveal-x-get-activitymaps"]], "Function - Extrahop Reveal(x) get detection note": [[43, "function-extrahop-reveal-x-get-detection-note"]], "Function - Extrahop Reveal(x) get detections": [[43, "function-extrahop-reveal-x-get-detections"]], "Function - Extrahop Reveal(x) get devices": [[43, "function-extrahop-reveal-x-get-devices"]], "Function - Extrahop Reveal(x) get tags": [[43, "function-extrahop-reveal-x-get-tags"]], "Function - Extrahop Reveal(x) get watchlist": [[43, "function-extrahop-reveal-x-get-watchlist"]], "Function - Extrahop Reveal(x) search detections": [[43, "function-extrahop-reveal-x-search-detections"]], "Function - Extrahop Reveal(x) search devices": [[43, "function-extrahop-reveal-x-search-devices"]], "Function - Extrahop Reveal(x) search packets": [[43, "function-extrahop-reveal-x-search-packets"]], "Function - Extrahop Reveal(x) update detection": [[43, "function-extrahop-reveal-x-update-detection"]], "Function - Extrahop Reveal(x) update watchlist": [[43, "function-extrahop-reveal-x-update-watchlist"]], "Function - Function Guardium Insights Block User": [[55, "function-function-guardium-insights-block-user"]], "Function - Function Guardium Insights Classification Report": [[55, "function-function-guardium-insights-classification-report"]], "Function - Function Guardium Insights populate breach data types": [[55, "function-function-guardium-insights-populate-breach-data-types"]], "Function - GRPC": [[53, "function-grpc"]], "Function - Get AWS Step Function Execution": [[17, "function-get-aws-step-function-execution"]], "Function - GitHub Delete File": [[46, "function-github-delete-file"]], "Function - GitHub Get Latest Release": [[46, "function-github-get-latest-release"]], "Function - GitHub Update File": [[46, "function-github-update-file"]], "Function - GitHub: Create Branch": [[46, "function-github-create-branch"]], "Function - GitHub: Create File": [[46, "function-github-create-file"]], "Function - GitHub: Create Release": [[46, "function-github-create-release"]], "Function - GitHub: Delete Branch": [[46, "function-github-delete-branch"]], "Function - GitHub: Get Branch": [[46, "function-github-get-branch"]], "Function - GitHub: Get Commit": [[46, "function-github-get-commit"]], "Function - GitHub: Get Commits": [[46, "function-github-get-commits"]], "Function - GitHub: Get File": [[46, "function-github-get-file"]], "Function - GitHub: Get Release": [[46, "function-github-get-release"]], "Function - GitHub: Get Releases": [[46, "function-github-get-releases"]], "Function - GitHub: Get Repositories": [[46, "function-github-get-repositories"]], "Function - GitHub: List Directory Files": [[46, "function-github-list-directory-files"]], "Function - Google Cloud DLP: De-Identify Content": [[47, "function-google-cloud-dlp-de-identify-content"]], "Function - Google Cloud DLP: Inspect Content": [[47, "function-google-cloud-dlp-inspect-content"]], "Function - Google Cloud SCC: Get Findings": [[49, "function-google-cloud-scc-get-findings"]], "Function - Google Cloud SCC: List Assets": [[49, "function-google-cloud-scc-list-assets"]], "Function - Google Cloud SCC: Update Findings": [[49, "function-google-cloud-scc-update-findings"]], "Function - Google Cloud SCC: Update Security Mark": [[49, "function-google-cloud-scc-update-security-mark"]], "Function - Google Safe Browsing": [[51, "function-google-safe-browsing"]], "Function - HTML to PDF": [[58, "function-html-to-pdf"]], "Function - Have I Been Pwned Get Breaches": [[185, "function-have-i-been-pwned-get-breaches"]], "Function - Have I Been Pwned Get Pastes": [[185, "function-have-i-been-pwned-get-pastes"]], "Function - Helix: Close Incident": [[21, "function-helix-close-incident"]], "Function - Helix: Create Incident": [[21, "function-helix-create-incident"]], "Function - ICDx: Find Events": [[59, "function-icdx-find-events"]], "Function - ICDx: Get Archive List": [[59, "function-icdx-get-archive-list"]], "Function - ICDx: Get Event": [[59, "function-icdx-get-event"]], "Function - Incident Utils: Close Incident": [[60, "function-incident-utils-close-incident"]], "Function - Incident Utils: Create Incident": [[60, "function-incident-utils-create-incident"]], "Function - Invoke AWS Lambda": [[17, "function-invoke-aws-lambda"]], "Function - Invoke AWS Step Function": [[17, "function-invoke-aws-step-function"]], "Function - IsItPhishing HTML document": [[63, "function-isitphishing-html-document"]], "Function - IsItPhishing URL": [[63, "function-isitphishing-url"]], "Function - Jira Create Comment": [[64, "function-jira-create-comment"]], "Function - Jira Open Issue": [[64, "function-jira-open-issue"]], "Function - Jira Transition Issue": [[64, "function-jira-transition-issue"]], "Function - Joe Sandbox Analysis": [[65, "function-joe-sandbox-analysis"]], "Function - Kafka Send": [[66, "function-kafka-send"]], "Function - LDAP Utilities: Add": [[67, "function-ldap-utilities-add"]], "Function - LDAP Utilities: Add to Group(s)": [[67, "function-ldap-utilities-add-to-group-s"]], "Function - LDAP Utilities: Remove from Group(s)": [[67, "function-ldap-utilities-remove-from-group-s"]], "Function - LDAP Utilities: Search": [[67, "function-ldap-utilities-search"]], "Function - LDAP Utilities: Set Password": [[67, "function-ldap-utilities-set-password"]], "Function - LDAP Utilities: Toggle Access": [[67, "function-ldap-utilities-toggle-access"]], "Function - LDAP Utilities: Update": [[67, "function-ldap-utilities-update"]], "Function - MISP Create Attribute": [[81, "function-misp-create-attribute"]], "Function - MISP Create Event": [[81, "function-misp-create-event"]], "Function - MISP Create Sighting": [[81, "function-misp-create-sighting"]], "Function - MISP Create Tag": [[81, "function-misp-create-tag"]], "Function - MISP Search Attribute": [[81, "function-misp-search-attribute"]], "Function - MISP Sighting List": [[81, "function-misp-sighting-list"]], "Function - MITRE Get Groups Using All Given Techniques": [[82, "function-mitre-get-groups-using-all-given-techniques"]], "Function - MITRE Groups Using Given Techniques": [[82, "function-mitre-groups-using-given-techniques"]], "Function - MITRE Tactic Information": [[82, "function-mitre-tactic-information"]], "Function - MITRE Technique Information": [[82, "function-mitre-technique-information"]], "Function - MITRE Technique\u2019s Software": [[82, "function-mitre-technique-s-software"]], "Function - MS Teams: Archive Team": [[133, "function-ms-teams-archive-team"]], "Function - MS Teams: Create Channel": [[133, "function-ms-teams-create-channel"]], "Function - MS Teams: Create group": [[133, "function-ms-teams-create-group"]], "Function - MS Teams: Create team": [[133, "function-ms-teams-create-team"]], "Function - MS Teams: Delete Channel": [[133, "function-ms-teams-delete-channel"]], "Function - MS Teams: Delete Group": [[133, "function-ms-teams-delete-group"]], "Function - MS Teams: Enable Team": [[133, "function-ms-teams-enable-team"]], "Function - MS Teams: Post Message": [[133, "function-ms-teams-post-message"]], "Function - MS Teams: Read Message": [[133, "function-ms-teams-read-message"]], "Function - MaaS360 Action": [[69, "function-maas360-action"]], "Function - MaaS360 Basic Search": [[69, "function-maas360-basic-search"]], "Function - MaaS360 Delete App": [[69, "function-maas360-delete-app"]], "Function - MaaS360 Stop App Distribution": [[69, "function-maas360-stop-app-distribution"]], "Function - Make Playbook": [[97, "function-make-playbook"]], "Function - Mandiant: Threat Intelligence": [[72, "function-mandiant-threat-intelligence"]], "Function - McAfee Publish to DXL": [[76, "function-mcafee-publish-to-dxl"]], "Function - McAfee TIE search hash": [[77, "function-mcafee-tie-search-hash"]], "Function - McAfee TIE: Set File Reputation": [[77, "function-mcafee-tie-set-file-reputation"]], "Function - McAfee Tag an ePO Asset": [[74, "function-mcafee-tag-an-epo-asset"]], "Function - McAfee ePO Add Permission sets to user": [[74, "function-mcafee-epo-add-permission-sets-to-user"]], "Function - McAfee ePO Add System": [[74, "function-mcafee-epo-add-system"]], "Function - McAfee ePO Add User": [[74, "function-mcafee-epo-add-user"]], "Function - McAfee ePO Assign Policy to Group": [[74, "function-mcafee-epo-assign-policy-to-group"]], "Function - McAfee ePO Assign Policy to Systems": [[74, "function-mcafee-epo-assign-policy-to-systems"]], "Function - McAfee ePO Create Issue": [[74, "function-mcafee-epo-create-issue"]], "Function - McAfee ePO Delete Issue": [[74, "function-mcafee-epo-delete-issue"]], "Function - McAfee ePO Delete System": [[74, "function-mcafee-epo-delete-system"]], "Function - McAfee ePO Execute Query": [[74, "function-mcafee-epo-execute-query"]], "Function - McAfee ePO Find Client Tasks": [[74, "function-mcafee-epo-find-client-tasks"]], "Function - McAfee ePO Find Groups": [[74, "function-mcafee-epo-find-groups"]], "Function - McAfee ePO Find Policies": [[74, "function-mcafee-epo-find-policies"]], "Function - McAfee ePO Find Systems in Group": [[74, "function-mcafee-epo-find-systems-in-group"]], "Function - McAfee ePO Find a System": [[74, "function-mcafee-epo-find-a-system"]], "Function - McAfee ePO Get All Permission sets": [[74, "function-mcafee-epo-get-all-permission-sets"]], "Function - McAfee ePO Get All Users": [[74, "function-mcafee-epo-get-all-users"]], "Function - McAfee ePO List Issues": [[74, "function-mcafee-epo-list-issues"]], "Function - McAfee ePO List Tags": [[74, "function-mcafee-epo-list-tags"]], "Function - McAfee ePO Remove Permission sets from user": [[74, "function-mcafee-epo-remove-permission-sets-from-user"]], "Function - McAfee ePO Remove Tag": [[74, "function-mcafee-epo-remove-tag"]], "Function - McAfee ePO Remove User": [[74, "function-mcafee-epo-remove-user"]], "Function - McAfee ePO Run Client Task": [[74, "function-mcafee-epo-run-client-task"]], "Function - McAfee ePO Update Issue": [[74, "function-mcafee-epo-update-issue"]], "Function - McAfee ePO Update User": [[74, "function-mcafee-epo-update-user"]], "Function - McAfee ePO Wake up agent": [[74, "function-mcafee-epo-wake-up-agent"]], "Function - Microsoft Security Graph Alert Search": [[79, "function-microsoft-security-graph-alert-search"]], "Function - Microsoft Security Graph Get Alert Details": [[79, "function-microsoft-security-graph-get-alert-details"]], "Function - Microsoft Security Graph Update Alert": [[79, "function-microsoft-security-graph-update-alert"]], "Function - Network Utilities: Domain Distance": [[85, "function-network-utilities-domain-distance"]], "Function - Network Utilities: Expand URL": [[85, "function-network-utilities-expand-url"]], "Function - Network Utilities: Extract SSL Cert From URL": [[85, "function-network-utilities-extract-ssl-cert-from-url"]], "Function - Network Utilities: Linux Shell Command": [[85, "function-network-utilities-linux-shell-command"]], "Function - Network Utilities: Local Shell Command": [[85, "function-network-utilities-local-shell-command"]], "Function - Network Utilities: Windows Shell Command": [[85, "function-network-utilities-windows-shell-command"]], "Function - OCR: Read Text From Image Bytes": [[86, "function-ocr-read-text-from-image-bytes"]], "Function - Outbound Email: Send Email": [[88, "function-outbound-email-send-email"]], "Function - Outbound Email: Send Email 2": [[88, "function-outbound-email-send-email-2"]], "Function - PB: Export Playbook": [[98, "function-pb-export-playbook"]], "Function - PB: Get Playbooks": [[98, "function-pb-get-playbooks"]], "Function - PB: Get Workflow Content": [[98, "function-pb-get-workflow-content"]], "Function - PB: Get Workflow Data": [[98, "id1"]], "Function - PB: Get playbook data": [[98, "function-pb-get-playbook-data"]], "Function - PB: Get workflow data": [[98, "function-pb-get-workflow-data"]], "Function - PB: Import Playbook": [[98, "function-pb-import-playbook"]], "Function - PagerDuty Create Incident": [[90, "function-pagerduty-create-incident"]], "Function - PagerDuty Create Note": [[90, "function-pagerduty-create-note"]], "Function - PagerDuty Create Service": [[90, "function-pagerduty-create-service"]], "Function - PagerDuty List Incidents": [[90, "function-pagerduty-list-incidents"]], "Function - PagerDuty List Services": [[90, "function-pagerduty-list-services"]], "Function - PagerDuty Transition Incident": [[90, "function-pagerduty-transition-incident"]], "Function - Panorama Commit": [[89, "function-panorama-commit"]], "Function - Panorama Create Address": [[89, "function-panorama-create-address"]], "Function - Panorama Edit Address Group": [[89, "function-panorama-edit-address-group"]], "Function - Panorama Edit Users in a Group": [[89, "function-panorama-edit-users-in-a-group"]], "Function - Panorama Get Address Groups": [[89, "function-panorama-get-address-groups"]], "Function - Panorama Get Addresses": [[89, "function-panorama-get-addresses"]], "Function - Panorama Get Users in a Group": [[89, "function-panorama-get-users-in-a-group"]], "Function - Parse Utilities: Email Parse": [[91, "function-parse-utilities-email-parse"]], "Function - Parse Utilities: PDFID": [[91, "function-parse-utilities-pdfid"]], "Function - Parse Utilities: Parse SSL Certificate": [[91, "function-parse-utilities-parse-ssl-certificate"]], "Function - Parse Utilities: XML Transformation": [[91, "function-parse-utilities-xml-transformation"]], "Function - PassiveTotal": [[92, "function-passivetotal"]], "Function - Phish.AI Get Report": [[94, "function-phish-ai-get-report"]], "Function - Phish.AI Scan URL": [[94, "function-phish-ai-scan-url"]], "Function - Pipl search function": [[96, "function-pipl-search-function"]], "Function - Post attachment to Slack": [[125, "function-post-attachment-to-slack"]], "Function - Post message to Slack": [[125, "function-post-message-to-slack"]], "Function - Proofpoint TAP Get Campaign": [[99, "function-proofpoint-tap-get-campaign"]], "Function - Proofpoint TAP Get Forensics": [[99, "function-proofpoint-tap-get-forensics"]], "Function - QRadar Advisor Map Rule": [[102, "function-qradar-advisor-map-rule"]], "Function - QRadar Advisor Offense Analysis": [[102, "function-qradar-advisor-offense-analysis"]], "Function - QRadar Create Note": [[103, "function-qradar-create-note"]], "Function - QRadar EDR: Attach File": [[108, "function-qradar-edr-attach-file"]], "Function - QRadar EDR: Close Alert": [[108, "function-qradar-edr-close-alert"]], "Function - QRadar EDR: Create Artifact": [[108, "function-qradar-edr-create-artifact"]], "Function - QRadar EDR: Create Note": [[108, "function-qradar-edr-create-note"]], "Function - QRadar EDR: Create Policy": [[108, "function-qradar-edr-create-policy"]], "Function - QRadar EDR: Deisolate Machine": [[108, "function-qradar-edr-deisolate-machine"]], "Function - QRadar EDR: Get Alert Information": [[108, "function-qradar-edr-get-alert-information"]], "Function - QRadar EDR: Get Endpoint Status": [[108, "function-qradar-edr-get-endpoint-status"]], "Function - QRadar EDR: Get Processes": [[108, "function-qradar-edr-get-processes"]], "Function - QRadar EDR: Isolate Machine": [[108, "function-qradar-edr-isolate-machine"]], "Function - QRadar EDR: Kill Process": [[108, "function-qradar-edr-kill-process"]], "Function - QRadar Get Offense MITRE Reference": [[103, "function-qradar-get-offense-mitre-reference"]], "Function - QRadar Offense Summary": [[103, "function-qradar-offense-summary"]], "Function - QRadar SIEM: Add Reference Set Item": [[104, "function-qradar-siem-add-reference-set-item"]], "Function - QRadar SIEM: Create Offense Note": [[104, "function-qradar-siem-create-offense-note"]], "Function - QRadar SIEM: Delete Reference Set Item": [[104, "function-qradar-siem-delete-reference-set-item"]], "Function - QRadar SIEM: Find Reference Set Item": [[104, "function-qradar-siem-find-reference-set-item"]], "Function - QRadar SIEM: Find Reference Sets": [[104, "function-qradar-siem-find-reference-sets"]], "Function - QRadar SIEM: QRadar Search": [[104, "function-qradar-siem-qradar-search"]], "Function - QRadar SIEM: Reference Table Add Item": [[104, "function-qradar-siem-reference-table-add-item"]], "Function - QRadar SIEM: Reference Table Delete Item": [[104, "function-qradar-siem-reference-table-delete-item"]], "Function - QRadar SIEM: Reference Table Get All Tables": [[104, "function-qradar-siem-reference-table-get-all-tables"]], "Function - QRadar SIEM: Reference Table Get Table Data": [[104, "function-qradar-siem-reference-table-get-table-data"]], "Function - QRadar SIEM: Reference Table Update Item": [[104, "function-qradar-siem-reference-table-update-item"]], "Function - QRadar SIEM: Update Offense": [[104, "function-qradar-siem-update-offense"]], "Function - QRadar Top Events": [[103, "function-qradar-top-events"]], "Function - RDAP: Query": [[150, "function-rdap-query"]], "Function - REST API": [[111, "function-rest-api"]], "Function - Randori: Clear Data Table": [[106, "function-randori-clear-data-table"]], "Function - Randori: Get Detections of Target": [[106, "function-randori-get-detections-of-target"]], "Function - Randori: Get Paths": [[106, "function-randori-get-paths"]], "Function - Randori: Get Target": [[106, "function-randori-get-target"]], "Function - Randori: Send Note as Comment to Target": [[106, "function-randori-send-note-as-comment-to-target"]], "Function - Randori: Update Notes from Randori Target": [[106, "function-randori-update-notes-from-randori-target"]], "Function - Randori: Update Target Impact Score": [[106, "function-randori-update-target-impact-score"]], "Function - Randori: Update Target Status": [[106, "function-randori-update-target-status"]], "Function - Rapid7 InsightIDR: Add Attachments to SOAR Case": [[107, "function-rapid7-insightidr-add-attachments-to-soar-case"]], "Function - Rapid7 InsightIDR: Get Alert Evidence": [[107, "function-rapid7-insightidr-get-alert-evidence"]], "Function - Rapid7 InsightIDR: Get Alerts": [[107, "function-rapid7-insightidr-get-alerts"]], "Function - Rapid7 InsightIDR: Get Comments from Rapid7 Investigation": [[107, "function-rapid7-insightidr-get-comments-from-rapid7-investigation"]], "Function - Rapid7 InsightIDR: Get Investigation": [[107, "function-rapid7-insightidr-get-investigation"]], "Function - Rapid7 InsightIDR: List Attachments": [[107, "function-rapid7-insightidr-list-attachments"]], "Function - Rapid7 InsightIDR: Post Comment to Rapid7 Investigation": [[107, "function-rapid7-insightidr-post-comment-to-rapid7-investigation"]], "Function - Rapid7 InsightIDR: Set Priority": [[107, "function-rapid7-insightidr-set-priority"]], "Function - Rapid7: InsightIDR Set Status": [[107, "function-rapid7-insightidr-set-status"]], "Function - Relations: Assign Parent": [[109, "function-relations-assign-parent"]], "Function - Relations: Auto Close Child Incidents": [[109, "function-relations-auto-close-child-incidents"]], "Function - Relations: Copy Task": [[109, "function-relations-copy-task"]], "Function - Relations: Remove Child Relation": [[109, "function-relations-remove-child-relation"]], "Function - Relations: Sync Artifact": [[109, "function-relations-sync-artifact"]], "Function - Relations: Sync Child Table Data": [[109, "function-relations-sync-child-table-data"]], "Function - Relations: Sync Datatable Data": [[109, "function-relations-sync-datatable-data"]], "Function - Relations: Sync Notes": [[109, "function-relations-sync-notes"]], "Function - Relations: Sync Task Notes": [[109, "function-relations-sync-task-notes"]], "Function - Remedy: Close Incident": [[110, "function-remedy-close-incident"]], "Function - Remedy: Create Incident": [[110, "function-remedy-create-incident"]], "Function - Run Scheduled Job Now": [[114, "function-run-scheduled-job-now"]], "Function - SEP - Add Fingerprint List": [[117, "function-sep-add-fingerprint-list"]], "Function - SEP - Assign Fingerprint List to Group": [[117, "function-sep-assign-fingerprint-list-to-group"]], "Function - SEP - Cancel a Command": [[117, "function-sep-cancel-a-command"]], "Function - SEP - Delete Fingerprint List": [[117, "function-sep-delete-fingerprint-list"]], "Function - SEP - Get Command Status": [[117, "function-sep-get-command-status"]], "Function - SEP - Get Computers": [[117, "function-sep-get-computers"]], "Function - SEP - Get Critical Events Info": [[117, "function-sep-get-critical-events-info"]], "Function - SEP - Get Domains": [[117, "function-sep-get-domains"]], "Function - SEP - Get Exceptions Policy": [[117, "function-sep-get-exceptions-policy"]], "Function - SEP - Get File Content as Base64": [[117, "function-sep-get-file-content-as-base64"]], "Function - SEP - Get Fingerprint List": [[117, "function-sep-get-fingerprint-list"]], "Function - SEP - Get Firewall Policy": [[117, "function-sep-get-firewall-policy"]], "Function - SEP - Get Groups": [[117, "function-sep-get-groups"]], "Function - SEP - Get Policy Summary": [[117, "function-sep-get-policy-summary"]], "Function - SEP - Move endpoint": [[117, "function-sep-move-endpoint"]], "Function - SEP - Quarantine Endpoints": [[117, "function-sep-quarantine-endpoints"]], "Function - SEP - Scan Endpoints": [[117, "function-sep-scan-endpoints"]], "Function - SEP - Update Fingerprint List": [[117, "function-sep-update-fingerprint-list"]], "Function - SEP - Upload File to SEPM": [[117, "function-sep-upload-file-to-sepm"]], "Function - SOAR Utilities Artifact Hash": [[127, "function-soar-utilities-artifact-hash"]], "Function - SOAR Utilities: Attachment Hash": [[127, "function-soar-utilities-attachment-hash"]], "Function - SOAR Utilities: Attachment Zip Extract": [[127, "function-soar-utilities-attachment-zip-extract"]], "Function - SOAR Utilities: Attachment Zip List": [[127, "function-soar-utilities-attachment-zip-list"]], "Function - SOAR Utilities: Attachment to Base64": [[127, "function-soar-utilities-attachment-to-base64"]], "Function - SOAR Utilities: Base64 to Artifact": [[127, "function-soar-utilities-base64-to-artifact"]], "Function - SOAR Utilities: Base64 to Attachment": [[127, "function-soar-utilities-base64-to-attachment"]], "Function - SOAR Utilities: Close Incident": [[127, "function-soar-utilities-close-incident"]], "Function - SOAR Utilities: Create Incident": [[127, "function-soar-utilities-create-incident"]], "Function - SOAR Utilities: Get Contact Info": [[127, "function-soar-utilities-get-contact-info"]], "Function - SOAR Utilities: SOAR Search": [[127, "function-soar-utilities-soar-search"]], "Function - SOAR Utilities: Search Incidents": [[127, "function-soar-utilities-search-incidents"]], "Function - SOAR Utilities: String to Attachment": [[127, "function-soar-utilities-string-to-attachment"]], "Function - Salesforce: Add Comment to Salesforce Case": [[113, "function-salesforce-add-comment-to-salesforce-case"]], "Function - Salesforce: Create Case in Salesforce": [[113, "function-salesforce-create-case-in-salesforce"]], "Function - Salesforce: Create Task in Salesforce Case": [[113, "function-salesforce-create-task-in-salesforce-case"]], "Function - Salesforce: Get Account": [[113, "function-salesforce-get-account"]], "Function - Salesforce: Get Attachments from Salesforce": [[113, "function-salesforce-get-attachments-from-salesforce"]], "Function - Salesforce: Get Case": [[113, "function-salesforce-get-case"]], "Function - Salesforce: Get Case Comments": [[113, "function-salesforce-get-case-comments"]], "Function - Salesforce: Get Contact": [[113, "function-salesforce-get-contact"]], "Function - Salesforce: Get User": [[113, "function-salesforce-get-user"]], "Function - Salesforce: Post Attachment to Salesforce Case": [[113, "function-salesforce-post-attachment-to-salesforce-case"]], "Function - Salesforce: Sync Tasks Between Cases": [[113, "function-salesforce-sync-tasks-between-cases"]], "Function - Salesforce: Update Case Status": [[113, "function-salesforce-update-case-status"]], "Function - Scan with urlscan.io": [[187, "function-scan-with-urlscan-io"]], "Function - Scheduled Rule Create": [[114, "function-scheduled-rule-create"]], "Function - Scheduled Rule List": [[114, "function-scheduled-rule-list"]], "Function - Scheduled Rule Modify": [[114, "function-scheduled-rule-modify"]], "Function - Scheduled Rule Pause": [[114, "function-scheduled-rule-pause"]], "Function - Scheduled Rule Remove": [[114, "function-scheduled-rule-remove"]], "Function - Scheduled Rule Resume": [[114, "function-scheduled-rule-resume"]], "Function - Search Incidents": [[60, "function-search-incidents"]], "Function - Send SMS using AWS SNS": [[17, "function-send-sms-using-aws-sns"]], "Function - Sentinel Add Incident Comment": [[80, "function-sentinel-add-incident-comment"]], "Function - Sentinel Get Incident Alerts": [[80, "function-sentinel-get-incident-alerts"]], "Function - Sentinel Get Incident Comments": [[80, "function-sentinel-get-incident-comments"]], "Function - Sentinel Get Incident Entities": [[80, "function-sentinel-get-incident-entities"]], "Function - Sentinel Update Incident": [[80, "function-sentinel-update-incident"]], "Function - SentinelOne: Abort Disk Scan": [[116, "function-sentinelone-abort-disk-scan"]], "Function - SentinelOne: Connect to Network": [[116, "function-sentinelone-connect-to-network"]], "Function - SentinelOne: Disconnect From Network": [[116, "function-sentinelone-disconnect-from-network"]], "Function - SentinelOne: Get Agent Details": [[116, "function-sentinelone-get-agent-details"]], "Function - SentinelOne: Get Hash Reputation": [[116, "function-sentinelone-get-hash-reputation"]], "Function - SentinelOne: Get Threat Details": [[116, "function-sentinelone-get-threat-details"]], "Function - SentinelOne: Initiate Disk Scan": [[116, "function-sentinelone-initiate-disk-scan"]], "Function - SentinelOne: Resolve Threat in SentinelOne": [[116, "function-sentinelone-resolve-threat-in-sentinelone"]], "Function - SentinelOne: Restart Agent": [[116, "function-sentinelone-restart-agent"]], "Function - SentinelOne: Send SOAR Note to SentinelOne": [[116, "function-sentinelone-send-soar-note-to-sentinelone"]], "Function - SentinelOne: Shutdown Agent": [[116, "function-sentinelone-shutdown-agent"]], "Function - SentinelOne: Update Notes From SentinelOne": [[116, "function-sentinelone-update-notes-from-sentinelone"]], "Function - Sentinelone: Update Threat Status": [[116, "function-sentinelone-update-threat-status"]], "Function - Shadowserver": [[122, "function-shadowserver"]], "Function - Siemplify Add Playbook": [[124, "function-siemplify-add-playbook"]], "Function - Siemplify Add/Update Entity to Custom List": [[124, "function-siemplify-add-update-entity-to-custom-list"]], "Function - Siemplify Close Case": [[124, "function-siemplify-close-case"]], "Function - Siemplify Get Custom List Entities": [[124, "function-siemplify-get-custom-list-entities"]], "Function - Siemplify Remove List Entry": [[124, "function-siemplify-remove-list-entry"]], "Function - Siemplify Sync Artifact": [[124, "function-siemplify-sync-artifact"]], "Function - Siemplify Sync Attachment": [[124, "function-siemplify-sync-attachment"]], "Function - Siemplify Sync Case": [[124, "function-siemplify-sync-case"]], "Function - Siemplify Sync Comment": [[124, "function-siemplify-sync-comment"]], "Function - Siemplify Sync Task": [[124, "function-siemplify-sync-task"]], "Function - Siemplify: Add/Update Entity to Blocklist": [[124, "function-siemplify-add-update-entity-to-blocklist"]], "Function - Siemplify: Get Blocklist Entities": [[124, "function-siemplify-get-blocklist-entities"]], "Function - SnapShot URL": [[126, "function-snapshot-url"]], "Function - Splunk Add Intel Item": [[129, "function-splunk-add-intel-item"]], "Function - Splunk Delete Threat Intel Item": [[129, "function-splunk-delete-threat-intel-item"]], "Function - Splunk Search": [[129, "function-splunk-search"]], "Function - Splunk Update Notable Event": [[129, "function-splunk-update-notable-event"]], "Function - Staxx Import": [[10, "function-staxx-import"]], "Function - Staxx Query": [[10, "function-staxx-query"]], "Function - Sumo Logic: Add Comment to Insight": [[130, "function-sumo-logic-add-comment-to-insight"]], "Function - Sumo Logic: Add Tag to Insight": [[130, "function-sumo-logic-add-tag-to-insight"]], "Function - Sumo Logic: Get Entity": [[130, "function-sumo-logic-get-entity"]], "Function - Sumo Logic: Get Insight By ID": [[130, "function-sumo-logic-get-insight-by-id"]], "Function - Sumo Logic: Get Insights Comments": [[130, "function-sumo-logic-get-insights-comments"]], "Function - Sumo Logic: Get Signal by ID": [[130, "function-sumo-logic-get-signal-by-id"]], "Function - Sumo Logic: Update Insight Status": [[130, "function-sumo-logic-update-insight-status"]], "Function - Symantec DLP: Close DLP Case": [[131, "function-symantec-dlp-close-dlp-case"]], "Function - Symantec DLP: Get DLP Notes": [[131, "function-symantec-dlp-get-dlp-notes"]], "Function - Symantec DLP: Get Incident Details": [[131, "function-symantec-dlp-get-incident-details"]], "Function - Symantec DLP: Send Note to DLP Incident": [[131, "function-symantec-dlp-send-note-to-dlp-incident"]], "Function - Symantec DLP: Update Incident in DLP": [[131, "function-symantec-dlp-update-incident-in-dlp"]], "Function - Symantec DLP: Upload Binaries": [[131, "function-symantec-dlp-upload-binaries"]], "Function - Timer": [[136, "function-timer"], [168, "function-timer"]], "Function - Trusteer PPD: Get URL Links to Trusteer": [[137, "function-trusteer-ppd-get-url-links-to-trusteer"]], "Function - Trusteer PPD: Update Alert Classification": [[137, "function-trusteer-ppd-update-alert-classification"]], "Function - Trusteer PPD: Update Classification in Alert Datatable": [[137, "function-trusteer-ppd-update-classification-in-alert-datatable"]], "Function - URL to DNS": [[140, "function-url-to-dns"]], "Function - VMware CBC: Get Alert By ID": [[146, "function-vmware-cbc-get-alert-by-id"]], "Function - VMware CBC: Get CBC Notes": [[146, "function-vmware-cbc-get-cbc-notes"]], "Function - VMware CBC: Get Device By ID": [[146, "function-vmware-cbc-get-device-by-id"]], "Function - VMware CBC: Post Alert Workflow Data": [[146, "function-vmware-cbc-post-alert-workflow-data"]], "Function - VMware CBC: Post Device Action": [[146, "function-vmware-cbc-post-device-action"]], "Function - VMware CBC: Post Note to CBC Alert": [[146, "function-vmware-cbc-post-note-to-cbc-alert"]], "Function - VMware CBC: Post Observations Detail Job": [[146, "function-vmware-cbc-post-observations-detail-job"]], "Function - VMware CBC: Post Reputation Override": [[146, "function-vmware-cbc-post-reputation-override"]], "Function - VMware CBC: Post Tags": [[146, "function-vmware-cbc-post-tags"]], "Function - VMware: CBC Kill Process": [[146, "function-vmware-cbc-kill-process"]], "Function - VirusTotal": [[144, "function-virustotal"], [188, "function-virustotal"]], "Function - WHOIS: query": [[150, "function-whois-query"]], "Function - Watson Search": [[102, "function-watson-search"]], "Function - Watson Search with Local Context": [[102, "function-watson-search-with-local-context"]], "Function - Watson Translate": [[147, "function-watson-translate"]], "Function - Webex: Create Meeting": [[148, "function-webex-create-meeting"]], "Function - Webex: Create Room": [[148, "function-webex-create-room"]], "Function - Webex: Create Team": [[148, "function-webex-create-team"]], "Function - Webex: Delete Room": [[148, "function-webex-delete-room"]], "Function - Webex: Delete Team": [[148, "function-webex-delete-team"]], "Function - Wiki Create or Update Page": [[151, "function-wiki-create-or-update-page"]], "Function - Wiki Get Contents": [[151, "function-wiki-get-contents"]], "Function - Wiki Lookup": [[151, "function-wiki-lookup"]], "Function - Wiz: Pull Vulnerabilities": [[152, "function-wiz-pull-vulnerabilities"]], "Function - Wiz: Query Issue": [[152, "function-wiz-query-issue"]], "Function - Wiz: Send SOAR Notes": [[152, "function-wiz-send-soar-notes"]], "Function - Wiz: Sync Status": [[152, "function-wiz-sync-status"]], "Function - X-Force Utilities: Get Collection by ID": [[153, "function-x-force-utilities-get-collection-by-id"]], "Function - X-Force Utilities: Query Collection": [[153, "function-x-force-utilities-query-collection"]], "Function - Yeti": [[154, "function-yeti"]], "Function - ZIA: Add To Allowlist": [[155, "function-zia-add-to-allowlist"]], "Function - ZIA: Add To Blocklist": [[155, "function-zia-add-to-blocklist"]], "Function - ZIA: Add To URL Category": [[155, "function-zia-add-to-url-category"]], "Function - ZIA: Add URL Category": [[155, "function-zia-add-url-category"]], "Function - ZIA: Get Allowlist": [[155, "function-zia-get-allowlist"]], "Function - ZIA: Get Blocklist": [[155, "function-zia-get-blocklist"]], "Function - ZIA: Get Sandbox Report": [[155, "function-zia-get-sandbox-report"]], "Function - ZIA: Get URL Categories": [[155, "function-zia-get-url-categories"]], "Function - ZIA: Remove From Allowlist": [[155, "function-zia-remove-from-allowlist"]], "Function - ZIA: Remove From Blocklist": [[155, "function-zia-remove-from-blocklist"]], "Function - ZIA: Remove From URL Category": [[155, "function-zia-remove-from-url-category"]], "Function - ZIA: URL Lookup": [[155, "function-zia-url-lookup"]], "Function - fn_netdevice_config": [[84, "function-fn-netdevice-config"]], "Function - fn_netdevice_query": [[84, "function-fn-netdevice-query"]], "Function - fn_odbc_query": [[87, "function-fn-odbc-query"]], "Function Guardium Generate Client Secret": [[56, "function-guardium-generate-client-secret"]], "Function Guardium List Parameter Names by Report Name": [[56, "function-guardium-list-parameter-names-by-report-name"]], "Function Guardium Search Outlier Details": [[56, "function-guardium-search-outlier-details"]], "Function Guardium Search Report": [[56, "function-guardium-search-report"], [56, "id5"]], "Function Guardium Search Sensitive Object": [[56, "function-guardium-search-sensitive-object"]], "Function Guardium block user": [[56, "function-guardium-block-user"]], "Function Inputs": [[9, "function-inputs"], [34, "function-inputs"], [138, "function-inputs"], [138, "id1"], [138, "id5"]], "Function Inputs with Activation Fields": [[97, "function-inputs-with-activation-fields"]], "Function Inputs without Activation Fields": [[97, "function-inputs-without-activation-fields"]], "Function Inputs:": [[37, "function-inputs"], [38, "function-inputs"], [50, "function-inputs"], [54, "function-inputs"], [57, "function-inputs"], [62, "function-inputs"], [139, "function-inputs"], [145, "function-inputs"], [149, "function-inputs"]], "Function Inputs: Base64 to Attachment:": [[48, "function-inputs-base64-to-attachment"]], "Function Inputs: Google Cloud Function:": [[48, "function-inputs-google-cloud-function"]], "Function Output": [[9, "function-output"], [34, "function-output"], [138, "function-output"], [138, "id2"], [138, "id6"]], "Function Output:": [[37, "function-output"], [38, "function-output"], [50, "function-output"], [54, "function-output"], [139, "function-output"], [145, "function-output"], [149, "function-output"]], "Function Outputs:": [[57, "function-outputs"]], "Function Workflow:": [[56, "function-workflow"], [56, "id1"], [56, "id2"], [56, "id3"], [56, "id4"], [56, "id6"], [56, "id7"]], "Function: GCP Cloud Functions: Sandbox and Screenshot Webpage": [[48, "function-gcp-cloud-functions-sandbox-and-screenshot-webpage"]], "Function: Utilities: Base64 to Attachment": [[48, "function-utilities-base64-to-attachment"]], "Functions": [[98, "functions"], [119, "functions"], [134, "functions"]], "Functions:": [[38, "functions"], [112, "functions"]], "GRR": [[54, null]], "Generate an Access Key and Secret in Sumo Log Analytics Platform": [[130, "generate-an-access-key-and-secret-in-sumo-log-analytics-platform"]], "Generate an Organization API Key in Rapid7 InsightIDR": [[107, "generate-an-organization-api-key-in-rapid7-insightidr"]], "Get the API Key and Secret in Axonius": [[18, "get-the-api-key-and-secret-in-axonius"]], "GitHub": [[46, null]], "GitHub Development Version": [[46, "github-development-version"]], "Google Cloud DLP": [[47, null]], "Google Cloud Function Output:": [[48, "google-cloud-function-output"]], "Google Cloud Functions": [[48, null]], "Google Cloud Security Command Center": [[49, null]], "Google Geocoding": [[45, null]], "Google Gmail": [[157, "google-gmail"]], "Google Maps": [[50, null]], "Google Safe Browsing": [[51, null]], "Google Safe Browsing Threat Searcher": [[170, null]], "GreyNoise": [[52, null]], "Guardium Insights Integration": [[55, null]], "Guardium Integration Application for IBM Resilient.": [[56, null]], "Guardium: 2. Search for Entitlements to Sensitive Objects:": [[56, "guardium-2-search-for-entitlements-to-sensitive-objects"]], "Guardium: 3. Search for User Outlier Details:": [[56, "guardium-3-search-for-user-outlier-details"]], "Guardium: 4A. List Parameter Names By Report Name :": [[56, "guardium-4a-list-parameter-names-by-report-name"]], "Guardium: 4B. Search All Guardium Reports :": [[56, "guardium-4b-search-all-guardium-reports"]], "Guardium: 5. Block User from Data Source:": [[56, "guardium-5-block-user-from-data-source"]], "Guardium: Generate Client Secret:": [[56, "guardium-generate-client-secret"]], "HTML to PDF": [[58, null]], "Have I Been Pwned": [[57, null]], "Have I Been Pwned Get Breaches:": [[57, "have-i-been-pwned-get-breaches"]], "Have I Been Pwned Get Pastes:": [[57, "have-i-been-pwned-get-pastes"]], "Have I Been Pwned Threat Searcher": [[171, null]], "Hint: <!-- omit in toc -->": [[111, "hint"]], "History": [[1, "history"], [2, null], [42, "history"], [45, "history"], [57, "history"], [61, "history"], [108, "history"], [149, "history"], [168, "history"], [180, "history"], [181, "history"], [183, "history"], [189, "history"], [190, "history"], [191, "history"]], "How does this perform?": [[179, "how-does-this-perform"]], "How to configure to use a single Jira Server": [[64, "how-to-configure-to-use-a-single-jira-server"]], "How to configure to use a single LDAP Server": [[67, "how-to-configure-to-use-a-single-ldap-server"]], "How to configure to use a single ODBC database": [[87, "how-to-configure-to-use-a-single-odbc-database"]], "How to configure to use a single Panorama Server": [[89, "how-to-configure-to-use-a-single-panorama-server"]], "How to configure to use a single QRadar Server": [[103, "how-to-configure-to-use-a-single-qradar-server"], [104, "how-to-configure-to-use-a-single-qradar-server"]], "How to configure to use a single Splunk Server": [[129, "how-to-configure-to-use-a-single-splunk-server"]], "How to configure to use multiple QRadar servers that have the QRadar-Plugin installed": [[103, "how-to-configure-to-use-multiple-qradar-servers-that-have-the-qradar-plugin-installed"]], "How to use the function": [[26, "how-to-use-the-function"], [40, "how-to-use-the-function"], [135, "how-to-use-the-function"]], "IBM QRadar SOAR uses PostgreSQL.  Why can\u2019t I just open up access to the PostgreSQL and query the DB directly?": [[179, "ibm-qradar-soar-uses-postgresql-why-can-t-i-just-open-up-access-to-the-postgresql-and-query-the-db-directly"]], "IBM SOAR Email Approval Process Content Pack": [[190, null]], "IBM SOAR LDAP Utilities": [[67, null]], "IBM SOAR Python Documentation": [[6, null]], "IBM SOAR example email message parsing script": [[191, null]], "IBM SOAR integration for AlgoSec": [[8, null]], "IBM SOAR platform": [[60, "ibm-soar-platform"], [98, "ibm-soar-platform"]], "IBM Security QRadar SOAR Apps": [[156, null]], "IBM Trusteer Development Version": [[137, "ibm-trusteer-development-version"]], "IBM XForce Collections": [[153, null]], "IOC Parser": [[61, null]], "IP address allowlists": [[191, "ip-address-allowlists"]], "IPInfo": [[62, null]], "ISC SANS": [[167, null]], "If Relation Level is: Child": [[109, "if-relation-level-is-child"]], "If Relation Level is: Parent": [[109, "if-relation-level-is-parent"]], "Image OCR": [[86, null]], "Image specific app.config sections": [[38, "image-specific-app-config-sections"]], "Import": [[185, "import"], [186, "import"], [187, "import"], [188, "import"]], "Import Keys": [[0, "import-keys"]], "Import statements": [[30, "import-statements"]], "Imported Apps": [[168, "imported-apps"]], "Incident Links": [[88, "incident-links"]], "Incident Utilities": [[60, null]], "Incident fields that are required for the example automatic rule to run": [[103, "incident-fields-that-are-required-for-the-example-automatic-rule-to-run"]], "Information as Data-tables or Artifacts": [[41, "information-as-data-tables-or-artifacts"]], "Initialization": [[1, "initialization"], [2, "initialization"]], "Input Considerations": [[111, "input-considerations"]], "Input Formats:": [[111, "input-formats"]], "Input format": [[111, "input-format"]], "Inputs:": [[33, "inputs"], [33, "id1"], [33, "id5"]], "Insights Filtering": [[130, "insights-filtering"]], "Install": [[7, "install"], [8, "install"], [11, "install"], [13, "install"], [15, "install"], [17, "install"], [18, "install"], [19, "install"], [20, "install"], [21, "install"], [22, "install"], [24, "install"], [25, "install"], [28, "install"], [31, "install"], [32, "install"], [35, "install"], [36, "install"], [39, "install"], [41, "install"], [42, "install"], [43, "install"], [46, "install"], [47, "install"], [49, "install"], [51, "install"], [53, "install"], [58, "install"], [59, "install"], [60, "install"], [63, "install"], [64, "install"], [65, "install"], [66, "install"], [67, "install"], [69, "install"], [72, "install"], [74, "install"], [76, "install"], [77, "install"], [78, "install"], [79, "install"], [80, "install"], [81, "install"], [82, "install"], [84, "install"], [85, "install"], [86, "install"], [87, "install"], [88, "install"], [89, "install"], [90, "install"], [91, "install"], [92, "install"], [93, "install"], [94, "install"], [96, "install"], [97, "install"], [98, "install"], [99, "install"], [102, "install"], [103, "install"], [104, "install"], [106, "install"], [107, "install"], [108, "install"], [109, "install"], [110, "install"], [111, "install"], [113, "install"], [114, "install"], [116, "install"], [117, "install"], [118, "install"], [122, "install"], [124, "install"], [125, "install"], [126, "install"], [127, "install"], [129, "install"], [130, "install"], [131, "install"], [136, "install"], [137, "install"], [140, "install"], [144, "install"], [146, "install"], [147, "install"], [150, "install"], [151, "install"], [152, "install"], [153, "install"], [154, "install"], [155, "install"], [157, "install"], [185, "install"], [187, "install"], [188, "install"]], "Install Docker": [[38, "install-docker"]], "Install and Configure ASA REST API Agent and Client": [[25, "install-and-configure-asa-rest-api-agent-and-client"]], "Install msgconvert on CentOS/RHEL based systems:": [[91, "install-msgconvert-on-centos-rhel-based-systems"], [91, "id3"]], "Install the Python components": [[178, "install-the-python-components"], [180, "install-the-python-components"], [181, "install-the-python-components"], [182, "install-the-python-components"], [184, "install-the-python-components"]], "Installation": [[7, "installation"], [8, "installation"], [9, "installation"], [10, "installation"], [11, "installation"], [12, "installation"], [13, "installation"], [15, "installation"], [16, "installation"], [17, "installation"], [18, "installation"], [19, "installation"], [20, "installation"], [21, "installation"], [22, "installation"], [24, "installation"], [25, "installation"], [26, "installation"], [28, "installation"], [29, "installation"], [31, "installation"], [32, "installation"], [34, "installation"], [35, "installation"], [36, "installation"], [39, "installation"], [41, "installation"], [42, "installation"], [43, "installation"], [44, "installation"], [45, "installation"], [46, "installation"], [47, "installation"], [49, "installation"], [51, "installation"], [52, "installation"], [53, "installation"], [55, "installation"], [56, "installation"], [58, "installation"], [59, "installation"], [60, "installation"], [61, "installation"], [63, "installation"], [64, "installation"], [65, "installation"], [66, "installation"], [67, "installation"], [68, "installation"], [69, "installation"], [70, "installation"], [71, "installation"], [72, "installation"], [73, "installation"], [74, "installation"], [75, "installation"], [76, "installation"], [77, "installation"], [78, "installation"], [79, "installation"], [80, "installation"], [81, "installation"], [82, "installation"], [84, "installation"], [85, "installation"], [86, "installation"], [87, "installation"], [88, "installation"], [89, "installation"], [90, "installation"], [91, "installation"], [92, "installation"], [93, "installation"], [94, "installation"], [95, "installation"], [96, "installation"], [97, "installation"], [98, "installation"], [99, "installation"], [100, "installation"], [101, "installation"], [102, "installation"], [103, "installation"], [104, "installation"], [105, "installation"], [106, "installation"], [107, "installation"], [108, "installation"], [109, "installation"], [110, "installation"], [111, "installation"], [113, "installation"], [114, "installation"], [115, "installation"], [116, "installation"], [117, "installation"], [122, "installation"], [124, "installation"], [125, "installation"], [126, "installation"], [127, "installation"], [129, "installation"], [130, "installation"], [131, "installation"], [132, "installation"], [133, "installation"], [134, "installation"], [136, "installation"], [137, "installation"], [138, "installation"], [140, "installation"], [142, "installation"], [143, "installation"], [144, "installation"], [145, "installation"], [146, "installation"], [147, "installation"], [148, "installation"], [150, "installation"], [151, "installation"], [152, "installation"], [153, "installation"], [154, "installation"], [155, "installation"], [157, "installation"], [159, "installation"], [161, "installation"], [162, "installation"], [167, "installation"], [171, "installation"], [172, "installation"], [173, "installation"], [174, "installation"], [175, "installation"], [176, "installation"], [178, "installation"], [180, "installation"], [181, "installation"], [182, "installation"], [183, "installation"], [184, "installation"], [190, "installation"]], "Installation (App Host)": [[123, "installation-app-host"], [128, "installation-app-host"], [141, "installation-app-host"]], "Installation (Integration Server)": [[123, "installation-integration-server"], [128, "installation-integration-server"], [141, "installation-integration-server"]], "Installation and Configuration": [[30, "installation-and-configuration"], [190, "installation-and-configuration"]], "Installation instructions": [[168, "installation-instructions"], [189, "installation-instructions"], [191, "installation-instructions"]], "Installation:": [[112, "installation"]], "Integration Server": [[10, "integration-server"], [12, "integration-server"], [29, "integration-server"], [45, "integration-server"], [55, "integration-server"], [115, "integration-server"], [145, "integration-server"], [182, "integration-server"], [183, "integration-server"], [184, "integration-server"]], "Integration Server Installation": [[11, "integration-server-installation"], [86, "integration-server-installation"], [126, "integration-server-installation"], [180, "integration-server-installation"]], "Integration Server Requirements": [[181, "integration-server-requirements"], [182, "integration-server-requirements"]], "Integration Server Setup": [[61, "integration-server-setup"], [142, "integration-server-setup"]], "Integration app.config settings:": [[38, "integration-app-config-settings"]], "Integrations": [[114, "integrations"]], "Introduction": [[4, "introduction"], [159, "introduction"], [178, "introduction"], [179, "introduction"], [180, "introduction"], [181, "introduction"], [182, "introduction"], [184, "introduction"]], "Investigation Filtering": [[107, "investigation-filtering"]], "Is historical data maintained?": [[179, "is-historical-data-maintained"]], "IsItPhishing": [[63, null]], "JSON Web Token Authentication": [[111, "json-web-token-authentication"]], "Jira": [[64, null]], "Joe Sandbox Analysis": [[65, null]], "Kafka": [[66, null]], "Kafka App 1.0.2 Changes": [[66, "kafka-app-1-0-2-changes"]], "Kafka Listener": [[66, "kafka-listener"]], "KafkaFeed Class": [[181, "kafkafeed-class"]], "Key Features": [[7, "key-features"], [8, "key-features"], [10, "key-features"], [11, "key-features"], [13, "key-features"], [15, "key-features"], [16, "key-features"], [17, "key-features"], [18, "key-features"], [19, "key-features"], [20, "key-features"], [21, "key-features"], [22, "key-features"], [24, "key-features"], [25, "key-features"], [28, "key-features"], [31, "key-features"], [32, "key-features"], [35, "key-features"], [39, "key-features"], [41, "key-features"], [42, "key-features"], [43, "key-features"], [46, "key-features"], [47, "key-features"], [49, "key-features"], [51, "key-features"], [55, "key-features"], [58, "key-features"], [59, "key-features"], [60, "key-features"], [63, "key-features"], [64, "key-features"], [65, "key-features"], [66, "key-features"], [67, "key-features"], [72, "key-features"], [74, "key-features"], [75, "key-features"], [76, "key-features"], [77, "key-features"], [78, "key-features"], [79, "key-features"], [80, "key-features"], [81, "key-features"], [82, "key-features"], [84, "key-features"], [85, "key-features"], [86, "key-features"], [87, "key-features"], [88, "key-features"], [89, "key-features"], [90, "key-features"], [91, "key-features"], [92, "key-features"], [93, "key-features"], [94, "key-features"], [96, "key-features"], [97, "key-features"], [98, "key-features"], [99, "key-features"], [102, "key-features"], [103, "key-features"], [104, "key-features"], [106, "key-features"], [107, "key-features"], [108, "key-features"], [109, "key-features"], [110, "key-features"], [111, "key-features"], [113, "key-features"], [116, "key-features"], [117, "key-features"], [118, "key-features"], [122, "key-features"], [124, "key-features"], [125, "key-features"], [126, "key-features"], [129, "key-features"], [130, "key-features"], [131, "key-features"], [132, "key-features"], [133, "key-features"], [137, "key-features"], [140, "key-features"], [144, "key-features"], [146, "key-features"], [147, "key-features"], [148, "key-features"], [150, "key-features"], [151, "key-features"], [152, "key-features"], [153, "key-features"], [154, "key-features"], [155, "key-features"], [157, "key-features"], [190, "key-features"]], "Known Issues": [[38, "known-issues"], [49, "known-issues"]], "LDAP Search": [[160, null]], "Languages Supported:": [[147, "languages-supported"]], "License": [[178, "license"], [179, "license"], [180, "license"], [181, "license"], [182, "license"], [183, "license"], [184, "license"]], "Limitations": [[11, "limitations"], [183, "limitations"]], "Links": [[119, "links"], [120, "links"], [121, "links"]], "List of required permissions": [[133, "list-of-required-permissions"]], "Local Post-processing Script": [[97, "local-post-processing-script"]], "Log Capture": [[68, null]], "MISP": [[81, null]], "MISP Threat Searcher": [[173, null]], "MITRE ATT&CK": [[82, null]], "MSSP Configuration": [[103, "mssp-configuration"]], "MaaS360": [[69, null]], "MaaS360 Action - Get Software Installed": [[69, "maas360-action-get-software-installed"]], "MaaS360 Action - Locate Device": [[69, "maas360-action-locate-device"]], "MaaS360 Action - Lock Device": [[69, "maas360-action-lock-device"]], "MaaS360 Action - Wipe Device": [[69, "maas360-action-wipe-device"]], "MacOS": [[86, "macos"]], "Machine Learning": [[70, null]], "Mandiant Threat Intelligence": [[72, null]], "McAfee ATD": [[73, null]], "McAfee ESM": [[75, null]], "McAfee OpenDXL": [[76, null]], "McAfee TIE": [[77, null]], "McAfee TIE Threat Searcher": [[172, null]], "McAfee ePO": [[74, null]], "Message Destination": [[163, "message-destination"]], "Message Destination Setup": [[30, "message-destination-setup"]], "Message Destinations:": [[112, "message-destinations"]], "Message Signing and Encryption": [[88, "message-signing-and-encryption"]], "Message destination": [[30, "message-destination"]], "Method 1: Using CODE:": [[111, "method-1-using-code"]], "Method 2: Using REFRESH_TOKEN": [[111, "method-2-using-refresh-token"]], "Method 3: Using ACCESS_TOKEN": [[111, "method-3-using-access-token"]], "Microsoft Defender": [[78, null]], "Microsoft Exchange": [[41, null]], "Microsoft Exchange Online": [[42, null]], "Microsoft Outlook 365": [[157, "microsoft-outlook-365"]], "Microsoft Security Graph Integration for SOAR": [[79, null]], "Microsoft Sentinel": [[80, null]], "Microsoft Teams": [[133, null]], "Migrating to v1.0.2": [[45, "migrating-to-v1-0-2"], [114, "migrating-to-v1-0-2"]], "Modifications": [[182, "modifications"]], "Modify data type mapping": [[182, "modify-data-type-mapping"]], "Modify dialect encoding": [[182, "modify-dialect-encoding"]], "Modifying dialect reserved words": [[182, "modifying-dialect-reserved-words"]], "Multi-tenancy": [[64, "multi-tenancy"]], "NLP Search": [[71, null]], "NSRL Whitelist": [[38, "nsrl-whitelist"]], "Network Utilities": [[85, null]], "New and Recently Updated Apps": [[156, null]], "Note on Partial URL Support": [[95, "note-on-partial-url-support"]], "Note:  <!-- omit in toc -->": [[111, "note"]], "Notes": [[64, "notes"], [88, "notes"]], "Notes regarding v2.1.0": [[114, "notes-regarding-v2-1-0"]], "Notes:": [[182, "notes"]], "OAuth 2.0": [[111, "oauth-2-0"]], "OAuth 2.0 Authorization": [[88, "oauth-2-0-authorization"], [88, "id1"]], "OAuth Authentication": [[148, "oauth-authentication"]], "OAuth Utilities": [[157, null]], "ODBC Database Considerations": [[182, "odbc-database-considerations"]], "ODBC Query": [[87, null]], "ODBCFeed Class": [[182, "odbcfeed-class"]], "Older integration applications": [[158, null]], "Operation": [[190, "operation"], [191, "operation"]], "Other notes": [[142, "other-notes"]], "Outbound Email": [[88, null]], "Output :": [[62, "output"]], "Output:": [[33, "output"], [33, "id2"], [33, "id6"]], "Overview": [[3, "overview"], [7, "overview"], [8, "overview"], [10, "overview"], [11, "overview"], [12, "overview"], [13, "overview"], [15, "overview"], [16, "overview"], [17, "overview"], [18, "overview"], [19, "overview"], [20, "overview"], [21, "overview"], [22, "overview"], [24, "overview"], [25, "overview"], [28, "overview"], [29, "overview"], [31, "overview"], [32, "overview"], [35, "overview"], [36, "overview"], [39, "overview"], [41, "overview"], [42, "overview"], [43, "overview"], [46, "overview"], [47, "overview"], [49, "overview"], [51, "overview"], [52, "overview"], [53, "overview"], [55, "overview"], [58, "overview"], [59, "overview"], [60, "overview"], [61, "overview"], [63, "overview"], [64, "overview"], [65, "overview"], [66, "overview"], [67, "overview"], [68, "overview"], [69, "overview"], [72, "overview"], [74, "overview"], [75, "overview"], [76, "overview"], [77, "overview"], [78, "overview"], [79, "overview"], [80, "overview"], [81, "overview"], [82, "overview"], [84, "overview"], [85, "overview"], [86, "overview"], [87, "overview"], [88, "overview"], [89, "overview"], [90, "overview"], [91, "overview"], [92, "overview"], [93, "overview"], [94, "overview"], [95, "overview"], [96, "overview"], [97, "overview"], [98, "overview"], [99, "overview"], [100, "overview"], [101, "overview"], [102, "overview"], [103, "overview"], [104, "overview"], [106, "overview"], [107, "overview"], [108, "overview"], [109, "overview"], [110, "overview"], [111, "overview"], [113, "overview"], [114, "overview"], [115, "overview"], [116, "overview"], [117, "overview"], [118, "overview"], [119, "overview"], [120, "overview"], [122, "overview"], [123, "overview"], [124, "overview"], [125, "overview"], [126, "overview"], [127, "overview"], [128, "overview"], [129, "overview"], [130, "overview"], [131, "overview"], [132, "overview"], [133, "overview"], [134, "overview"], [136, "overview"], [137, "overview"], [140, "overview"], [141, "overview"], [143, "overview"], [144, "overview"], [145, "overview"], [146, "overview"], [147, "overview"], [148, "overview"], [150, "overview"], [151, "overview"], [152, "overview"], [153, "overview"], [154, "overview"], [155, "overview"], [157, "overview"], [161, "overview"], [167, "overview"], [173, "overview"]], "P12 Signing and Unencrypting Certificates": [[88, "p12-signing-and-unencrypting-certificates"]], "Package Configuration": [[157, "package-configuration"]], "Package Dependences": [[44, "package-dependences"], [185, "package-dependences"], [186, "package-dependences"], [187, "package-dependences"]], "Package Dependencies": [[70, "package-dependencies"], [71, "package-dependencies"], [188, "package-dependencies"]], "PagerDuty": [[90, null]], "PagerDuty App  1.1.0 Changes": [[90, "pagerduty-app-1-1-0-changes"]], "Palo Alto Panorama": [[89, null]], "Panorama API permissions": [[89, "panorama-api-permissions"]], "Parameters:": [[120, "parameters"], [120, "id1"], [120, "id3"], [120, "id5"], [120, "id6"], [120, "id8"]], "Parent/Child Relationships": [[109, null]], "Parse Utilities": [[91, null]], "PassiveTotal": [[92, null]], "PasteBin Creator": [[93, null]], "Permission": [[43, "permission"], [157, "permission"]], "Permissions": [[24, "permissions"], [42, "permissions"], [88, "permissions"], [116, "permissions"], [131, "permissions"], [137, "permissions"], [146, "permissions"], [152, "permissions"], [155, "permissions"]], "Persistence of Scheduled Playbooks/Rules": [[114, "persistence-of-scheduled-playbooks-rules"]], "Phish.AI": [[94, null]], "PhishTank Lookup": [[95, null]], "Pipl": [[96, null]], "Playbook": [[41, "playbook"], [129, "playbook"]], "Playbook Maker": [[97, null]], "Playbook Utils": [[98, null]], "Playbooks": [[8, "playbooks"], [11, "playbooks"], [15, "playbooks"], [18, "playbooks"], [19, "playbooks"], [21, "playbooks"], [24, "playbooks"], [25, "playbooks"], [35, "playbooks"], [36, "playbooks"], [42, "playbooks"], [43, "playbooks"], [46, "playbooks"], [64, "playbooks"], [65, "playbooks"], [66, "playbooks"], [67, "playbooks"], [72, "playbooks"], [74, "playbooks"], [78, "playbooks"], [80, "playbooks"], [81, "playbooks"], [85, "playbooks"], [89, "playbooks"], [90, "playbooks"], [91, "playbooks"], [98, "playbooks"], [99, "playbooks"], [99, "id1"], [103, "playbooks"], [104, "playbooks"], [106, "playbooks"], [107, "playbooks"], [108, "playbooks"], [111, "playbooks"], [113, "playbooks"], [116, "playbooks"], [117, "playbooks"], [119, "playbooks"], [125, "playbooks"], [126, "playbooks"], [130, "playbooks"], [131, "playbooks"], [133, "playbooks"], [137, "playbooks"], [144, "playbooks"], [146, "playbooks"], [152, "playbooks"], [153, "playbooks"], [167, "playbooks"], [168, "playbooks"], [190, "playbooks"]], "Playbooks API": [[114, "playbooks-api"]], "Playbooks and Rules": [[114, "playbooks-and-rules"]], "Poller - AWS GuardDuty: Escalate Findings": [[15, "poller-aws-guardduty-escalate-findings"]], "Poller - ExtraHop Escalate Detections": [[43, "poller-extrahop-escalate-detections"]], "Poller Considerations": [[35, "poller-considerations"], [64, "poller-considerations"], [106, "poller-considerations"], [107, "poller-considerations"], [108, "poller-considerations"], [113, "poller-considerations"], [130, "poller-considerations"], [146, "poller-considerations"], [152, "poller-considerations"]], "Poller Templates": [[90, "poller-templates"]], "Poller Templates for SOAR Cases": [[35, "poller-templates-for-soar-cases"], [64, "poller-templates-for-soar-cases"], [107, "poller-templates-for-soar-cases"], [113, "poller-templates-for-soar-cases"], [130, "poller-templates-for-soar-cases"], [146, "poller-templates-for-soar-cases"], [152, "poller-templates-for-soar-cases"]], "Polling Filter Examples": [[130, "polling-filter-examples"]], "Post-Process Script": [[9, "post-process-script"], [34, "post-process-script"], [138, "post-process-script"], [138, "id4"], [138, "id8"]], "Post-Process Script:": [[33, "post-process-script"], [33, "id4"], [33, "id8"], [37, "post-process-script"], [38, "post-process-script"], [50, "post-process-script"], [54, "post-process-script"], [57, "post-process-script"], [62, "post-process-script"], [139, "post-process-script"], [145, "post-process-script"], [149, "post-process-script"]], "Post-Processing Script": [[142, "post-processing-script"]], "PostgreSQL Database": [[183, "postgresql-database"]], "Pre-Defined ServiceNow Workflows": [[120, "pre-defined-servicenow-workflows"]], "Pre-Process Script": [[9, "pre-process-script"], [34, "pre-process-script"], [138, "pre-process-script"], [138, "id3"], [138, "id7"]], "Pre-Process Script:": [[33, "pre-process-script"], [33, "id3"], [33, "id7"], [37, "pre-process-script"], [38, "pre-process-script"], [50, "pre-process-script"], [54, "pre-process-script"], [62, "pre-process-script"], [139, "pre-process-script"], [145, "pre-process-script"], [149, "pre-process-script"]], "Pre-Process Scripts:": [[57, "pre-process-scripts"]], "Pre-Processing Script": [[142, "pre-processing-script"]], "Pre-Processing Scripts": [[48, "pre-processing-scripts"]], "Pre-Requisite Steps and Info:": [[38, "pre-requisite-steps-and-info"]], "Prerequisite": [[185, "prerequisite"], [187, "prerequisite"], [188, "prerequisite"]], "Prerequisites": [[7, "prerequisites"], [16, "prerequisites"], [18, "prerequisites"], [24, "prerequisites"], [35, "prerequisites"], [42, "prerequisites"], [43, "prerequisites"], [46, "prerequisites"], [49, "prerequisites"], [51, "prerequisites"], [56, "prerequisites"], [66, "prerequisites"], [88, "prerequisites"], [90, "prerequisites"], [92, "prerequisites"], [102, "prerequisites"], [106, "prerequisites"], [107, "prerequisites"], [116, "prerequisites"], [120, "prerequisites"], [121, "prerequisites"], [125, "prerequisites"], [130, "prerequisites"], [131, "prerequisites"], [137, "prerequisites"], [144, "prerequisites"], [146, "prerequisites"], [152, "prerequisites"], [155, "prerequisites"], [157, "prerequisites"], [172, "prerequisites"], [192, "prerequisites"]], "Prerequisites:": [[9, "prerequisites"], [11, "prerequisites"], [27, "prerequisites"], [34, "prerequisites"], [134, "prerequisites"], [138, "prerequisites"]], "Procedure": [[191, "procedure"]], "Proofpoint TAP": [[99, null]], "Proofpoint TRAP": [[100, null]], "Proxy Server": [[7, "proxy-server"], [8, "proxy-server"], [11, "proxy-server"], [13, "proxy-server"], [15, "proxy-server"], [16, "proxy-server"], [17, "proxy-server"], [18, "proxy-server"], [19, "proxy-server"], [20, "proxy-server"], [21, "proxy-server"], [22, "proxy-server"], [24, "proxy-server"], [25, "proxy-server"], [28, "proxy-server"], [31, "proxy-server"], [32, "proxy-server"], [35, "proxy-server"], [36, "proxy-server"], [39, "proxy-server"], [41, "proxy-server"], [42, "proxy-server"], [43, "proxy-server"], [46, "proxy-server"], [47, "proxy-server"], [49, "proxy-server"], [51, "proxy-server"], [53, "proxy-server"], [55, "proxy-server"], [59, "proxy-server"], [60, "proxy-server"], [63, "proxy-server"], [64, "proxy-server"], [65, "proxy-server"], [66, "proxy-server"], [67, "proxy-server"], [72, "proxy-server"], [74, "proxy-server"], [77, "proxy-server"], [78, "proxy-server"], [79, "proxy-server"], [80, "proxy-server"], [81, "proxy-server"], [82, "proxy-server"], [84, "proxy-server"], [85, "proxy-server"], [86, "proxy-server"], [87, "proxy-server"], [88, "proxy-server"], [89, "proxy-server"], [90, "proxy-server"], [91, "proxy-server"], [92, "proxy-server"], [93, "proxy-server"], [94, "proxy-server"], [96, "proxy-server"], [97, "proxy-server"], [98, "proxy-server"], [99, "proxy-server"], [102, "proxy-server"], [103, "proxy-server"], [104, "proxy-server"], [106, "proxy-server"], [107, "proxy-server"], [108, "proxy-server"], [110, "proxy-server"], [111, "proxy-server"], [113, "proxy-server"], [114, "proxy-server"], [116, "proxy-server"], [117, "proxy-server"], [122, "proxy-server"], [124, "proxy-server"], [125, "proxy-server"], [126, "proxy-server"], [127, "proxy-server"], [129, "proxy-server"], [130, "proxy-server"], [131, "proxy-server"], [133, "proxy-server"], [136, "proxy-server"], [137, "proxy-server"], [144, "proxy-server"], [146, "proxy-server"], [147, "proxy-server"], [148, "proxy-server"], [150, "proxy-server"], [152, "proxy-server"], [153, "proxy-server"], [154, "proxy-server"], [155, "proxy-server"], [167, "proxy-server"]], "Pulling Images": [[38, "pulling-images"]], "Pulsedive": [[101, null]], "Python Environment": [[7, "python-environment"], [8, "python-environment"], [11, "python-environment"], [13, "python-environment"], [15, "python-environment"], [16, "python-environment"], [17, "python-environment"], [18, "python-environment"], [19, "python-environment"], [20, "python-environment"], [21, "python-environment"], [24, "python-environment"], [25, "python-environment"], [28, "python-environment"], [32, "python-environment"], [35, "python-environment"], [36, "python-environment"], [39, "python-environment"], [41, "python-environment"], [42, "python-environment"], [43, "python-environment"], [46, "python-environment"], [47, "python-environment"], [49, "python-environment"], [51, "python-environment"], [53, "python-environment"], [55, "python-environment"], [58, "python-environment"], [59, "python-environment"], [60, "python-environment"], [64, "python-environment"], [65, "python-environment"], [66, "python-environment"], [67, "python-environment"], [72, "python-environment"], [74, "python-environment"], [78, "python-environment"], [79, "python-environment"], [80, "python-environment"], [81, "python-environment"], [82, "python-environment"], [84, "python-environment"], [85, "python-environment"], [86, "python-environment"], [87, "python-environment"], [88, "python-environment"], [89, "python-environment"], [90, "python-environment"], [91, "python-environment"], [92, "python-environment"], [96, "python-environment"], [97, "python-environment"], [98, "python-environment"], [99, "python-environment"], [102, "python-environment"], [103, "python-environment"], [104, "python-environment"], [106, "python-environment"], [107, "python-environment"], [108, "python-environment"], [109, "python-environment"], [110, "python-environment"], [111, "python-environment"], [113, "python-environment"], [114, "python-environment"], [116, "python-environment"], [117, "python-environment"], [122, "python-environment"], [124, "python-environment"], [125, "python-environment"], [126, "python-environment"], [127, "python-environment"], [129, "python-environment"], [130, "python-environment"], [131, "python-environment"], [133, "python-environment"], [136, "python-environment"], [137, "python-environment"], [144, "python-environment"], [146, "python-environment"], [147, "python-environment"], [148, "python-environment"], [150, "python-environment"], [152, "python-environment"], [153, "python-environment"], [154, "python-environment"], [155, "python-environment"], [157, "python-environment"], [167, "python-environment"]], "QRadar API Searches": [[103, "qradar-api-searches"]], "QRadar Advisor Functions": [[102, null]], "QRadar EDR": [[108, null]], "QRadar Enhanced Data Migration": [[103, null]], "QRadar Enhanced Data Refresh Manual Rule": [[103, "qradar-enhanced-data-refresh-manual-rule"]], "QRadar Integration": [[104, null]], "QRadar Requirements": [[103, "qradar-requirements"]], "QRadar SOAR Content Package for QRadar Advisor and MITRE ATT&CK<sup>TM</sup>": [[186, null]], "Query CSV Files From Resilient": [[163, null]], "Query-Runner Component": [[164, null]], "REBUILD_IMAGE_NAMES.txt": [[3, "rebuild-image-names-txt"]], "REQUEST FORMAT": [[111, "request-format"]], "REST API Functions for SOAR": [[111, null]], "RF Example: Get Host Risk": [[162, "rf-example-get-host-risk"]], "RF Example: Get IP Risk": [[162, "rf-example-get-ip-risk"]], "RF Example: Get User Risk": [[162, "rf-example-get-user-risk"]], "RF Example: Mitigate Persistent Insider Threats": [[162, "rf-example-mitigate-persistent-insider-threats"]], "RSA NetWitness": [[112, null]], "Randori": [[106, null]], "Randori Development Version": [[106, "randori-development-version"]], "Rapid7 InsightIDR": [[107, null]], "Rapid7 InsightIDR Development Version": [[107, "rapid7-insightidr-development-version"]], "Rebuild a saved model": [[70, "rebuild-a-saved-model"]], "Rebuild the NLP model": [[71, "rebuild-the-nlp-model"]], "Reference": [[192, "reference"]], "Register a new application using the Azure portal": [[133, "register-a-new-application-using-the-azure-portal"]], "Release History": [[112, "release-history"], [143, "release-history"], [151, "release-history"]], "Release Notes": [[7, "release-notes"], [8, "release-notes"], [10, "release-notes"], [11, "release-notes"], [12, "release-notes"], [13, "release-notes"], [15, "release-notes"], [16, "release-notes"], [17, "release-notes"], [18, "release-notes"], [19, "release-notes"], [20, "release-notes"], [21, "release-notes"], [22, "release-notes"], [24, "release-notes"], [25, "release-notes"], [27, "release-notes"], [28, "release-notes"], [29, "release-notes"], [31, "release-notes"], [32, "release-notes"], [35, "release-notes"], [36, "release-notes"], [39, "release-notes"], [41, "release-notes"], [42, "release-notes"], [43, "release-notes"], [46, "release-notes"], [47, "release-notes"], [49, "release-notes"], [51, "release-notes"], [52, "release-notes"], [53, "release-notes"], [55, "release-notes"], [58, "release-notes"], [59, "release-notes"], [60, "release-notes"], [61, "release-notes"], [63, "release-notes"], [64, "release-notes"], [65, "release-notes"], [66, "release-notes"], [67, "release-notes"], [68, "release-notes"], [69, "release-notes"], [72, "release-notes"], [74, "release-notes"], [75, "release-notes"], [76, "release-notes"], [77, "release-notes"], [78, "release-notes"], [79, "release-notes"], [80, "release-notes"], [81, "release-notes"], [82, "release-notes"], [84, "release-notes"], [85, "release-notes"], [86, "release-notes"], [87, "release-notes"], [88, "release-notes"], [89, "release-notes"], [90, "release-notes"], [91, "release-notes"], [92, "release-notes"], [93, "release-notes"], [94, "release-notes"], [95, "release-notes"], [96, "release-notes"], [97, "release-notes"], [98, "release-notes"], [99, "release-notes"], [100, "release-notes"], [101, "release-notes"], [102, "release-notes"], [103, "release-notes"], [104, "release-notes"], [106, "release-notes"], [107, "release-notes"], [108, "release-notes"], [109, "release-notes"], [110, "release-notes"], [111, "release-notes"], [112, "release-notes"], [113, "release-notes"], [114, "release-notes"], [115, "release-notes"], [116, "release-notes"], [117, "release-notes"], [118, "release-notes"], [122, "release-notes"], [123, "release-notes"], [124, "release-notes"], [125, "release-notes"], [126, "release-notes"], [127, "release-notes"], [128, "release-notes"], [129, "release-notes"], [130, "release-notes"], [131, "release-notes"], [133, "release-notes"], [134, "release-notes"], [136, "release-notes"], [137, "release-notes"], [140, "release-notes"], [141, "release-notes"], [143, "release-notes"], [144, "release-notes"], [145, "release-notes"], [146, "release-notes"], [147, "release-notes"], [148, "release-notes"], [150, "release-notes"], [151, "release-notes"], [151, "id1"], [152, "release-notes"], [153, "release-notes"], [154, "release-notes"], [155, "release-notes"], [157, "release-notes"], [161, "release-notes"], [167, "release-notes"], [173, "release-notes"], [179, "release-notes"], [182, "release-notes"], [184, "release-notes"]], "Remedy": [[110, null]], "Repository Mirror Scripts": [[1, null]], "Required Changes": [[4, "required-changes"]], "Required Settings": [[157, "required-settings"]], "Requirements": [[7, "requirements"], [8, "requirements"], [10, "requirements"], [11, "requirements"], [12, "requirements"], [13, "requirements"], [15, "requirements"], [16, "requirements"], [17, "requirements"], [18, "requirements"], [19, "requirements"], [20, "requirements"], [21, "requirements"], [22, "requirements"], [24, "requirements"], [25, "requirements"], [28, "requirements"], [29, "requirements"], [30, "requirements"], [31, "requirements"], [32, "requirements"], [35, "requirements"], [36, "requirements"], [39, "requirements"], [41, "requirements"], [42, "requirements"], [43, "requirements"], [46, "requirements"], [47, "requirements"], [49, "requirements"], [51, "requirements"], [52, "requirements"], [53, "requirements"], [55, "requirements"], [58, "requirements"], [59, "requirements"], [60, "requirements"], [61, "requirements"], [63, "requirements"], [64, "requirements"], [65, "requirements"], [66, "requirements"], [67, "requirements"], [68, "requirements"], [69, "requirements"], [72, "requirements"], [74, "requirements"], [75, "requirements"], [76, "requirements"], [77, "requirements"], [78, "requirements"], [79, "requirements"], [80, "requirements"], [81, "requirements"], [82, "requirements"], [84, "requirements"], [85, "requirements"], [86, "requirements"], [87, "requirements"], [88, "requirements"], [89, "requirements"], [90, "requirements"], [92, "requirements"], [93, "requirements"], [94, "requirements"], [95, "requirements"], [96, "requirements"], [97, "requirements"], [98, "requirements"], [99, "requirements"], [100, "requirements"], [101, "requirements"], [102, "requirements"], [103, "requirements"], [104, "requirements"], [106, "requirements"], [107, "requirements"], [108, "requirements"], [109, "requirements"], [110, "requirements"], [111, "requirements"], [113, "requirements"], [114, "requirements"], [115, "requirements"], [116, "requirements"], [117, "requirements"], [118, "requirements"], [122, "requirements"], [123, "requirements"], [124, "requirements"], [125, "requirements"], [126, "requirements"], [128, "requirements"], [129, "requirements"], [130, "requirements"], [131, "requirements"], [132, "requirements"], [133, "requirements"], [137, "requirements"], [140, "requirements"], [141, "requirements"], [143, "requirements"], [144, "requirements"], [145, "requirements"], [146, "requirements"], [147, "requirements"], [148, "requirements"], [150, "requirements"], [151, "requirements"], [152, "requirements"], [153, "requirements"], [154, "requirements"], [155, "requirements"], [157, "requirements"], [161, "requirements"], [167, "requirements"], [177, "requirements"], [183, "requirements"], [190, "requirements"]], "Requirements:": [[112, "requirements"]], "Resilient Action Status": [[10, "resilient-action-status"], [12, "resilient-action-status"], [29, "resilient-action-status"], [52, "resilient-action-status"], [61, "resilient-action-status"], [68, "resilient-action-status"], [95, "resilient-action-status"], [100, "resilient-action-status"], [101, "resilient-action-status"], [115, "resilient-action-status"], [123, "resilient-action-status"], [128, "resilient-action-status"], [132, "resilient-action-status"], [141, "resilient-action-status"], [161, "resilient-action-status"]], "Resilient Circuits configurations are maintained in the app.config file": [[192, "resilient-circuits-configurations-are-maintained-in-the-app-config-file"]], "Resilient Configuration": [[14, "resilient-configuration"], [83, "resilient-configuration"], [105, "resilient-configuration"]], "Resilient Configurations": [[56, "resilient-configurations"]], "Resilient Functions for CbProtection": [[23, "resilient-functions-for-cbprotection"]], "Resilient Logs": [[10, "resilient-logs"], [12, "resilient-logs"], [29, "resilient-logs"], [52, "resilient-logs"], [61, "resilient-logs"], [68, "resilient-logs"], [95, "resilient-logs"], [100, "resilient-logs"], [101, "resilient-logs"], [115, "resilient-logs"], [123, "resilient-logs"], [128, "resilient-logs"], [132, "resilient-logs"], [141, "resilient-logs"], [161, "resilient-logs"]], "Resilient Scripting Log": [[10, "resilient-scripting-log"], [12, "resilient-scripting-log"], [29, "resilient-scripting-log"], [52, "resilient-scripting-log"], [61, "resilient-scripting-log"], [68, "resilient-scripting-log"], [95, "resilient-scripting-log"], [100, "resilient-scripting-log"], [101, "resilient-scripting-log"], [115, "resilient-scripting-log"], [123, "resilient-scripting-log"], [128, "resilient-scripting-log"], [132, "resilient-scripting-log"], [141, "resilient-scripting-log"], [161, "resilient-scripting-log"]], "Resilient platform": [[17, "resilient-platform"], [28, "resilient-platform"], [31, "resilient-platform"], [47, "resilient-platform"], [53, "resilient-platform"], [55, "resilient-platform"], [58, "resilient-platform"], [63, "resilient-platform"], [77, "resilient-platform"], [78, "resilient-platform"], [84, "resilient-platform"], [93, "resilient-platform"], [94, "resilient-platform"], [147, "resilient-platform"]], "Resilient server setup": [[163, "resilient-server-setup"]], "Resilient-Circuits": [[10, "resilient-circuits"], [12, "resilient-circuits"], [16, "resilient-circuits"], [29, "resilient-circuits"], [52, "resilient-circuits"], [61, "resilient-circuits"], [68, "resilient-circuits"], [95, "resilient-circuits"], [100, "resilient-circuits"], [101, "resilient-circuits"], [115, "resilient-circuits"], [123, "resilient-circuits"], [128, "resilient-circuits"], [132, "resilient-circuits"], [141, "resilient-circuits"], [143, "resilient-circuits"], [161, "resilient-circuits"]], "ResilientFeed Class": [[183, "resilientfeed-class"]], "ResilientHelper API": [[120, "resilienthelper-api"]], "Result": [[189, "result"], [191, "result"]], "Results": [[159, "results"]], "Retry Mechanism": [[111, "retry-mechanism"]], "Return:": [[120, "return"], [120, "id2"], [120, "id4"]], "Returns:": [[120, "returns"], [120, "id7"], [120, "id9"]], "Revision History": [[30, "revision-history"], [169, "revision-history"]], "Risk Fabric": [[162, null]], "Risk Fabric Example Workflows": [[162, "risk-fabric-example-workflows"]], "RiskIQ PassiveTotal": [[174, null]], "Rules": [[7, "rules"], [9, "rules"], [10, "rules"], [13, "rules"], [16, "rules"], [17, "rules"], [20, "rules"], [22, "rules"], [24, "rules"], [28, "rules"], [31, "rules"], [32, "rules"], [33, "rules"], [34, "rules"], [37, "rules"], [39, "rules"], [47, "rules"], [48, "rules"], [49, "rules"], [50, "rules"], [51, "rules"], [53, "rules"], [54, "rules"], [55, "rules"], [56, "rules"], [57, "rules"], [58, "rules"], [59, "rules"], [60, "rules"], [62, "rules"], [63, "rules"], [69, "rules"], [76, "rules"], [77, "rules"], [79, "rules"], [82, "rules"], [84, "rules"], [86, "rules"], [87, "rules"], [88, "rules"], [92, "rules"], [93, "rules"], [94, "rules"], [96, "rules"], [97, "rules"], [102, "rules"], [109, "rules"], [110, "rules"], [122, "rules"], [124, "rules"], [127, "rules"], [131, "rules"], [134, "rules"], [136, "rules"], [137, "rules"], [138, "rules"], [139, "rules"], [140, "rules"], [145, "rules"], [147, "rules"], [149, "rules"], [150, "rules"], [151, "rules"], [154, "rules"], [155, "rules"], [163, "rules"]], "Rules and Workflows": [[134, "rules-and-workflows"]], "Rules and workflows have been provided:": [[23, "rules-and-workflows-have-been-provided"]], "Rules:": [[38, "rules"], [112, "rules"]], "Run Application": [[56, "run-application"]], "Running Powershell Scripts Remotely:": [[85, "running-powershell-scripts-remotely"]], "SNOW Helper: Update Data Table": [[119, "snow-helper-update-data-table"]], "SNOW: Add Attachment to Record": [[119, "snow-add-attachment-to-record"]], "SNOW: Add Note to Record": [[119, "snow-add-note-to-record"]], "SNOW: Close Record": [[119, "snow-close-record"]], "SNOW: Create Record": [[119, "snow-create-record"]], "SNOW: Lookup sys_id": [[119, "snow-lookup-sys-id"]], "SNOW: Update Record": [[119, "snow-update-record"]], "SOAR Action Status": [[16, "soar-action-status"], [143, "soar-action-status"]], "SOAR Content Package for Have I Been Pwned": [[185, null]], "SOAR Content Package for URLScan.io": [[187, null]], "SOAR Content Package for VirusTotal v1.1": [[188, null]], "SOAR Customization Guide": [[119, null]], "SOAR Logs": [[16, "soar-logs"], [143, "soar-logs"]], "SOAR Scripting Log": [[16, "soar-scripting-log"], [143, "soar-scripting-log"]], "SOAR Utilities": [[127, null]], "SOAR Wiki": [[151, null]], "SOAR functions taken from fn_utilities to simplify development of integrations by wrapping each external activity into an individual workflow/playbook component. The SOAR Platform sends data from artifacts, attachments, incident data, etc. to the function component and returns results to the workflow/playbook. The results can be acted upon by scripts, rules, and workflow/playbook decision points to dynamically orchestrate the security incident response activities.": [[127, "soar-functions-taken-from-fn-utilities-to-simplify-development-of-integrations-by-wrapping-each-external-activity-into-an-individual-workflow-playbook-component-the-soar-platform-sends-data-from-artifacts-attachments-incident-data-etc-to-the-function-component-and-returns-results-to-the-workflow-playbook-the-results-can-be-acted-upon-by-scripts-rules-and-workflow-playbook-decision-points-to-dynamically-orchestrate-the-security-incident-response-activities"]], "SOAR platform": [[7, "soar-platform"], [8, "soar-platform"], [11, "soar-platform"], [13, "soar-platform"], [15, "soar-platform"], [16, "soar-platform"], [18, "soar-platform"], [19, "soar-platform"], [20, "soar-platform"], [21, "soar-platform"], [22, "soar-platform"], [24, "soar-platform"], [25, "soar-platform"], [32, "soar-platform"], [35, "soar-platform"], [36, "soar-platform"], [39, "soar-platform"], [41, "soar-platform"], [42, "soar-platform"], [43, "soar-platform"], [46, "soar-platform"], [49, "soar-platform"], [51, "soar-platform"], [59, "soar-platform"], [64, "soar-platform"], [65, "soar-platform"], [66, "soar-platform"], [67, "soar-platform"], [72, "soar-platform"], [74, "soar-platform"], [79, "soar-platform"], [80, "soar-platform"], [81, "soar-platform"], [82, "soar-platform"], [85, "soar-platform"], [86, "soar-platform"], [87, "soar-platform"], [88, "soar-platform"], [89, "soar-platform"], [90, "soar-platform"], [91, "soar-platform"], [92, "soar-platform"], [96, "soar-platform"], [97, "soar-platform"], [99, "soar-platform"], [102, "soar-platform"], [103, "soar-platform"], [104, "soar-platform"], [106, "soar-platform"], [107, "soar-platform"], [108, "soar-platform"], [109, "soar-platform"], [110, "soar-platform"], [111, "soar-platform"], [113, "soar-platform"], [114, "soar-platform"], [116, "soar-platform"], [117, "soar-platform"], [122, "soar-platform"], [124, "soar-platform"], [125, "soar-platform"], [126, "soar-platform"], [127, "soar-platform"], [129, "soar-platform"], [130, "soar-platform"], [131, "soar-platform"], [133, "soar-platform"], [136, "soar-platform"], [137, "soar-platform"], [144, "soar-platform"], [146, "soar-platform"], [148, "soar-platform"], [150, "soar-platform"], [152, "soar-platform"], [153, "soar-platform"], [154, "soar-platform"], [155, "soar-platform"], [167, "soar-platform"]], "SOAR to ICD": [[161, null]], "SQLServer": [[87, "sqlserver"]], "SQLite Database": [[183, "sqlite-database"]], "SQLiteFeed Class": [[182, "sqlitefeed-class"]], "SSH Connection Setup": [[38, "ssh-connection-setup"]], "Salesforce": [[113, null]], "Salesforce Case Record Types": [[113, "salesforce-case-record-types"]], "Salesforce Case Type Picklist": [[113, "salesforce-case-type-picklist"]], "Salesforce Configuration": [[113, "salesforce-configuration"]], "Salesforce Development Version": [[113, "salesforce-development-version"]], "Sample Function layout:": [[9, "sample-function-layout"]], "Sample Output Displayed on Incident Notes Section": [[9, "sample-output-displayed-on-incident-notes-section"]], "Sample Post-Process Script": [[9, "sample-post-process-script"]], "Sample Pre-Process Script": [[9, "sample-pre-process-script"]], "Sample results": [[159, "sample-results"]], "Sample workflows have been provided:": [[27, "sample-workflows-have-been-provided"]], "Scheduler": [[114, null]], "Script - Axonius: Populate Devices Data Table": [[18, "script-axonius-populate-devices-data-table"]], "Script - Cisco ASA: Write Artifact to Network Object data table": [[25, "script-cisco-asa-write-artifact-to-network-object-data-table"]], "Script - Convert JSON information to HITS": [[167, "script-convert-json-information-to-hits"]], "Script - Convert JSON to rich text v1.1": [[131, "script-convert-json-to-rich-text-v1-1"]], "Script - Convert JSON to rich text v1.3": [[13, "script-convert-json-to-rich-text-v1-3"], [18, "script-convert-json-to-rich-text-v1-3"], [25, "script-convert-json-to-rich-text-v1-3"], [46, "script-convert-json-to-rich-text-v1-3"], [91, "script-convert-json-to-rich-text-v1-3"], [116, "script-convert-json-to-rich-text-v1-3"], [130, "script-convert-json-to-rich-text-v1-3"], [146, "script-convert-json-to-rich-text-v1-3"], [168, "script-convert-json-to-rich-text-v1-3"]], "Script - Convert json to rich text": [[79, "script-convert-json-to-rich-text"]], "Script - Create Artifact for QRadar Advisor Analysis Observable": [[102, "script-create-artifact-for-qradar-advisor-analysis-observable"]], "Script - Create Artifact for Watson Search with Local Context": [[102, "script-create-artifact-for-watson-search-with-local-context"]], "Script - Create Artifact from Indicator": [[78, "script-create-artifact-from-indicator"]], "Script - Create Artifact from Pipl Data": [[96, "script-create-artifact-from-pipl-data"]], "Script - Example: Create Artifact for App ID": [[69, "script-example-create-artifact-for-app-id"]], "Script - Example: Create Artifact for Device ID": [[69, "script-example-create-artifact-for-device-id"]], "Script - Example: Proofpoint TAP - Create Artifact for Campaign Object Name or Threat": [[99, "script-example-proofpoint-tap-create-artifact-for-campaign-object-name-or-threat"]], "Script - Exchange Online Create Artifacts from Message": [[42, "script-exchange-online-create-artifacts-from-message"]], "Script - ExtraHop script: add artifact from device": [[43, "script-extrahop-script-add-artifact-from-device"]], "Script - ExtraHop script: detection property helper": [[43, "script-extrahop-script-detection-property-helper"]], "Script - No search results": [[67, "script-no-search-results"]], "Script - PB: Display playbook data": [[98, "script-pb-display-playbook-data"]], "Script - PB: Display workflow data": [[98, "script-pb-display-workflow-data"]], "Script - Parse Darktrace Details to Incident Properties": [[35, "script-parse-darktrace-details-to-incident-properties"]], "Script - Parse Darktrace Device Details to Artifacts": [[35, "script-parse-darktrace-device-details-to-artifacts"]], "Script - Parse Darktrace Device Details to Data Table": [[35, "script-parse-darktrace-device-details-to-data-table"]], "Script - Parse Darktrace Incident Events Details to Data Table": [[35, "script-parse-darktrace-incident-events-details-to-data-table"]], "Script - Parse Darktrace Model Breaches Details to Data Table": [[35, "script-parse-darktrace-model-breaches-details-to-data-table"]], "Script - Save Outbound Email Results": [[88, "script-save-outbound-email-results"]], "Script - Set Incident Last Updated Time": [[103, "script-set-incident-last-updated-time"]], "Script - Sumo Logic: Add Artifacts from Insight": [[130, "script-sumo-logic-add-artifacts-from-insight"]], "Script - Sumo Logic: Populate Signals Data Table": [[130, "script-sumo-logic-populate-signals-data-table"]], "Script - Trusteer PPD: Create Artifacts": [[137, "script-trusteer-ppd-create-artifacts"]], "Script - Trusteer PPD: Create Case from Email v1.0.0": [[137, "script-trusteer-ppd-create-case-from-email-v1-0-0"]], "Script - VMware CBC: Populate CBC Device Row from Alert": [[146, "script-vmware-cbc-populate-cbc-device-row-from-alert"]], "Script - VMware CBC: Populate CBC Device Row from Device": [[146, "script-vmware-cbc-populate-cbc-device-row-from-device"]], "Script - VMware CBC: Populate Observations Data Table": [[146, "script-vmware-cbc-populate-observations-data-table"]], "Script - scr_amp_add_artifact_from_activity": [[24, "script-scr-amp-add-artifact-from-activity"]], "Script - scr_amp_add_artifact_from_event": [[24, "script-scr-amp-add-artifact-from-event"]], "Script - scr_amp_add_artifact_from_trajectory": [[24, "script-scr-amp-add-artifact-from-trajectory"]], "Script - scr_sep_add_artifact_from_scan_results": [[117, "script-scr-sep-add-artifact-from-scan-results"]], "Script - scr_sep_parse_email_notification": [[117, "script-scr-sep-parse-email-notification"]], "Secureworks CTP": [[115, null]], "Secureworks CTP Layout Tab": [[115, "secureworks-ctp-layout-tab"]], "See section App Configuration for the new app.config setting: alert_filters. This setting must be manually added to your app.config file in order to use it with the poller to filter incident creation.": [[78, "see-section-app-configuration-for-the-new-app-config-setting-alert-filters-this-setting-must-be-manually-added-to-your-app-config-file-in-order-to-use-it-with-the-poller-to-filter-incident-creation"]], "Select an execution user for Client Credential Flow": [[113, "select-an-execution-user-for-client-credential-flow"]], "Sending SOAR artifacts to SNOW": [[119, "sending-soar-artifacts-to-snow"]], "Sensitive information using App Secrets": [[111, "sensitive-information-using-app-secrets"]], "Sentinel Configuration": [[80, "sentinel-configuration"]], "SentinelOne": [[116, null]], "ServiceNow": [[118, null]], "ServiceNow Customization Guide": [[120, null]], "ServiceNow Installation Guide": [[121, null]], "ServiceNow Records": [[119, "servicenow-records"]], "Setting timer_epoch programmatically": [[136, "setting-timer-epoch-programmatically"]], "Setting up API Permissions (Both Permissions)": [[133, "setting-up-api-permissions-both-permissions"]], "Setting up Delegated permissions (Delegated permissions)": [[133, "setting-up-delegated-permissions-delegated-permissions"]], "Setting up Incoming Webhooks (Both Permissions)": [[133, "setting-up-incoming-webhooks-both-permissions"]], "Setup": [[0, null], [36, "setup"], [44, "setup"], [70, "setup"], [71, "setup"], [169, "setup"], [177, "setup"]], "Setup Steps": [[183, "setup-steps"]], "ShadowServer Threat Service": [[175, null]], "Shadowserver": [[122, null]], "Shell-Runner": [[165, null]], "Shodan": [[123, null]], "Siemplify": [[124, null]], "Similar to alert search \u201ccriteria\u201d, a search alert \u201cexclusions\u201d filter can be specified for each polling_filter_criteria_(1,2,3).": [[146, "similar-to-alert-search-criteria-a-search-alert-exclusions-filter-can-be-specified-for-each-polling-filter-criteria-1-2-3"]], "Slack": [[125, null]], "Snapshot URL": [[126, null]], "Spamhaus Lookup": [[128, null]], "Splunk": [[129, null]], "Splunk Configuration": [[184, "splunk-configuration"]], "SplunkHECFeed Class": [[184, "splunkhecfeed-class"]], "Start": [[44, "start"], [70, "start"], [71, "start"]], "Step 10: Create new Custom Rule that runs our Workflow": [[192, "step-10-create-new-custom-rule-that-runs-our-workflow"]], "Step 11: Run our Custom Workflow": [[192, "step-11-run-our-custom-workflow"]], "Step 12: Start Docker": [[192, "step-12-start-docker"]], "Step 13: Ensure OpenLDAP is Configured and Running": [[192, "step-13-ensure-openldap-is-configured-and-running"]], "Step 14: Install the LDAP Utilities Function": [[192, "step-14-install-the-ldap-utilities-function"]], "Step 15: Configure LDAP Utilities": [[192, "step-15-configure-ldap-utilities"]], "Step 16: Run LDAP Search Function": [[192, "step-16-run-ldap-search-function"]], "Step 17: View LDAP Search Results in Resilient UI": [[192, "step-17-view-ldap-search-results-in-resilient-ui"]], "Step 18: Install & Configure the CMDB Function": [[192, "step-18-install-configure-the-cmdb-function"]], "Step 19: Setup GRR": [[192, "step-19-setup-grr"]], "Step 1: Check which Python Version is installed": [[192, "step-1-check-which-python-version-is-installed"]], "Step 1: Install ServiceNow IBM SOAR App": [[121, "step-1-install-servicenow-ibm-soar-app"]], "Step 1: Use Correct Application Scope": [[120, "step-1-use-correct-application-scope"]], "Step 20: Add GRR Message Destination in Resilient UI": [[192, "step-20-add-grr-message-destination-in-resilient-ui"]], "Step 20: Add New GRR Function in Resilient UI": [[192, "step-20-add-new-grr-function-in-resilient-ui"]], "Step 21: Add New GRR Workflow in Resilient UI": [[192, "step-21-add-new-grr-workflow-in-resilient-ui"]], "Step 22: Add New GRR Rule in Resilient UI": [[192, "step-22-add-new-grr-rule-in-resilient-ui"]], "Step 23: Add Python Code for GRR Function": [[192, "step-23-add-python-code-for-grr-function"]], "Step 24: Develop GRR Script": [[192, "step-24-develop-grr-script"]], "Step 25: Convert the Test Script into a Resilient Function": [[192, "step-25-convert-the-test-script-into-a-resilient-function"]], "Step 26: Run our new Custom Workflow": [[192, "step-26-run-our-new-custom-workflow"]], "Step 27: Store Credentials in app.config file": [[192, "step-27-store-credentials-in-app-config-file"]], "Step 28: Package your Message Destination, Function, Workflow and Rule": [[192, "step-28-package-your-message-destination-function-workflow-and-rule"]], "Step 2: Create a Copy of Existing RES Workflow": [[120, "step-2-create-a-copy-of-existing-res-workflow"]], "Step 2: Create a User in ServiceNow and assign it the correct Role": [[121, "step-2-create-a-user-in-servicenow-and-assign-it-the-correct-role"]], "Step 2: Make sure Resilient License is Valid": [[192, "step-2-make-sure-resilient-license-is-valid"]], "Step 3: Create an API Key on the SOAR Platform": [[121, "step-3-create-an-api-key-on-the-soar-platform"]], "Step 3: Install Resilient Circuits": [[192, "step-3-install-resilient-circuits"]], "Step 3: Modify the Run Script": [[120, "step-3-modify-the-run-script"]], "Step 4: Configure Resilient Circuits": [[192, "step-4-configure-resilient-circuits"]], "Step 4: Enter IBM SOAR Configurations": [[121, "step-4-enter-ibm-soar-configurations"]], "Step 5: Create User Accounts": [[192, "step-5-create-user-accounts"]], "Step 5: Download & Install fn_service_now App": [[121, "step-5-download-install-fn-service-now-app"]], "Step 6: Install and Configure ServiceNow MID Server (if needed)": [[121, "step-6-install-and-configure-servicenow-mid-server-if-needed"]], "Step 6: Run Resilient Circuits": [[192, "step-6-run-resilient-circuits"]], "Step 7: Give your ServiceNow users the correct Role": [[121, "step-7-give-your-servicenow-users-the-correct-role"]], "Step 7: Install FN Utilities": [[192, "step-7-install-fn-utilities"]], "Step 8: Security Incident Response (SIR) Configurations": [[121, "step-8-security-incident-response-sir-configurations"]], "Step 8: Testing FN Utilities": [[192, "step-8-testing-fn-utilities"]], "Step 9: Create new Custom Workflow that uses our Shell Command Function": [[192, "step-9-create-new-custom-workflow-that-uses-our-shell-command-function"]], "Step 9: Test": [[121, "step-9-test"]], "Steps": [[168, "steps"], [189, "steps"]], "Steps to rebuild apps using the app refreshment utility scripts": [[3, "steps-to-rebuild-apps-using-the-app-refreshment-utility-scripts"]], "Sumo Logic Cloud SIEM": [[130, null]], "Sumo Logic Development Version": [[130, "sumo-logic-development-version"]], "Support": [[10, "support"], [12, "support"], [29, "support"], [52, "support"], [61, "support"], [68, "support"], [95, "support"], [100, "support"], [101, "support"], [115, "support"], [123, "support"], [128, "support"], [132, "support"], [141, "support"], [143, "support"], [161, "support"]], "Support for External Reputations": [[77, "support-for-external-reputations"]], "Supported Artifacts": [[72, "supported-artifacts"]], "Supported Resilient Functions for Cisco Umbrella Investigate": [[27, "supported-resilient-functions-for-cisco-umbrella-investigate"]], "Supported Scheduled Rules/Playbooks": [[114, "supported-scheduled-rules-playbooks"]], "Supported artifact types": [[173, "supported-artifact-types"]], "Supporting Outlook .msg files": [[91, "supporting-outlook-msg-files"], [91, "id1"]], "Symantec DLP": [[131, null]], "Symantec Endpoint Protection": [[117, null]], "Symantec ICDx": [[59, null]], "Sync to SOAR automatically on group assignment (SIR only)": [[121, "sync-to-soar-automatically-on-group-assignment-sir-only"]], "Synchronization Methods": [[183, "synchronization-methods"]], "System Requirements": [[70, "system-requirements"], [71, "system-requirements"]], "TOR": [[105, null]], "Table of Contents": [[1, "table-of-contents"], [7, "table-of-contents"], [8, "table-of-contents"], [9, "table-of-contents"], [10, "table-of-contents"], [11, "table-of-contents"], [13, "table-of-contents"], [15, "table-of-contents"], [16, "table-of-contents"], [17, "table-of-contents"], [18, "table-of-contents"], [19, "table-of-contents"], [20, "table-of-contents"], [21, "table-of-contents"], [24, "table-of-contents"], [25, "table-of-contents"], [28, "table-of-contents"], [30, "table-of-contents"], [31, "table-of-contents"], [32, "table-of-contents"], [33, "table-of-contents"], [34, "table-of-contents"], [36, "table-of-contents"], [37, "table-of-contents"], [38, "table-of-contents"], [39, "table-of-contents"], [41, "table-of-contents"], [42, "table-of-contents"], [43, "table-of-contents"], [46, "table-of-contents"], [51, "table-of-contents"], [55, "table-of-contents"], [58, "table-of-contents"], [59, "table-of-contents"], [60, "table-of-contents"], [63, "table-of-contents"], [64, "table-of-contents"], [65, "table-of-contents"], [66, "table-of-contents"], [67, "table-of-contents"], [69, "table-of-contents"], [74, "table-of-contents"], [76, "table-of-contents"], [77, "table-of-contents"], [78, "table-of-contents"], [79, "table-of-contents"], [80, "table-of-contents"], [81, "table-of-contents"], [82, "table-of-contents"], [84, "table-of-contents"], [85, "table-of-contents"], [86, "table-of-contents"], [87, "table-of-contents"], [88, "table-of-contents"], [89, "table-of-contents"], [90, "table-of-contents"], [91, "table-of-contents"], [92, "table-of-contents"], [93, "table-of-contents"], [94, "table-of-contents"], [96, "table-of-contents"], [97, "table-of-contents"], [98, "table-of-contents"], [99, "table-of-contents"], [102, "table-of-contents"], [103, "table-of-contents"], [104, "table-of-contents"], [107, "table-of-contents"], [108, "table-of-contents"], [109, "table-of-contents"], [110, "table-of-contents"], [111, "table-of-contents"], [113, "table-of-contents"], [114, "table-of-contents"], [116, "table-of-contents"], [117, "table-of-contents"], [122, "table-of-contents"], [124, "table-of-contents"], [125, "table-of-contents"], [126, "table-of-contents"], [127, "table-of-contents"], [129, "table-of-contents"], [130, "table-of-contents"], [131, "table-of-contents"], [133, "table-of-contents"], [136, "table-of-contents"], [137, "table-of-contents"], [138, "table-of-contents"], [140, "table-of-contents"], [144, "table-of-contents"], [145, "table-of-contents"], [146, "table-of-contents"], [147, "table-of-contents"], [148, "table-of-contents"], [149, "table-of-contents"], [150, "table-of-contents"], [151, "table-of-contents"], [152, "table-of-contents"], [153, "table-of-contents"], [154, "table-of-contents"], [155, "table-of-contents"], [157, "table-of-contents"]], "Table of Contents -": [[56, "table-of-contents"]], "Table of Contents <!-- omit in toc -->": [[22, "table-of-contents"], [35, "table-of-contents"], [47, "table-of-contents"], [49, "table-of-contents"], [53, "table-of-contents"], [72, "table-of-contents"], [106, "table-of-contents"]], "Target Filtering": [[106, "target-filtering"]], "Task Links": [[88, "task-links"]], "Task Process": [[190, "task-process"]], "Task Utilities": [[132, null]], "Technical Workshop Guide: resilient-circuits": [[192, null]], "Template Appendix": [[78, "template-appendix"], [131, "template-appendix"]], "Template files": [[78, "template-files"]], "Templates": [[66, "templates"]], "Templates for SOAR Cases": [[43, "templates-for-soar-cases"], [49, "templates-for-soar-cases"], [106, "templates-for-soar-cases"], [107, "templates-for-soar-cases"], [113, "templates-for-soar-cases"], [146, "templates-for-soar-cases"]], "Tests": [[163, "tests"]], "The Case/incident Owner": [[137, "the-case-incident-owner"]], "The incident owner": [[191, "the-incident-owner"]], "The integration contains the following functions:\nscreenshot: functions\nscreenshot: functions_2": [[16, "the-integration-contains-the-following-functions"]], "The resulting .tar.gz file can be installed using:": [[135, "the-resulting-tar-gz-file-can-be-installed-using"]], "This is useful for developing and testing your Workflows in one org/instance, then transferring it to another/production instance": [[192, "this-is-useful-for-developing-and-testing-your-workflows-in-one-org-instance-then-transferring-it-to-another-production-instance"]], "ThreatMiner": [[134, null]], "Thug": [[135, null]], "Timeouts": [[101, "timeouts"]], "Timer Function": [[136, null]], "Timezones": [[41, "timezones"]], "To install in development mode:": [[40, "to-install-in-development-mode"], [135, "to-install-in-development-mode"]], "To package for distribution:": [[40, "to-package-for-distribution"], [135, "to-package-for-distribution"]], "To uninstall:": [[40, "to-uninstall"], [135, "to-uninstall"]], "Troubleshooting": [[10, "troubleshooting"], [12, "troubleshooting"], [29, "troubleshooting"], [52, "troubleshooting"], [61, "troubleshooting"], [68, "troubleshooting"], [71, "troubleshooting"], [95, "troubleshooting"], [100, "troubleshooting"], [101, "troubleshooting"], [115, "troubleshooting"], [123, "troubleshooting"], [128, "troubleshooting"], [132, "troubleshooting"], [141, "troubleshooting"], [143, "troubleshooting"], [161, "troubleshooting"], [168, "troubleshooting"], [190, "troubleshooting"]], "Troubleshooting & Support": [[7, "troubleshooting-support"], [8, "troubleshooting-support"], [11, "troubleshooting-support"], [13, "troubleshooting-support"], [15, "troubleshooting-support"], [16, "troubleshooting-support"], [17, "troubleshooting-support"], [18, "troubleshooting-support"], [19, "troubleshooting-support"], [20, "troubleshooting-support"], [21, "troubleshooting-support"], [22, "troubleshooting-support"], [24, "troubleshooting-support"], [25, "troubleshooting-support"], [28, "troubleshooting-support"], [31, "troubleshooting-support"], [32, "troubleshooting-support"], [36, "troubleshooting-support"], [39, "troubleshooting-support"], [41, "troubleshooting-support"], [42, "troubleshooting-support"], [43, "troubleshooting-support"], [46, "troubleshooting-support"], [47, "troubleshooting-support"], [49, "troubleshooting-support"], [51, "troubleshooting-support"], [53, "troubleshooting-support"], [55, "troubleshooting-support"], [58, "troubleshooting-support"], [59, "troubleshooting-support"], [60, "troubleshooting-support"], [63, "troubleshooting-support"], [64, "troubleshooting-support"], [65, "troubleshooting-support"], [66, "troubleshooting-support"], [67, "troubleshooting-support"], [69, "troubleshooting-support"], [72, "troubleshooting-support"], [74, "troubleshooting-support"], [75, "troubleshooting-support"], [76, "troubleshooting-support"], [77, "troubleshooting-support"], [78, "troubleshooting-support"], [79, "troubleshooting-support"], [80, "troubleshooting-support"], [81, "troubleshooting-support"], [82, "troubleshooting-support"], [84, "troubleshooting-support"], [85, "troubleshooting-support"], [86, "troubleshooting-support"], [87, "troubleshooting-support"], [88, "troubleshooting-support"], [89, "troubleshooting-support"], [90, "troubleshooting-support"], [91, "troubleshooting-support"], [92, "troubleshooting-support"], [93, "troubleshooting-support"], [94, "troubleshooting-support"], [96, "troubleshooting-support"], [97, "troubleshooting-support"], [98, "troubleshooting-support"], [99, "troubleshooting-support"], [102, "troubleshooting-support"], [103, "troubleshooting-support"], [104, "troubleshooting-support"], [106, "troubleshooting-support"], [107, "troubleshooting-support"], [108, "troubleshooting-support"], [109, "troubleshooting-support"], [110, "troubleshooting-support"], [111, "troubleshooting-support"], [113, "troubleshooting-support"], [114, "troubleshooting-support"], [116, "troubleshooting-support"], [117, "troubleshooting-support"], [122, "troubleshooting-support"], [124, "troubleshooting-support"], [125, "troubleshooting-support"], [126, "troubleshooting-support"], [127, "troubleshooting-support"], [129, "troubleshooting-support"], [130, "troubleshooting-support"], [131, "troubleshooting-support"], [133, "troubleshooting-support"], [136, "troubleshooting-support"], [137, "troubleshooting-support"], [140, "troubleshooting-support"], [144, "troubleshooting-support"], [146, "troubleshooting-support"], [147, "troubleshooting-support"], [148, "troubleshooting-support"], [150, "troubleshooting-support"], [151, "troubleshooting-support"], [152, "troubleshooting-support"], [153, "troubleshooting-support"], [154, "troubleshooting-support"], [155, "troubleshooting-support"], [157, "troubleshooting-support"]], "Troubleshooting SQLite DB": [[183, "troubleshooting-sqlite-db"]], "Troubleshooting Tips": [[183, "troubleshooting-tips"]], "Trusteer Pinpoint Detect": [[137, null]], "Twilio SMS": [[138, null]], "Twilio: Get Responses": [[138, "twilio-get-responses"]], "Twitter Search API": [[139, null]], "URL domain allowlists": [[191, "url-domain-allowlists"]], "URL to DNS": [[140, null]], "URLScan IO Threat Searcher": [[176, null]], "URLScan.io": [[142, null]], "URLhaus": [[141, null]], "Ubuntu and Debian": [[86, "ubuntu-and-debian"]], "Uninstall": [[10, "uninstall"], [12, "uninstall"], [29, "uninstall"], [44, "uninstall"], [45, "uninstall"], [52, "uninstall"], [61, "uninstall"], [68, "uninstall"], [70, "uninstall"], [71, "uninstall"], [75, "uninstall"], [95, "uninstall"], [100, "uninstall"], [101, "uninstall"], [115, "uninstall"], [123, "uninstall"], [128, "uninstall"], [132, "uninstall"], [143, "uninstall"], [161, "uninstall"], [173, "uninstall"], [185, "uninstall"], [186, "uninstall"], [188, "uninstall"]], "Uninstall (Integration Server)": [[141, "uninstall-integration-server"]], "Upgrade Instructions": [[169, "upgrade-instructions"]], "Upgrades to v1.0.1": [[10, "upgrades-to-v1-0-1"]], "Usage": [[0, "usage"], [1, "usage"], [1, "id1"], [2, "usage"], [68, "usage"], [157, "usage"], [168, "usage"], [185, "usage"], [186, "usage"], [187, "usage"], [188, "usage"], [189, "usage"]], "Use": [[73, "use"]], "Use Cases": [[56, "use-cases"]], "Useful Tools": [[179, "useful-tools"]], "User specified SIEM endpoints": [[99, "user-specified-siem-endpoints"]], "Using App Host:": [[47, "using-app-host"]], "Using Global Scripts": [[97, "using-global-scripts"]], "Using MxToolBox Function": [[83, "using-mxtoolbox-function"]], "Using TOR Function": [[105, "using-tor-function"]], "Using an Integration Server:": [[47, "using-an-integration-server"]], "Using oauth-utils package": [[88, "using-oauth-utils-package"]], "Using the Ability.IO Function": [[14, "using-the-ability-io-function"]], "Using the Alien Vault OTX Function": [[9, "using-the-alien-vault-otx-function"]], "Using the example functions": [[67, "using-the-example-functions"]], "Utilities (Deprecated)": [[143, null]], "Utility scripts for automatic app refreshment": [[3, null]], "Utility: oauth2_generate_refresh_token": [[157, "utility-oauth2-generate-refresh-token"], [157, "id1"]], "V1.1 Considerations": [[78, "v1-1-considerations"]], "V2.0 Changes": [[183, "v2-0-changes"]], "VMRay Sandbox Analyzer": [[145, null]], "VMware Carbon Black Cloud": [[146, null]], "VMware Carbon Black Cloud Development Version": [[146, "vmware-carbon-black-cloud-development-version"]], "Version 1.0.5 changes": [[182, "version-1-0-5-changes"]], "Version 1.1.0 changes": [[182, "version-1-1-0-changes"]], "Version 2.0.0 Changes": [[103, "version-2-0-0-changes"]], "Version 3.1.0 Changes": [[64, "version-3-1-0-changes"]], "View a saved model": [[70, "view-a-saved-model"]], "VirusTotal": [[144, null]], "VirusTotal Development Version": [[144, "virustotal-development-version"]], "VirusTotal: Scan for Hits Automatic (PB) Playbook": [[188, "virustotal-scan-for-hits-automatic-pb-playbook"]], "Volatility": [[38, "volatility"]], "Watson Translate": [[147, null]], "Webex Configuration": [[148, "webex-configuration"]], "What\u2019s Included": [[190, "what-s-included"]], "Whois": [[149, null]], "Why isn\u2019t \u201cX\u201d supported as a \u201cfeed destination\u201d?": [[179, "why-isn-t-x-supported-as-a-feed-destination"]], "Windows": [[86, "windows"]], "Wiz": [[152, null]], "Workflows": [[38, "workflows"], [134, "workflows"]], "Workflows:": [[112, "workflows"]], "Wrapping Up": [[4, "wrapping-up"]], "YETI Threat Service": [[177, null]], "Yeti": [[154, null]], "You can continue to use the rules/workflows. But migrating to playbooks provides greater functionality along with future app enhancements and bug fixes.": [[108, "you-can-continue-to-use-the-rules-workflows-but-migrating-to-playbooks-provides-greater-functionality-along-with-future-app-enhancements-and-bug-fixes"]], "You support PostgreSQL, can I create a new database on my IBM QRadar SOAR appliance and connect to that?": [[179, "you-support-postgresql-can-i-create-a-new-database-on-my-ibm-qradar-soar-appliance-and-connect-to-that"]], "Zoom": [[32, null]], "Zscaler Internet Access Functions for IBM SOAR": [[155, null]], "[Optional] Step 29: Share Packages amongst Organizations/Resilient Instances": [[192, "optional-step-29-share-packages-amongst-organizations-resilient-instances"]], "[Optional] Step 30: Setup VS Code to Debug Resilient Functions": [[192, "optional-step-30-setup-vs-code-to-debug-resilient-functions"]], "[fn_reaqta:hive_label] <!-- omit in toc -->": [[108, "fn-reaqta-hive-label"]], "[fn_reaqta] <!-- omit in toc -->": [[108, "fn-reaqta"]], "[resilient] Section Configurations": [[136, "resilient-section-configurations"]], "addNote(String res_reference_id, String noteText, String noteFormat)": [[120, "addnote-string-res-reference-id-string-notetext-string-noteformat"]], "apikey_permissions.txt": [[4, "apikey-permissions-txt"]], "app.config Settings:": [[54, "app-config-settings"]], "app.config examples:": [[85, "app-config-examples"], [85, "id1"]], "app.config file": [[184, "app-config-file"]], "app.config settings": [[138, "app-config-settings"], [142, "app-config-settings"]], "app.config settings:": [[33, "app-config-settings"], [37, "app-config-settings"], [38, "app-config-settings"], [48, "app-config-settings"], [50, "app-config-settings"], [57, "app-config-settings"], [62, "app-config-settings"], [139, "app-config-settings"], [149, "app-config-settings"]], "create(GlideRecord record, String snRecordId, String caseName, Object options)": [[120, "create-gliderecord-record-string-snrecordid-string-casename-object-options"]], "customize_and_reload.sh": [[3, "customize-and-reload-sh"]], "entrypoint.sh": [[4, "entrypoint-sh"]], "fn_aws_guardduty": [[15, null]], "fn_cisco_umbrella_inv Example": [[27, "fn-cisco-umbrella-inv-example"]], "fn_kafka": [[66, "fn-kafka"]], "fn_kafka:broker label": [[66, "fn-kafka-broker-label"]], "fn_qradar_enhanced_data 2.5.0 Changes": [[103, "fn-qradar-enhanced-data-2-5-0-changes"]], "fn_slack 2.0.0 Considerations": [[125, "fn-slack-2-0-0-considerations"]], "fn_slack 2.1.0 Changes": [[125, "fn-slack-2-1-0-changes"]], "fn_whois_rdap": [[150, null]], "gRPC Interface": [[53, null]], "getResilientReferenceId(GlideRecord record)": [[120, "getresilientreferenceid-gliderecord-record"]], "getResilientReferenceLink(GlideRecord record)": [[120, "getresilientreferencelink-gliderecord-record"]], "getResilientType(GlideRecord record)": [[120, "getresilienttype-gliderecord-record"]], "icons": [[4, "icons"]], "incident_close_template.jinja": [[80, "incident-close-template-jinja"]], "incident_create_template.jinja": [[80, "incident-create-template-jinja"]], "incident_update_template.jinja": [[80, "incident-update-template-jinja"]], "inventory_apps_server_version.py": [[3, "inventory-apps-server-version-py"]], "ldap_search Example": [[160, "ldap-search-example"]], "matching_incident_fields": [[183, "matching-incident-fields"]], "mirror-all-images.sh": [[1, "mirror-all-images-sh"]], "mirror-images.sh": [[1, "mirror-images-sh"]], "netMiko": [[84, null]], "on AppHost": [[16, "on-apphost"]], "on Integration Server": [[16, "on-integration-server"]], "poller_filters_template.jinja": [[80, "poller-filters-template-jinja"]], "resilient-sdk": [[4, "resilient-sdk"]], "screenshot: URL-to-DNS-rule": [[140, "id1"]], "screenshot: fn-kafka-send ": [[66, "id1"]], "screenshot: fn-make-playbook ": [[97, "id1"]], "screenshot: fn-sumo-logic-access-id-key-dialog": [[130, "id1"]], "screenshot: fn-vmware-cbc-api-key-5 ": [[146, "id1"]], "screenshot: main": [[31, "id1"], [36, "id1"]], "sentinel_close_incident_template.jinja": [[80, "sentinel-close-incident-template-jinja"]], "sentinel_update_incident_template.jinja": [[80, "sentinel-update-incident-template-jinja"]], "soar-python2-search.py": [[2, "soar-python2-search-py"]], "soar_close_case.jinja": [[106, "soar-close-case-jinja"], [107, "soar-close-case-jinja"], [113, "soar-close-case-jinja"], [146, "soar-close-case-jinja"]], "soar_close_incident.jinja": [[43, "soar-close-incident-jinja"]], "soar_create_case.jinja": [[106, "soar-create-case-jinja"], [107, "soar-create-case-jinja"], [113, "soar-create-case-jinja"], [146, "soar-create-case-jinja"]], "soar_create_case_with_artifacts.jinja": [[113, "soar-create-case-with-artifacts-jinja"]], "soar_create_incident.jinja": [[43, "soar-create-incident-jinja"]], "soar_ticketid_incident.jinja": [[43, "soar-ticketid-incident-jinja"]], "soar_update_case.jinja": [[106, "soar-update-case-jinja"], [107, "soar-update-case-jinja"], [113, "soar-update-case-jinja"], [146, "soar-update-case-jinja"]], "soar_update_incident.jinja": [[43, "soar-update-incident-jinja"]], "twilio_send_sms": [[138, "twilio-send-sms"]], "updateStateInResilient(String res_reference_id, String snTicketState, String snTicketStateColor)": [[120, "updatestateinresilient-string-res-reference-id-string-snticketstate-string-snticketstatecolor"]], "v1.0.0": [[10, "v1-0-0"], [29, "v1-0-0"], [42, "v1-0-0"], [52, "v1-0-0"], [63, "v1-0-0"], [68, "v1-0-0"], [69, "v1-0-0"], [75, "v1-0-0"], [76, "v1-0-0"], [95, "v1-0-0"], [100, "v1-0-0"], [101, "v1-0-0"], [115, "v1-0-0"], [123, "v1-0-0"], [128, "v1-0-0"], [134, "v1-0-0"], [140, "v1-0-0"], [145, "v1-0-0"], [161, "v1-0-0"]], "v1.0.0 <!-- omit in toc -->": [[118, "v1-0-0"]], "v1.0.1": [[10, "v1-0-1"], [29, "v1-0-1"], [52, "v1-0-1"], [69, "v1-0-1"], [75, "v1-0-1"], [95, "v1-0-1"], [100, "v1-0-1"], [101, "v1-0-1"], [128, "v1-0-1"], [134, "v1-0-1"], [145, "v1-0-1"]], "v1.0.1 <!-- omit in toc -->": [[118, "v1-0-1"]], "v1.0.2": [[52, "v1-0-2"], [69, "v1-0-2"], [75, "v1-0-2"], [100, "v1-0-2"]], "v1.0.2 <!-- omit in toc -->": [[118, "v1-0-2"]], "v1.0.3": [[100, "v1-0-3"]], "v1.0.3 <!-- omit in toc -->": [[118, "v1-0-3"]], "v1.0.4 <!-- omit in toc -->": [[118, "v1-0-4"]], "v1.0.5 <!-- omit in toc -->": [[118, "v1-0-5"]], "v1.1.0": [[42, "v1-1-0"], [63, "v1-1-0"], [76, "v1-1-0"], [140, "v1-1-0"]], "v1.1.1": [[173, "v1-1-1"]], "v1.2.0": [[42, "v1-2-0"], [76, "v1-2-0"]], "v1.3.0": [[42, "v1-3-0"]], "v2.0 Changes": [[88, "v2-0-changes"]], "v2.0.0": [[123, "v2-0-0"]], "v2.0.9": [[118, "v2-0-9"]], "v2.1.0": [[80, "v2-1-0"], [118, "v2-1-0"]], "v2.1.1": [[80, "v2-1-1"]], "v2.2.0": [[118, "v2-2-0"]], "v2.2.1": [[118, "v2-2-1"]], "v2.3.0": [[118, "v2-3-0"]]}, "docnames": [".environments/README", ".helper-scripts/mirror-containers/README", ".helper-scripts/soar-python-search-utility/README", ".scripts/refresh_all_apps/README", "app_host_files/README", "base_input_types/README", "docs/python_api", "fn_abuseipdb/README", "fn_algosec/README", "fn_alienvault_otx/README", "fn_anomali_staxx/README", "fn_ansible/README", "fn_ansible_tower/README", "fn_api_void/README", "fn_apility/README", "fn_aws_guardduty/README", "fn_aws_iam/README", "fn_aws_utilities/README", "fn_axonius/README", "fn_azure_automation_utilities/README", "fn_bigfix/README", "fn_bmc_helix/README", "fn_calendar_invite/README", "fn_cb_protection/README", "fn_cisco_amp4ep/README", "fn_cisco_asa/README", "fn_cisco_enforcement/README", "fn_cisco_umbrella_inv/README", "fn_clamav/README", "fn_cloud_foundry/README", "fn_components/README", "fn_create_webex_meeting/README", "fn_create_zoom_meeting/README", "fn_crowdstrike_falcon/README", "fn_cve_search/README", "fn_darktrace/README", "fn_datatable_utils/README", "fn_digital_shadows_search/README", "fn_docker/README", "fn_elasticsearch/README", "fn_email_header_validation/README", "fn_exchange/README", "fn_exchange_online/README", "fn_extrahop/README", "fn_floss/README", "fn_geocoding/README", "fn_github/README", "fn_google_cloud_dlp/README", "fn_google_cloud_functions/README", "fn_google_cloud_scc/README", "fn_google_maps_directions/README", "fn_googlesafebrowsing/README", "fn_greynoise/README", "fn_grpc_interface/README", "fn_grr_search/README", "fn_guardium_insights_integration/README", "fn_guardium_integration/README", "fn_hibp/README", "fn_html2pdf/README", "fn_icdx/README", "fn_incident_utils/README", "fn_ioc_parser_v2/README", "fn_ipinfo/README", "fn_isitphishing/README", "fn_jira/README", "fn_joe_sandbox_analysis/README", "fn_kafka/README", "fn_ldap_utilities/README", "fn_log_capture/README", "fn_maas360/README", "fn_machine_learning/README", "fn_machine_learning_nlp/README", "fn_mandiant/README", "fn_mcafee_atd/README", "fn_mcafee_epo/README", "fn_mcafee_esm/README", "fn_mcafee_opendxl/README", "fn_mcafee_tie/README", "fn_microsoft_defender/README", "fn_microsoft_security_graph/README", "fn_microsoft_sentinel/README", "fn_misp/README", "fn_mitre_integration/README", "fn_mxtoolbox/README", "fn_netdevice/README", "fn_network_utilities/README", "fn_ocr/README", "fn_odbc_query/README", "fn_outbound_email/README", "fn_pa_panorama/README", "fn_pagerduty/README", "fn_parse_utilities/README", "fn_passivetotal/README", "fn_pastebin/README", "fn_phish_ai/README", "fn_phish_tank/README", "fn_pipl/README", "fn_playbook_maker/README", "fn_playbook_utils/README", "fn_proofpoint_tap/README", "fn_proofpoint_trap/README", "fn_pulsedive/README", "fn_qradar_advisor/README", "fn_qradar_enhanced_data/README", "fn_qradar_integration/README", "fn_query_tor_network/README", "fn_randori/README", "fn_rapid7_insight_idr/README", "fn_reaqta/README", "fn_relations/README", "fn_remedy/README", "fn_rest_api/README", "fn_rsa_netwitness/README", "fn_salesforce/README", "fn_scheduler/README", "fn_secureworks_ctp/README", "fn_sentinelone/README", "fn_sep/README", "fn_service_now/README", "fn_service_now/docs/customize_resilient_guide/README", "fn_service_now/docs/customize_snow_guide/README", "fn_service_now/docs/install_guide/README", "fn_shadowserver/README", "fn_shodan/README", "fn_siemplify/README", "fn_slack/README", "fn_snapshot_url/README", "fn_soar_utils/README", "fn_spamhaus_query/README", "fn_splunk_integration/README", "fn_sumo_logic/README", "fn_symantec_dlp/README", "fn_task_utils/README", "fn_teams/README", "fn_threatminer/README", "fn_thug/README", "fn_timer/README", "fn_trusteer_ppd/README", "fn_twilio/README", "fn_twitter_most_popular/README", "fn_url_to_dns/README", "fn_urlhaus/README", "fn_urlscanio/README", "fn_utilities/README", "fn_virustotal/README", "fn_vmray_analyzer/README", "fn_vmware_cbc/README", "fn_watson_translate/README", "fn_webex/README", "fn_whois/README", "fn_whois_rdap/README", "fn_wiki/README", "fn_wiz/README", "fn_xforce/README", "fn_yeti/README", "fn_zia/README", "index", "oauth-utils/README", "older/README", "older/fn_bluecoat_site_review/README", "older/fn_ldap_search/README", "older/fn_res_to_icd/README", "older/fn_risk_fabric/README", "older/rc-query-csv/README", "older/rc-query-runner/README", "older/rc-shell-runner/README", "older/rc-splunk-search/README", "pb_sans_isc_scan_ip/README", "pl_criminalip/README", "rc-cts-abuseipdb/README", "rc-cts-googlesafebrowsing/README", "rc-cts-haveibeenpwned/README", "rc-cts-mcafeetie/README", "rc-cts-misp/README", "rc-cts-passivetotal/README", "rc-cts-shadowserver/README", "rc-cts-urlscanio/README", "rc-cts-yeti/README", "rc-data-feed-plugin-filefeed/README", "rc_data_feed/README", "rc_data_feed_plugin_elasticfeed/README", "rc_data_feed_plugin_kafkafeed/README", "rc_data_feed_plugin_odbcfeed/README", "rc_data_feed_plugin_resilientfeed/README", "rc_data_feed_plugin_splunkfeed/README", "res_hibp/README", "res_qraw_mitre/README", "res_urlscanio/README", "res_virustotal/README", "sc_convert_json_to_rich_text/README", "sc_email_approval/README", "sc_email_parser/README", "workshop-guide/README"], "envversion": {"sphinx": 63, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.intersphinx": 1}, "filenames": [".environments/README.md", ".helper-scripts/mirror-containers/README.md", ".helper-scripts/soar-python-search-utility/README.md", ".scripts/refresh_all_apps/README.md", "app_host_files/README.md", "base_input_types/README.md", "docs/python_api.md", "fn_abuseipdb/README.md", "fn_algosec/README.md", "fn_alienvault_otx/README.md", "fn_anomali_staxx/README.md", "fn_ansible/README.md", "fn_ansible_tower/README.md", "fn_api_void/README.md", "fn_apility/README.md", "fn_aws_guardduty/README.md", "fn_aws_iam/README.md", "fn_aws_utilities/README.md", "fn_axonius/README.md", "fn_azure_automation_utilities/README.md", "fn_bigfix/README.md", "fn_bmc_helix/README.md", "fn_calendar_invite/README.md", "fn_cb_protection/README.md", "fn_cisco_amp4ep/README.md", "fn_cisco_asa/README.md", "fn_cisco_enforcement/README.md", "fn_cisco_umbrella_inv/README.md", "fn_clamav/README.md", "fn_cloud_foundry/README.md", "fn_components/README.md", "fn_create_webex_meeting/README.md", "fn_create_zoom_meeting/README.md", "fn_crowdstrike_falcon/README.md", "fn_cve_search/README.md", "fn_darktrace/README.md", "fn_datatable_utils/README.md", "fn_digital_shadows_search/README.md", "fn_docker/README.md", "fn_elasticsearch/README.md", "fn_email_header_validation/README.md", "fn_exchange/README.md", "fn_exchange_online/README.md", "fn_extrahop/README.md", "fn_floss/README.md", "fn_geocoding/README.md", "fn_github/README.md", "fn_google_cloud_dlp/README.md", "fn_google_cloud_functions/README.md", "fn_google_cloud_scc/README.md", "fn_google_maps_directions/README.md", "fn_googlesafebrowsing/README.md", "fn_greynoise/README.md", "fn_grpc_interface/README.md", "fn_grr_search/README.md", "fn_guardium_insights_integration/README.md", "fn_guardium_integration/README.md", "fn_hibp/README.md", "fn_html2pdf/README.md", "fn_icdx/README.md", "fn_incident_utils/README.md", "fn_ioc_parser_v2/README.md", "fn_ipinfo/README.md", "fn_isitphishing/README.md", "fn_jira/README.md", "fn_joe_sandbox_analysis/README.md", "fn_kafka/README.md", "fn_ldap_utilities/README.md", "fn_log_capture/README.md", "fn_maas360/README.md", "fn_machine_learning/README.md", "fn_machine_learning_nlp/README.md", "fn_mandiant/README.md", "fn_mcafee_atd/README.md", "fn_mcafee_epo/README.md", "fn_mcafee_esm/README.md", "fn_mcafee_opendxl/README.md", "fn_mcafee_tie/README.md", "fn_microsoft_defender/README.md", "fn_microsoft_security_graph/README.md", "fn_microsoft_sentinel/README.md", "fn_misp/README.md", "fn_mitre_integration/README.md", "fn_mxtoolbox/README.md", "fn_netdevice/README.md", "fn_network_utilities/README.md", "fn_ocr/README.md", "fn_odbc_query/README.md", "fn_outbound_email/README.md", "fn_pa_panorama/README.md", "fn_pagerduty/README.md", "fn_parse_utilities/README.md", "fn_passivetotal/README.md", "fn_pastebin/README.md", "fn_phish_ai/README.md", "fn_phish_tank/README.md", "fn_pipl/README.md", "fn_playbook_maker/README.md", "fn_playbook_utils/README.md", "fn_proofpoint_tap/README.md", "fn_proofpoint_trap/README.md", "fn_pulsedive/README.md", "fn_qradar_advisor/README.md", "fn_qradar_enhanced_data/README.md", "fn_qradar_integration/README.md", "fn_query_tor_network/README.md", "fn_randori/README.md", "fn_rapid7_insight_idr/README.md", "fn_reaqta/README.md", "fn_relations/README.md", "fn_remedy/README.md", "fn_rest_api/README.md", "fn_rsa_netwitness/README.md", "fn_salesforce/README.md", "fn_scheduler/README.md", "fn_secureworks_ctp/README.md", "fn_sentinelone/README.md", "fn_sep/README.md", "fn_service_now/README.md", "fn_service_now/docs/customize_resilient_guide/README.md", "fn_service_now/docs/customize_snow_guide/README.md", "fn_service_now/docs/install_guide/README.md", "fn_shadowserver/README.md", "fn_shodan/README.md", "fn_siemplify/README.md", "fn_slack/README.md", "fn_snapshot_url/README.md", "fn_soar_utils/README.md", "fn_spamhaus_query/README.md", "fn_splunk_integration/README.md", "fn_sumo_logic/README.md", "fn_symantec_dlp/README.md", "fn_task_utils/README.md", "fn_teams/README.md", "fn_threatminer/README.md", "fn_thug/README.md", "fn_timer/README.md", "fn_trusteer_ppd/README.md", "fn_twilio/README.md", "fn_twitter_most_popular/README.md", "fn_url_to_dns/README.md", "fn_urlhaus/README.md", "fn_urlscanio/README.md", "fn_utilities/README.md", "fn_virustotal/README.md", "fn_vmray_analyzer/README.md", "fn_vmware_cbc/README.md", "fn_watson_translate/README.md", "fn_webex/README.md", "fn_whois/README.md", "fn_whois_rdap/README.md", "fn_wiki/README.md", "fn_wiz/README.md", "fn_xforce/README.md", "fn_yeti/README.md", "fn_zia/README.md", "index.rst", "oauth-utils/README.md", "older/README.md", "older/fn_bluecoat_site_review/README.md", "older/fn_ldap_search/README.md", "older/fn_res_to_icd/README.md", "older/fn_risk_fabric/README.md", "older/rc-query-csv/README.md", "older/rc-query-runner/README.md", "older/rc-shell-runner/README.md", "older/rc-splunk-search/README.md", "pb_sans_isc_scan_ip/README.md", "pl_criminalip/README.md", "rc-cts-abuseipdb/README.md", "rc-cts-googlesafebrowsing/README.md", "rc-cts-haveibeenpwned/README.md", "rc-cts-mcafeetie/README.md", "rc-cts-misp/README.md", "rc-cts-passivetotal/README.md", "rc-cts-shadowserver/README.md", "rc-cts-urlscanio/README.md", "rc-cts-yeti/README.md", "rc-data-feed-plugin-filefeed/README.md", "rc_data_feed/README.md", "rc_data_feed_plugin_elasticfeed/README.md", "rc_data_feed_plugin_kafkafeed/README.md", "rc_data_feed_plugin_odbcfeed/README.md", "rc_data_feed_plugin_resilientfeed/README.md", "rc_data_feed_plugin_splunkfeed/README.md", "res_hibp/README.md", "res_qraw_mitre/README.md", "res_urlscanio/README.md", "res_virustotal/README.md", "sc_convert_json_to_rich_text/README.md", "sc_email_approval/README.md", "sc_email_parser/README.md", "workshop-guide/README.md"], "indexentries": {}, "objects": {}, "objnames": {}, "objtypes": {}, "terms": {"": [0, 1, 4, 7, 8, 11, 13, 14, 15, 16, 18, 21, 22, 25, 26, 29, 30, 32, 33, 34, 35, 36, 38, 41, 42, 43, 44, 45, 46, 49, 50, 52, 53, 54, 55, 56, 57, 58, 60, 62, 64, 66, 69, 72, 73, 74, 76, 77, 78, 79, 80, 81, 85, 87, 88, 89, 90, 91, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 111, 113, 114, 115, 116, 117, 118, 119, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 139, 141, 143, 144, 146, 147, 148, 150, 151, 152, 153, 155, 157, 159, 163, 167, 168, 176, 178, 179, 180, 181, 182, 183, 184, 186, 187, 188, 189, 191, 192], "0": [1, 3, 4, 7, 8, 9, 12, 13, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 30, 31, 32, 33, 34, 35, 37, 38, 39, 41, 43, 44, 46, 47, 48, 49, 50, 51, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 65, 70, 71, 72, 73, 77, 79, 82, 84, 85, 86, 92, 93, 94, 96, 97, 98, 99, 102, 105, 106, 107, 109, 110, 112, 113, 116, 119, 120, 121, 122, 124, 126, 127, 130, 131, 132, 136, 138, 139, 141, 142, 143, 146, 147, 148, 149, 150, 151, 152, 154, 155, 159, 167, 168, 169, 172, 173, 179, 181, 185, 186, 187, 188, 190, 192], "00": [7, 11, 19, 24, 31, 32, 35, 37, 38, 41, 42, 43, 49, 54, 55, 59, 67, 72, 74, 78, 79, 80, 90, 91, 99, 102, 104, 106, 108, 114, 116, 117, 119, 127, 130, 131, 137, 138, 144, 148, 182, 187], "000": [21, 30, 64, 91, 113, 148, 185], "0000": [21, 24, 35, 72, 80, 91, 106, 113, 142, 148], "000000": 41, "0000000": [42, 91], "00000000": [106, 146], "00000000000": 24, "000000000000": [24, 59, 106], "000000000001": 59, "000000000002": 59, "0000000000bd6d7c": 130, "000001": 39, "00000318": 146, "00000344": 146, "00000460": 146, "000008e8": 146, "00000a0b67eb": 146, "00001": 157, "00001064": 113, "0001": [38, 42], "00086": 20, "000d3a5680fc": 78, "000webhost": [57, 185], "000z": [15, 37, 72, 99, 102, 107, 186], "001": [78, 130], "001hr00001kfbihiag": 113, "002": 130, "00224830591e": 78, "0028": 106, "003hr00002rewc8iad": 113, "0047": 124, "004d554e1": 122, "005": 113, "005056b41000": 74, "005056b43418": 74, "005112": 69, "005hr00000coneziat": 113, "005hr00000conusi": 113, "006": 116, "007": 30, "008": 30, "009": 30, "00aea0f3092e5bb9462d7353169fdc4": 117, "00af08": 54, "00da1a57": 24, "00ehr000001gfgwiaa": 113, "00ehr000002mwzlma4": 113, "00fc4aba3a120ba1f6c3453ea8faa4ca7167fabd30ac297eb59905d7a879e352": 24, "00thr00008eynbkmak": 113, "00z": [38, 42, 78, 79, 144, 148, 150, 185], "01": [15, 16, 18, 19, 22, 32, 34, 37, 38, 39, 41, 42, 43, 57, 64, 67, 70, 78, 80, 85, 88, 89, 91, 93, 96, 99, 103, 104, 106, 107, 108, 113, 116, 117, 119, 126, 127, 130, 131, 137, 138, 143, 144, 146, 147, 148, 153, 180, 181, 184, 185], "0100": 80, "012063": 11, "0123": 99, "013z": 107, "0145": 96, "015": 187, "01526": 43, "015z": 146, "0166667z": 78, "0186152z": 78, "0193": 43, "01ecf4e8092e5bb91e4d52e45c3abe4d": 117, "01f490cbdc7f84ccd0fc6ade0a645910152e8053d67a49402fd789c9146ca2a2": 187, "01t00": [38, 42, 78, 99], "01t01": 99, "01t05": 130, "01t06": 99, "01t07": 108, "01t08": 130, "01t10": 99, "01t13": 130, "01t16": 99, "01t20": 130, "01t21": 78, "01t22": 107, "01z": [24, 188], "02": [7, 8, 10, 15, 16, 19, 24, 27, 31, 33, 37, 41, 43, 46, 49, 51, 57, 59, 66, 69, 72, 74, 77, 78, 80, 85, 87, 89, 96, 102, 103, 106, 107, 108, 111, 113, 116, 117, 122, 124, 130, 131, 133, 137, 143, 144, 147, 150, 153, 167, 185], "0205630385a7": 76, "021z": 146, "0228e00": 127, "0232": 106, "02625": 106, "027437b63df40000": 43, "0280b143": 24, "029485": 106, "02a1": 130, "02a1d541ff800000": 43, "02c4": 98, "02c9fc00ec23": 10, "02f6b87341f00000": 43, "02t05": [59, 99], "02t12": 102, "02t13": 99, "02t14": 99, "02t17": 106, "02t18": 46, "02t20": [46, 130], "02t22": 46, "02z": 185, "03": [7, 10, 11, 15, 16, 18, 19, 24, 27, 32, 34, 37, 38, 41, 46, 47, 49, 51, 57, 64, 66, 67, 69, 72, 77, 79, 80, 85, 88, 91, 92, 98, 103, 106, 108, 109, 111, 114, 117, 122, 124, 129, 130, 131, 137, 141, 143, 146, 149, 153, 159, 185, 187, 188], "030397ea7fc1": 19, "0305": 35, "0313": 153, "033a04ee092e5bb9145e670acdea46e7": 117, "0343": 98, "03655adcf941": 78, "039": 117, "03t01": 37, "03t16": 46, "03t22": 131, "04": [0, 11, 15, 16, 19, 24, 25, 35, 36, 42, 43, 46, 49, 53, 55, 59, 63, 64, 66, 67, 69, 74, 78, 79, 80, 82, 85, 89, 90, 96, 98, 99, 103, 104, 106, 107, 108, 109, 110, 112, 113, 114, 116, 117, 122, 129, 130, 131, 133, 143, 146, 152, 153, 154, 167, 182, 183, 184, 185, 187, 188], "040000008200e00074c5b7101a82e008000000000c57e88c809fd90100000000000000001000000079e26061bc861948905c74b45c5736e5": 42, "046258": 187, "046452": 187, "046557": 187, "046564": 187, "0466667z": 78, "046912103": 33, "047135": 187, "047342": 187, "047cf2ed": 106, "0482fb724eca2f19": 59, "048b88c0f3aa": 78, "0490": 59, "04c99d46599f078f1c3da3783cf5b95f01ac61bb": 78, "04t15": 131, "04t16": 131, "04t17": [102, 186], "04t18": 154, "04t19": 187, "05": [10, 11, 16, 19, 20, 24, 27, 31, 35, 36, 37, 38, 42, 43, 46, 49, 51, 54, 60, 64, 66, 67, 69, 74, 77, 78, 79, 85, 87, 88, 90, 96, 99, 102, 103, 106, 108, 109, 111, 117, 124, 129, 130, 133, 138, 143, 146, 147, 148, 150, 152, 153, 187, 188], "0500": 64, "052": 187, "0543": 43, "05445189": 130, "0571025f242c": 130, "058255z": 80, "05942d1e092e5bb96dd96aa5199d35bc": 117, "05ab": 80, "05t01": 79, "05t15": 90, "05z": [46, 188], "06": [16, 18, 19, 20, 21, 24, 25, 35, 37, 39, 42, 43, 46, 47, 49, 54, 57, 59, 60, 65, 67, 74, 78, 80, 81, 84, 86, 87, 96, 97, 98, 99, 102, 103, 107, 108, 111, 113, 117, 129, 131, 133, 146, 155, 167, 185], "0601": 43, "0604": 43, "061087": 130, "0618": 2, "062326": 11, "06269cc1092e5bb97e3f195bb9232a9b": 117, "06478fa19ee4": 24, "065625": 106, "067226z": 116, "069": 187, "06ahr00000r0rl0maf": 113, "06b86c3c9232": 103, "06d879c43dad": 133, "06dbd8d4092e5bb95c50f9f0bd7c1ebd": 117, "06t01": 78, "06t03": 78, "06t10": 19, "06t12": 113, "06t13": 19, "06t17": 79, "06t19": [7, 94], "06t22": 94, "06z": 42, "07": [16, 19, 20, 21, 24, 30, 46, 47, 49, 59, 65, 66, 67, 69, 72, 74, 78, 79, 80, 81, 86, 87, 89, 90, 96, 97, 98, 103, 106, 107, 108, 109, 110, 113, 117, 124, 130, 131, 143, 148, 150, 153, 155, 157, 167, 180, 182, 185, 188], "0700": 91, "0708": 43, "072": 85, "0730b7bc": 146, "0766667z": 78, "0778cc3cd812": 157, "0785140991211": 13, "0796": 43, "07jewfj_7knbwcgyiaraagacsnwf": 157, "07t00": 37, "07t01": 37, "07t02": 106, "07t06": 108, "07t07": [37, 106], "07t12": 79, "07t14": 33, "07t16": 131, "07t19": 130, "07t20": 106, "07t21": 113, "07z": 78, "08": [8, 10, 15, 19, 20, 22, 24, 35, 41, 46, 47, 49, 53, 55, 60, 64, 67, 70, 74, 78, 79, 80, 81, 86, 88, 89, 90, 96, 98, 102, 103, 104, 106, 107, 108, 109, 111, 113, 114, 116, 117, 122, 129, 130, 131, 136, 144, 148, 152, 180, 181, 185, 186, 188], "081111111": 67, "082222222": 67, "083": 98, "0840": 62, "084375": 106, "087091": 11, "087z": 108, "08a90512": 106, "08daaaf93b34": 91, "08s01": 183, "08t00": 46, "08t02": 46, "08t07": 42, "08t08": 131, "08t12": 69, "08t14": 33, "08t16": 130, "08t17": [7, 107, 153], "08t19": [130, 150], "08t22": 90, "09": [8, 15, 16, 17, 19, 21, 24, 25, 28, 32, 33, 35, 37, 38, 47, 53, 54, 55, 57, 58, 64, 67, 74, 77, 78, 79, 82, 87, 88, 89, 90, 96, 97, 98, 102, 104, 106, 107, 108, 109, 113, 116, 117, 124, 127, 129, 130, 131, 133, 136, 138, 141, 143, 146, 147, 148, 149, 150, 153, 167, 185, 186], "0960914z": 80, "097z": 49, "098f6bcd": 98, "09c4": 74, "09t07": 74, "09t17": [37, 113], "09t21": 46, "09z": 46, "0_20221202_152441": 46, "0_20221202_153917": 46, "0_20221202_171442": 46, "0a": [64, 116], "0ab7": 124, "0ade7c2c": 35, "0adqt8qjmgtnoh42tskjrafz_unmjivolsantp9nuoj1ydbrr7ow94nqxaddhd1bie6bz6g": 157, "0b04": 80, "0b2ae82f092e5bb978629101355bf16b": 117, "0b5f00b6": 130, "0b9e4cb2af3dd1686accf0c469ce7b60": 117, "0bc3e9f0092e5bb9669e0fd237c8578": 117, "0c": [108, 116], "0c480537": 146, "0c512a3a092e5bb947c433bcf26dea2": 117, "0c680d8a092e5bb97e3f195b276ebae8": 117, "0c6a": 80, "0ca8ce74": 146, "0caabe31": 106, "0de1ff00569723b2d11ec84665c4bd06": 18, "0de6791a": 129, "0e": 108, "0e1e": 130, "0e20c932": 130, "0e2b7c47092e5bb97b9071e9f20b71b5": 117, "0e50": 98, "0e5cbfbb": 130, "0ebeedc5092e5bb94d53bf4f111ac78c": 117, "0f37d0bb092e5bb90b7a03ede1b3db2c": 117, "0m": 11, "0r2gb0qdlt1q3fqxshn0equ": 85, "0rie": 98, "0x3e7": 108, "0xsi_f33d": [144, 188], "1": [1, 2, 3, 4, 7, 8, 9, 12, 13, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 30, 31, 32, 33, 34, 35, 37, 39, 41, 44, 45, 46, 47, 48, 49, 50, 51, 53, 54, 55, 57, 58, 59, 60, 61, 62, 65, 68, 70, 71, 72, 73, 77, 79, 81, 82, 84, 85, 86, 92, 93, 94, 96, 97, 98, 102, 104, 105, 106, 107, 109, 110, 112, 113, 115, 116, 119, 122, 123, 124, 126, 127, 130, 132, 136, 137, 138, 139, 141, 142, 143, 147, 148, 149, 150, 151, 152, 154, 155, 157, 159, 160, 161, 167, 168, 169, 170, 172, 179, 181, 183, 185, 186, 187, 189, 190, 191], "10": [7, 8, 10, 11, 13, 15, 16, 18, 19, 20, 23, 24, 25, 27, 28, 30, 31, 32, 33, 35, 37, 39, 41, 42, 43, 44, 46, 49, 53, 54, 56, 57, 59, 60, 64, 65, 66, 67, 69, 70, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 87, 88, 89, 90, 91, 92, 96, 98, 99, 102, 104, 106, 107, 108, 109, 110, 111, 114, 115, 116, 117, 118, 121, 124, 126, 127, 129, 130, 131, 133, 137, 139, 142, 143, 144, 146, 150, 152, 153, 155, 160, 162, 167, 168, 170, 181, 182, 184, 185, 187, 189, 190, 191], "100": [7, 10, 15, 18, 24, 33, 35, 37, 39, 42, 59, 69, 78, 88, 98, 117, 119, 124, 129, 130, 186, 187], "1000": [18, 19, 21, 39, 43, 64, 68, 78, 88, 96, 106, 108, 117, 124, 127, 129, 136, 137], "10000": [24, 39, 70, 117], "1000000005": 21, "100001": [120, 148], "10001": [64, 144, 188], "10003": 64, "10007": 64, "1001": [49, 119, 145], "1002": [36, 117], "1003": 124, "10038": 109, "1004": 60, "100462": 104, "1004f7eee7cb": 109, "1005": 24, "10055": 64, "10058": 64, "10072": 106, "1008": 108, "100x100px": 4, "101": [38, 43, 159, 187], "1010": 74, "1011": 74, "10124": 106, "10149": 43, "101541": 127, "1016": 117, "10161": 117, "10162": 117, "1017": 74, "10189": 43, "1019": 10, "102": [13, 98, 117, 130, 148, 159], "1020": 108, "1020293408461160452": 108, "1020293408461164549": 108, "1020293408461168646": 108, "1021190593": 133, "10212": 78, "1022070249601636353": 108, "1022070249672935426": 108, "1022070806768779266": 108, "1022070807062380545": 108, "1024257396198866946": 108, "1025": 98, "102549": 103, "102599": 103, "102649": 103, "1026728858289700868": 108, "1026728858289704965": 108, "1026728858289709062": 108, "102699": 103, "102749": 103, "102799": 103, "1029": 117, "1029755084809961474": 108, "103": [15, 43, 119, 159], "10315": 64, "1032": [78, 117], "1033": 117, "10350": 64, "10353": 35, "10386": 41, "104": [78, 94, 102, 108], "1040": 109, "10419": 64, "1043": [42, 109], "1044": 80, "10443": 117, "10452": 78, "104720": 185, "1048576": 192, "105": [60, 117], "106": [107, 117], "1063": 43, "10685": 24, "1069": 74, "107": 104, "1070258": 187, "1070259": 187, "10739": 15, "1075": 39, "10756": 67, "1077": 98, "1078": 117, "10780": 127, "108": [130, 153], "1080": 117, "1081": 67, "1081633343": 133, "1084": [19, 43, 108], "108e": 85, "109": [43, 59, 60, 187], "1090": [37, 67], "1090519054": 24, "1093": 67, "10968": 78, "1098": [117, 133], "109e0cd9092e5bb9566624f7e9bf266f": 117, "10e1f0a9092e5bb97e3f195bf1a05a94": 117, "10m": [114, 138], "10px": 150, "10t02": 116, "10t07": 106, "10t10": 37, "10t12": 153, "10t13": [107, 153], "10t15": [80, 107], "10t16": 146, "10t17": [19, 146], "10t18": [37, 80], "10t19": [37, 91], "10t20": 131, "10t21": [57, 116, 185], "10z": 80, "11": [0, 3, 7, 8, 11, 13, 15, 16, 18, 19, 24, 27, 31, 32, 33, 35, 36, 37, 38, 43, 46, 47, 49, 53, 57, 59, 60, 63, 64, 67, 69, 74, 77, 78, 79, 80, 81, 82, 85, 88, 89, 90, 91, 96, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 122, 124, 126, 127, 129, 130, 131, 136, 137, 144, 146, 148, 150, 151, 152, 153, 155, 182, 183, 187], "110": [7, 78], "1100": 117, "1101": 102, "1104": [19, 108], "1107": 87, "111": [18, 24, 69], "1111": [24, 43], "11111": [19, 24], "11111111": 19, "111111111111": 24, "11111112222222": 148, "111233344": 133, "11129": [144, 188], "1115": 129, "11151": 55, "1119": 21, "112": [2, 35], "1120": [108, 146], "11231": 96, "11234567890": 17, "1125": 106, "113": [35, 89, 107, 108], "1130": 106, "11353": 69, "1139323": 67, "114": 88, "1140024784343285701": 116, "114275": 186, "11480": 144, "11502": 109, "1150808": 46, "11510": 43, "1152": 108, "11523": 24, "11545": 144, "11580": 43, "116": [35, 88, 94, 102], "1160": 116, "1161": 86, "11651": 43, "117": [24, 98], "1170504": 46, "1170516": 46, "1170561": 46, "1170764": 46, "11712294571846742175": 49, "118": 108, "1180": 117, "11817": 11, "1188": 187, "1189": 106, "119": [27, 81], "11901": 43, "11913": 47, "11915": 11, "11954": 84, "119774": 67, "11_refresh_app": 3, "11e9": 59, "11eb": [59, 74], "11ed": 74, "11ee": 80, "11t04": 37, "11t05": 15, "11t11": 90, "11t13": [33, 78, 148], "11t14": 148, "11t15": [37, 107], "11t18": [37, 113], "11t22": 116, "12": [0, 1, 3, 7, 8, 10, 12, 13, 15, 16, 17, 18, 24, 25, 28, 32, 35, 36, 37, 41, 42, 43, 46, 49, 57, 60, 63, 64, 65, 67, 69, 71, 72, 74, 77, 78, 79, 81, 82, 84, 85, 87, 88, 89, 90, 91, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 124, 126, 127, 130, 131, 133, 136, 146, 148, 150, 152, 153, 155, 167, 168, 180, 181, 182, 185, 186, 189, 191], "120": [24, 33, 35, 43, 49, 65, 78, 80, 108, 113, 116, 124, 126, 138, 152], "1200": [102, 106, 107], "12000": 131, "12002": [57, 185], "1208": 116, "1209": 42, "1209600": 144, "121": [69, 108, 126], "12121212121212121": 116, "121212121212121212": 116, "1212121212121212121": 116, "122": [13, 62], "1220": 108, "122136": 106, "122480": 78, "12271": 15, "1228250": 117, "123": [35, 42, 88, 89, 108, 117, 124, 139], "1230": 67, "12315195": 20, "1234": [19, 107, 120, 124, 133, 138], "12345": [20, 152], "123456": [64, 88, 91], "1234567": [91, 138, 152, 155], "12345678": 99, "1234567890": [49, 138], "123456789012345678": 116, "123456789123": 16, "123456789abcd": [88, 157], "123456789abcd123456789a_awx4": [88, 157], "12345678c": 19, "1234567a": [88, 157], "1234567b1234567890abcde064d5db1acec55cb79db4cd13a12345678abcdefg": 144, "123456abcd": 88, "123456abcdef": [27, 100], "1234a123ab1234567a328c54d8b72db620ea38e0521ab12345678903854d3ab1": 188, "1234ryksruyfminzcvic0oz7dpgskibty5w12345qbkwlsyt0bgp6qzfwz12345678vuh28cqrmoxdd39iut7w": 19, "123a": [27, 100], "123asb": 62, "123f9ec5a53214cc6e35b1e4700b0806": 103, "1244": 19, "1245": 89, "125": 88, "126": [106, 133], "12635": 43, "1266": 117, "12695": 43, "127": [11, 43, 54, 66, 73, 78, 95, 117, 123, 173, 182, 183, 192], "1275282318251495460": 116, "1275282318259884069": 116, "1275282318268272678": 116, "12759": 22, "128": [117, 146, 150], "1280": 106, "128294549": 69, "128294800": 69, "12850": 113, "1287": 24, "12875": 144, "1288": 78, "129": [15, 39, 116], "1292": 146, "1293": 41, "1294": 117, "12a586cd0bb23200ecfd818393673a30": 119, "12b230f33702": 103, "12c": [87, 182], "12h": [136, 168], "12pt": 41, "12t05": 148, "12t09": 131, "12t14": 146, "12t15": [37, 107], "12t18": 78, "13": [7, 13, 16, 18, 19, 20, 21, 24, 30, 32, 33, 35, 36, 37, 41, 42, 43, 49, 69, 72, 74, 78, 81, 84, 87, 91, 92, 96, 98, 103, 106, 107, 108, 113, 116, 117, 124, 127, 130, 131, 133, 138, 144, 146, 148, 150, 153, 167, 187, 191], "130": [35, 43, 98], "1301": 43, "13019": 69, "1306": 104, "1307": 150, "1308905355630511064": 116, "131": [59, 109], "1310": 15, "131313131313131313": 116, "1317": 108, "131z": 153, "132": [69, 98, 117, 130], "1320": 98, "132188z": 116, "1322": [117, 124], "1327fb9b4858": 10, "133": 108, "1330": 64, "133011": 46, "13321": 113, "1332575900": 133, "13335": [94, 167], "13379": 43, "1347": 91, "13474": 84, "13477": 127, "1348": 78, "135": [106, 117], "1350": 43, "135249z": 116, "13547310": 59, "1356": 108, "136": [7, 117], "13623": 148, "1365": 104, "1367408": 46, "1367e54d71eb": 98, "1368": 117, "136z": 49, "137": 117, "13707": 85, "1373": 43, "138": [13, 109, 117], "13804": 108, "1383": 152, "1388": 43, "138z": 153, "139": [117, 124, 159], "1392": 104, "1393": 19, "1396": 108, "13b87c68047b": [19, 78, 79, 133], "13d5exwpmvlwmfznwx6p": 187, "13f7fe84": 102, "13t00": 78, "13t04": 144, "13t07": 146, "13t11": 21, "13t16": 116, "13z": 150, "14": [1, 7, 10, 11, 13, 15, 16, 18, 19, 20, 24, 25, 27, 35, 36, 41, 43, 46, 49, 51, 54, 55, 56, 59, 67, 72, 74, 76, 77, 80, 85, 86, 88, 89, 91, 96, 104, 106, 107, 108, 113, 116, 117, 124, 127, 130, 131, 133, 137, 138, 143, 152, 153, 187], "140": [94, 144, 161, 188], "1403": 98, "1404067840": 117, "1407": 136, "14094": 127, "141": [98, 117], "1416": 108, "1420": 104, "1423": 42, "1426": 42, "1428": 146, "142faa4598ba": 148, "143": 117, "1433": [19, 182], "1437": 42, "14374209": 146, "144": 3, "1440": 148, "14400": 90, "1440703724417": 104, "1440703735265": 104, "1442": 104, "1443": [43, 182], "1446": 15, "145": 24, "1450": 187, "1458": 186, "146": [78, 92], "14618": 15, "1462407300": 102, "1463072400": 102, "1463566500": 102, "1466": 24, "147": [108, 150], "1470": 150, "1472": 43, "147653": 130, "1479": 78, "148": [89, 98, 117], "1482542": 91, "1485": 119, "149": [106, 117], "1492": 108, "1492648105": 127, "14936670": [57, 185], "149417": 11, "1497": [43, 80, 85], "1498": 43, "1498685280": 102, "1499798851420": 103, "14fefa89": 80, "14t04": 144, "14t07": 144, "14t10": 153, "14t11": 107, "14t14": 19, "14z": [42, 90], "15": [7, 8, 11, 15, 16, 18, 19, 21, 22, 24, 27, 30, 35, 37, 39, 41, 42, 43, 49, 55, 57, 60, 64, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 82, 85, 88, 89, 91, 97, 98, 102, 103, 104, 106, 107, 108, 110, 111, 113, 114, 116, 117, 118, 121, 124, 127, 131, 133, 143, 146, 150, 152, 155, 167, 185, 187], "1501": 85, "15025407": 185, "1502989426": 24, "1502989429": 24, "1503024774": 24, "1506": 19, "15068": 109, "151": 117, "1510": 188, "1513402560": 102, "15169": [187, 188], "151744": 130, "1519233563": 77, "151z": 146, "1521": 182, "1524258360": 102, "1529421998": 102, "152c883836f1f3eec207395ac6f8e0c6": 153, "153": 117, "1530": 15, "153018187": 130, "15313": 20, "1535": 98, "153553": 130, "1536": 98, "1537273619880": 103, "1537351480070": 103, "1538": 98, "1538139961670": 103, "1538497879090708": 54, "1538996573000000": 54, "1538997200410715": 54, "1539": 98, "1539009155388036": 54, "1539009155394278": 54, "154": [89, 98], "1541013307490": 103, "1541014365790": 103, "1542157044": 78, "1543": 98, "15438583123": 138, "1548": 108, "1549548472000": 33, "1549629133338": 69, "1549629133378": 69, "1549859544549": 33, "1549891334000": 33, "1549891335000": 33, "15502": 15, "15505": 43, "1551786034614": 38, "15519": 131, "1556035883843": 69, "1557250160405": 104, "1558": 43, "155931927": 24, "156": 188, "1560": 133, "1564": 108, "157": 187, "1570": 19, "158": [43, 131], "158113924": 130, "15846": 43, "1586": 19, "15881": 146, "159": 43, "15961": 43, "1599": 146, "15bc38a7492befe831966adb477cf76f": 24, "15c2ad940931": 108, "15c5a0d4": 78, "15d7435d": 106, "15m": 185, "15px": [102, 186], "15t07": [42, 49], "15t10": 152, "15t11": [42, 152], "15t12": 37, "15t14": 49, "15t15": [49, 90], "15t17": 133, "15t18": [133, 188], "15t19": 90, "15t23": 102, "15z": 33, "16": [3, 7, 10, 15, 16, 18, 19, 24, 27, 33, 35, 37, 42, 43, 46, 60, 63, 69, 70, 78, 85, 88, 91, 92, 94, 96, 102, 104, 106, 108, 113, 116, 117, 124, 127, 130, 131, 137, 146, 148, 152, 153, 154, 167, 185, 186, 191], "160": 130, "1601": 67, "1601630433109": 59, "1601631906772": 59, "1604073642000": 183, "1606975": 19, "1607452116847": 104, "1607533205000": [60, 127], "1607611408002": [102, 186], "1608": 108, "1608652058": 77, "1608652105": 77, "1608669082": 77, "1609": 114, "161": 117, "1611291600000": 22, "1613797200000": 31, "1613797620000": 31, "1616": 108, "16175000000": 69, "1617904": 116, "1619": 33, "1619242z": 78, "162": 117, "1620135639049": 98, "1620135756543": 98, "1620136029037": 98, "1620136030991": 98, "1621": 78, "1621110044": [60, 127], "1621110044000": 127, "1621110762055": 60, "1621111014529": [60, 127], "1621111014796": 60, "1621111014807": 60, "1621111014823": 60, "1624": 108, "1627118z": 78, "1627504677387": 98, "1628088276589": 98, "1628088276613": 98, "1628089162522": 98, "1628689003000": 78, "16299": 24, "163": 25, "1630434600000": 55, "1632940200000": 55, "1635284430000": 78, "1635298055000": 78, "1635305029000": 78, "16357e1d092e5bb95b84beca70d06182": 117, "1638585706": 88, "1638827701814": 124, "164": [78, 104], "1640": 108, "16402": 69, "1641490099338": 124, "1641507308926": 124, "1641511563361": 124, "1641515897058": 124, "1641516046817": 124, "1641516166266": 124, "1641572735756": 124, "1641584158260": 124, "1641df58c1027a00f670d41491a2eecff931604c": 116, "16421859": 146, "1642522089472": 119, "1642522493078": 119, "1643922138662": 127, "1643922148213": 127, "1644": 85, "1644418320000": 43, "1644418537403": 43, "1644418590000": 43, "1644514002331": 43, "1644540480000": 43, "1644556530000": 43, "1644642690000": 43, "1645039833651": 127, "1645039847583": 127, "1646045416014": 43, "1646046972271": 43, "1646057145000": 35, "1646064909025": 43, "1646067593000": 35, "1646081506000": 35, "1646103998739": 127, "1646142354974": 127, "1646559540000": 43, "1646741073": 43, "1646741073962": 43, "1647051270000": 43, "1647052200000": 43, "1647052260000": 43, "1647052291076": 43, "1647461667230": 127, "1647529122634": 127, "1647656040000": 43, "1647974941312": 127, "1647975098216": 127, "1647975111873": 127, "1648": 85, "16482": 131, "1648766753651": 124, "1648766815969": 124, "1648766937000": 124, "1648766970800": 124, "1648766970821": 124, "1648766971173": 124, "1648766971394": 124, "1648766971895": 124, "1648766978004": 124, "1648839797719": 127, "1648839806477": 127, "1649664993": 187, "1649700668706": 127, "1649858935196": 127, "1649858943997": 127, "1649866540057": 43, "165": 92, "16509": [15, 37], "1651000728764": 127, "1651000737927": 127, "1651092229697": 127, "1651264262077": 127, "1651264273600": 127, "1651691640": 187, "1651691640500": 187, "1651691640526": 187, "1651691640529": 187, "1651691640536": 187, "1652310000000": 43, "1652711350410": 43, "1652814527143": 127, "1653": 74, "1653512178112": 127, "1653580063528": 127, "1654018496000": 36, "1654018816842": 36, "1654019072126": 36, "1654019149216": 36, "16543836": 106, "1654449209109": 98, "1654449307735": 98, "1654784513368": 98, "1654784551755": 98, "1655401056967": 88, "1655912228120": 127, "1655912245009": 127, "1655924984252": 127, "1655938800000": 41, "1656025200000": 41, "1656527528505": 127, "1656527541659": 127, "1656922592": 187, "16570": 144, "165799618": 131, "1659": 104, "1659629011957": [102, 186], "1659636230480": [102, 186], "1660155959409": 127, "1660155971260": 127, "1660245674318": 127, "1660245680733": 127, "1660460491": 144, "1660857629": 102, "1661269393325": 127, "1661280682539": 127, "1661281207911": 127, "1661346194202": 127, "1661346206429": 127, "1661447571753": 127, "1661452332000": 127, "1661800148708": 127, "1661800169751": 127, "1661960193764": 136, "1661960247501": 136, "1661986800000": 136, "1662747629777": 127, "1663093285999": 127, "1663093296645": 127, "1663093337313": 127, "1663177933110": 127, "1663188001122": 127, "1663207315000": 35, "1663207316000": 35, "1663207327000": 35, "1663207328000": 35, "1663207329000": 35, "1663207439360": 35, "1663297952673": 127, "1663297953098": 127, "1663610449718": 127, "1663610451616": 127, "1663613729686": 127, "1663640024209": 127, "1663699613661": 127, "1663772427768": 127, "1663775473530": 127, "1663775473887": 127, "1663775473899": 127, "1664985063447": 103, "1664985074580": 103, "1664985082192": 103, "1664985084816": 103, "1664985084945": 103, "1664985085853": 103, "1665475200000": 35, "1665475311000": 35, "1665511200000": 35, "1665514495000": 35, "1665514547000": 35, "1666275945000": 103, "1666597836648": 108, "1666598992258": 108, "1668": 116, "1668114000000": 35, "1668115594000": 35, "1668116335000": 35, "1668701555901": 108, "1669939200000": 46, "167": [104, 106, 124], "1670358847912": 98, "1670358848570": 98, "1670525357163": 98, "1670525394754": 98, "1670525432909": 98, "1670525439544": 98, "1670526072229": 98, "1670526109555": 98, "1670527039368": 98, "1670527044772": 98, "1670531754434": 98, "1670531755495": 98, "1670532061516": 98, "1675879964337": 103, "1677": 116, "1677188203275": 85, "1677188204773": 85, "1677189332024": 85, "1677189333668": 85, "1677190301863": 85, "1677190302277": 85, "1679659237000": 41, "1679662837000": 41, "168": [1, 9, 24, 25, 33, 35, 37, 38, 43, 85, 100, 102, 104, 114, 117, 124, 186], "1680": 108, "1682950996": 144, "1684083481": 144, "1684169881": 144, "1684173210301": 133, "1684173230796": 133, "1684173756348": 133, "1684173785": 188, "1684855729": 144, "1684856030": 144, "1684861081": 144, "1684861082": 144, "1684875206": 144, "1685": 117, "1685641888": 188, "1685642188": 188, "1685653164": 188, "1687881600000": 42, "1687885200000": 42, "16898": 43, "1689857454562": 108, "1689857459354": 108, "1689857459360": 108, "1689857462103": 108, "1689857462246": 108, "1689857462248": 108, "1689857462267": 108, "1689857462392": 108, "1689857462441": 108, "1689857463992": 108, "1689857464035": 108, "1689857464115": 108, "1689857464133": 108, "1689857464195": 108, "1689857464228": 108, "1689857464259": 108, "1689857464267": 108, "1689857464268": 108, "1689857464271": 108, "1689857464280": 108, "1689857464309": 108, "1689857464312": 108, "1689857464343": 108, "1689857464376": 108, "1689857464379": 108, "1689857464387": 108, "1689857464388": 108, "1689857464398": 108, "1689857464411": 108, "1689857464425": 108, "1689857464449": 108, "1689857464451": 108, "1689857464523": 108, "1689857464552": 108, "1689857464579": 108, "1689857464599": 108, "1689857464610": 108, "1689857464635": 108, "1689857466649": 108, "1689857473991": 108, "1689857485108": 108, "1689857485129": 108, "1689857485156": 108, "1689857485158": 108, "1689857485164": 108, "1689857485165": 108, "1689857485166": 108, "1689857485168": 108, "1689857485170": 108, "1689857485175": 108, "1689857485176": 108, "1689857485181": 108, "1689857485184": 108, "1689857485250": 108, "1689857485278": 108, "1689857485381": 108, "1689857485735": 108, "1689857485768": 108, "1689857485773": 108, "1689857486284": 108, "1689857486681": 108, "1689857486795": 108, "1689857489492": 108, "1689857491007": 108, "1689857606087": 108, "1689857606810": 108, "1689857606921": 108, "1689857606989": 108, "1689857611856": 108, "1689857612336": 108, "1689859046435": 108, "16899": 43, "1689943866540": 108, "169": [91, 108, 117, 124], "1690280518291": 108, "1690280536000": 108, "1690280536643": 108, "1690339871083": 108, "1691389665926": 108, "1691389806319": 108, "1691389806467": 108, "1691389806476": 108, "1691389806491": 108, "1691389806500": 108, "1691389806514": 108, "1691389806738": 108, "1691389806743": 108, "1691389806757": 108, "1692024049238": 19, "1692967200000": 19, "1693316401": 129, "1693316423": 129, "1693442727342": 109, "1693442727362": 109, "1693454400000": 109, "1693550078786": 104, "1694498079793": 104, "1694502585199": 104, "1694502641647": 104, "1698294000000": 74, "1698308400000": 74, "16b0": 108, "16bd57d07f5f": 98, "16c0e5842d7d": 79, "16t07": [57, 185], "16t09": 150, "16t11": 24, "16t14": 49, "16t17": 49, "16t18": 113, "16t22": 188, "16t23": 37, "16x16": 64, "16z": 46, "17": [7, 11, 13, 16, 19, 24, 32, 39, 43, 46, 47, 49, 51, 60, 63, 67, 69, 74, 76, 77, 78, 85, 90, 96, 102, 107, 108, 113, 114, 116, 117, 124, 127, 130, 131, 146, 148, 152, 186, 187], "170": 146, "1701": 117, "1701370203": 81, "1701876293": 81, "1701876329": 81, "1701876675": 81, "1701876712": 81, "1701877013": 81, "1705": 127, "17051": 43, "1708": 20, "1708705700642": 66, "171": 124, "1711492873000": 104, "1711492873201": 104, "1712762989000": 80, "1713464714559": 104, "1713465658000": 104, "1716": 108, "1717004932": 24, "1717004932523748810": 24, "1717014382": 24, "1717014382449028169": 24, "1717014714": 24, "1717014714006451188": 24, "1717078699748": 103, "1717078700653": 103, "1717078701655": 103, "1717078704658": 103, "1717078705660": 103, "17171717171717171717": 24, "1718202925831": 146, "1719237689000": 103, "1719408628134": 117, "1719408628197": 117, "1719408684432": 117, "1719408684497": 117, "1719408684510": 117, "1719408684535": 117, "1719408684567": 117, "1719408684587": 117, "1719408684636": 117, "1719408684638": 117, "172": [13, 108, 117, 150], "1720451135816": 117, "1720506552652": 117, "1720622406545": 117, "1721051528927": 117, "1721051552300": 117, "1721052502000": 117, "1722345439000": 130, "1722370640": 130, "1722370665323": 130, "1722608134438": 8, "1723": 117, "1723134275": 130, "1723134275877": 130, "1723134278": 130, "1723134354974": 130, "1723561216000": 117, "1724225880000": 117, "1724243995809": 117, "1724243995817": 117, "1724243995822": 117, "1725": 19, "173": [13, 36, 148], "17384": 108, "17390": 15, "173pje0": 52, "1748": 64, "175": [43, 69, 187], "17558": 43, "1756": 108, "176": [24, 98], "177": [136, 153], "177z": 146, "1781": 127, "1784": 146, "1786": 108, "179": [43, 124], "1790000": 142, "1791": 117, "17979961": 185, "17c2b65f73ba0d975e9d24d446a9e91c": 107, "17t01": 37, "17t15": 113, "17t17": 24, "17t18": 113, "17t19": 113, "17t20": 108, "17t22": 72, "18": [7, 13, 15, 16, 24, 30, 33, 35, 38, 43, 46, 47, 57, 59, 69, 72, 78, 91, 96, 99, 104, 106, 107, 108, 111, 113, 116, 117, 118, 121, 124, 127, 130, 131, 138, 146, 148, 149, 150, 155, 157, 159, 185, 188], "1800": [65, 108, 117], "180022": 78, "180520": 127, "1806": 78, "18156": 117, "182": 35, "1820": 108, "18231": 117, "18234": 117, "1824": 113, "182z": 107, "184": [27, 85, 102, 144, 186], "185": [42, 43, 72], "1851": [38, 59], "186": [1, 35, 43, 85], "1864672286443784304": 130, "187": 98, "1870": 144, "1874": 59, "188": [24, 78], "1889": [59, 108], "189": 108, "1893": 144, "18d10049": 133, "18f24955d1f242a59f550f52c7bc09d08e423552774674058511cefc": 127, "18m": 185, "18t00": [69, 79], "18t02": 24, "18t08": 42, "18t13": 37, "18t15": 37, "18t17": 146, "18t18": 78, "18t19": 182, "18t20": 113, "18t21": 102, "18z": 42, "19": [7, 8, 11, 15, 16, 19, 24, 27, 30, 41, 42, 43, 46, 47, 49, 53, 54, 65, 67, 71, 72, 74, 78, 80, 81, 85, 86, 87, 89, 91, 104, 108, 109, 116, 117, 119, 124, 127, 130, 133, 144, 146, 148, 149, 153, 159, 182, 185, 187], "190": [24, 102, 146], "1900": [33, 108, 117], "190199": 41, "19041": 78, "19042": 78, "19044": [24, 78], "19076": 107, "1908": 108, "191": [43, 187], "19139": 130, "191e13df": 10, "192": [1, 9, 24, 25, 33, 36, 37, 38, 43, 85, 100, 102, 104, 114, 117, 124, 150, 186], "192512": 78, "1927197486": 67, "193": [102, 186], "1932": 108, "1938": [43, 106], "194": [13, 43, 59, 124], "194345": 13, "19449": 21, "1944968518": 78, "1946": 144, "195": 43, "1950": 78, "195b0d8736e2af4": 24, "196": [88, 98, 124], "1963": 74, "1967": 91, "197": [78, 124], "1971": [32, 119], "1977": 88, "19781": 43, "19788354530": 138, "19794": 146, "197ea851916f": 81, "198": [15, 102, 124], "1982": 152, "1986": [96, 149], "1987": 96, "19876543211": 17, "1988j": 153, "199": [2, 35], "1992": 144, "1995": 144, "1996": 116, "1999": 96, "19b3": 24, "19b6e398092e5bb96a30e07e951fe96b": 117, "19cfd1c7": 39, "19t03": 78, "1_x": 137, "1ab2ef34gh56ijklm012n3abc4": 43, "1ab_2abcdefghij3abababcd": 157, "1ac32478198ae72153801c58d2e437f27827f434fd810ae8d6ec6bc8f54350fb": 117, "1ac55df2": 39, "1b5e": [78, 79], "1b769c6a": 98, "1b8a0bf3b456": 98, "1bc9748133eb": 124, "1bm": 85, "1c22e8d1": 157, "1c3": [187, 188], "1c4cb36b092e5bb936229e50775a9e56": 117, "1c8161de092e5bb97e3f195bafb5dbb1": 117, "1c943a98887754f364fafaa1da3ac56e0e0875a9": 46, "1ca9d4f37dd94ca88a9d93d09402e3d3": 117, "1cae": 80, "1d": [108, 114, 138], "1d00d8d6d9ac": 64, "1d8a5928": 133, "1da8f6c97aa305d": 146, "1da8f6c9a23e47a": 146, "1daac4e9610e992": 146, "1daac5135bc76a4": 146, "1dai": 72, "1dcc300ae441": 103, "1e": 24, "1e100": 13, "1e6": 111, "1e7af7f99e15": 81, "1ea9": 85, "1eaa9dac99144c61b699d7f3aed52106": 42, "1f016d66": 80, "1f017068": 80, "1f01df97": 80, "1f21": 59, "1fd9269d": 126, "1ff0feca092e5bb95e6efb78588bd500": 117, "1fnn": 153, "1gb": 182, "1h": [93, 138], "1px": 58, "1pyltptmw7f8v": 85, "1q0": 111, "1qlozag": 98, "1rc0": 42, "1ser13eglydjvpkxruufqner1mn6": 98, "1st": [107, 117], "1ze5k0aqbyamceg8z2f3oqe159taephbmeft6qd3nctdywi2jw3migctfiq7rdy3qwvx9pikhn3yxheyuxmru": 98, "2": [1, 2, 3, 7, 8, 10, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 27, 28, 29, 31, 32, 33, 34, 35, 37, 39, 41, 43, 44, 46, 47, 48, 49, 50, 51, 53, 54, 55, 57, 58, 59, 60, 61, 62, 64, 65, 70, 71, 72, 77, 79, 80, 82, 84, 85, 86, 87, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 106, 107, 109, 110, 112, 113, 116, 119, 122, 123, 124, 126, 127, 129, 130, 131, 136, 137, 138, 141, 142, 143, 144, 147, 148, 149, 150, 152, 153, 154, 155, 160, 163, 167, 168, 172, 179, 180, 182, 183, 185, 186, 187, 188, 190, 191], "20": [1, 7, 16, 19, 30, 37, 41, 42, 55, 59, 64, 67, 70, 72, 74, 76, 78, 79, 85, 88, 89, 94, 96, 99, 103, 106, 107, 108, 109, 113, 114, 116, 117, 121, 126, 127, 131, 146, 149, 152, 153, 181, 183, 187, 188], "200": [19, 20, 23, 24, 27, 35, 42, 43, 69, 88, 104, 108, 111, 113, 117, 133, 137, 150, 187], "2000": [42, 57, 96, 102, 124, 182, 187], "20000002": 119, "20000324": 150, "20001": 59, "2001": [96, 98, 188], "2002": 150, "2003": [43, 96], "2004": 96, "2005": 96, "2007": 108, "2008": [34, 43, 96], "2009": [116, 124], "200x72px": 4, "201": [30, 60, 69, 88, 98, 111, 127, 133, 137], "2010": [13, 18, 25, 46, 56, 78, 79, 91, 96, 116, 130, 131, 137, 146], "20100524": 98, "2011": [48, 96, 108, 146], "2012": [96, 117], "2014": [96, 187], "2015": [17, 19, 57, 96, 102, 153, 167, 185], "2016": [41, 74, 122, 192], "20160": 130, "2017": [16, 24, 37, 43, 54, 57, 78, 153, 185], "20170525": 44, "2018": [17, 20, 22, 24, 27, 28, 31, 32, 37, 38, 41, 43, 45, 54, 57, 58, 64, 65, 67, 70, 74, 77, 79, 87, 90, 93, 94, 96, 102, 104, 129, 147, 148, 149, 153, 185, 188], "2019": [0, 8, 11, 16, 20, 24, 27, 33, 34, 36, 38, 42, 43, 47, 53, 57, 64, 67, 69, 74, 78, 82, 84, 85, 87, 89, 96, 99, 102, 104, 106, 108, 114, 117, 129, 130, 131, 133, 141, 147, 149, 150, 153, 159, 180, 181, 182, 185, 191], "202": [13, 69, 98, 111, 116], "2020": [10, 12, 13, 15, 16, 20, 24, 27, 30, 34, 36, 41, 42, 43, 45, 55, 56, 57, 59, 60, 63, 64, 65, 67, 72, 74, 76, 77, 78, 79, 82, 85, 87, 88, 89, 90, 99, 102, 103, 104, 106, 109, 112, 114, 117, 129, 131, 138, 141, 143, 144, 150, 151, 153, 180, 181, 184, 191], "20200812163012": 10, "2021": [11, 12, 13, 15, 17, 22, 25, 28, 31, 32, 36, 41, 42, 43, 47, 53, 55, 58, 60, 66, 67, 77, 78, 79, 80, 84, 85, 88, 89, 93, 94, 96, 98, 103, 104, 106, 109, 110, 112, 114, 116, 131, 143, 147, 148, 150, 151, 153, 155, 167, 191], "2022": [7, 19, 20, 24, 25, 35, 36, 39, 41, 43, 46, 47, 49, 51, 53, 57, 59, 64, 65, 67, 72, 74, 78, 79, 80, 85, 86, 87, 88, 89, 90, 91, 92, 96, 97, 98, 102, 103, 104, 106, 108, 110, 114, 116, 117, 122, 124, 127, 129, 131, 133, 136, 143, 144, 146, 148, 150, 154, 155, 157, 167, 180, 184, 185, 186, 187, 189, 190, 191], "20220808": 20, "2022091285": 144, "2023": [2, 7, 13, 18, 19, 20, 21, 22, 24, 25, 32, 36, 41, 42, 43, 47, 49, 53, 60, 64, 66, 67, 72, 74, 78, 80, 81, 85, 88, 89, 90, 91, 96, 98, 99, 103, 104, 107, 108, 109, 111, 112, 113, 114, 116, 117, 126, 127, 129, 130, 133, 137, 143, 144, 146, 152, 153, 167, 188, 190, 191], "20231219": 107, "2024": [8, 11, 15, 16, 18, 24, 42, 64, 66, 67, 74, 78, 79, 80, 87, 88, 89, 90, 91, 102, 103, 104, 107, 110, 111, 112, 113, 117, 124, 126, 127, 130, 131, 136, 141, 144, 146, 150, 152, 155, 167, 168, 179, 180, 181, 183, 184, 188], "2028": 108, "203": [56, 69, 77, 98], "2030": 133, "2032": 133, "2034": 152, "2038": [117, 133], "20395": 43, "204": [19, 59, 89, 133, 148], "2041": 117, "2048": [144, 188], "205": [69, 77], "2051": 76, "2058": 15, "2059": 0, "206": [42, 43, 102, 149, 150, 186], "206046519": 146, "20693": 144, "207": 150, "20761": 187, "208": [89, 150], "2081b9f668d8": 98, "2083895740": 188, "2086": 92, "20888": 187, "209": [13, 15], "2094": 42, "20946": 24, "2095": [28, 98, 111, 127, 182], "2096": [127, 138, 148], "2097": [38, 108, 127], "2098": [86, 127], "2098277": 77, "2099": [42, 127], "2099055": 80, "2099068": 80, "20and": 79, "20eeee16345e0c1283f7b500126350cb938b8570": 24, "20eq": 79, "20ge": 79, "20h2": 78, "20le": 79, "20px": [102, 186], "20t08": 130, "20t10": 188, "20t12": 153, "20t19": 146, "20user": 79, "21": [7, 8, 13, 16, 18, 19, 24, 33, 35, 37, 39, 41, 42, 43, 67, 69, 74, 77, 78, 79, 88, 99, 103, 104, 106, 108, 109, 114, 116, 117, 124, 125, 130, 131, 133, 138, 146, 168, 188], "2100": [90, 98, 127, 183], "2101": [98, 127], "2101652": 77, "2102": [42, 127], "2102165": 77, "2103": [126, 127], "2104": [88, 127, 159], "210476652": 146, "2105": [38, 103, 119], "2106": 60, "2107": [60, 65, 127], "2108": [113, 127], "2108222": 37, "210z": 94, "211": [43, 98, 108, 116], "2110": 127, "2111": [20, 98, 103, 127], "2111893": 77, "2112": 127, "2113": 127, "2114": [15, 47, 127], "2114965": 77, "2115": 42, "2116": 108, "2117": 119, "2118": 42, "2119": 35, "212": 43, "2120": 133, "2120340": 77, "21204": 108, "2121": [80, 133], "2122": 133, "2123156": 77, "212389492": 146, "2124": 108, "2125": 91, "2129121": 80, "213": [119, 146], "2133": 117, "2134902792": 77, "2139": 88, "2139285": 77, "214": [24, 43, 64, 102, 104, 186], "2140": 98, "2144": 18, "2147": 63, "2147483648": 19, "214866": 108, "2148_abc": 124, "215": [98, 114, 150], "2151": [22, 108], "2152": 46, "2154": 108, "21556": 144, "216": [13, 27, 43, 144], "21600": 144, "216150104097": 49, "216172786408751223": 77, "2167": 130, "2168": 15, "21684382": 54, "217": 13, "2174808": 80, "2175008768": 127, "2176": 98, "218": [13, 43], "21848": 107, "2186": 146, "2188": 108, "219": 107, "2190": 49, "21907": 43, "2195": 107, "21972": 43, "21974": 43, "21985": 43, "2199": 113, "21h2": 78, "21t17": 37, "21t18": [19, 185], "21z": [39, 42, 90, 185], "22": [7, 13, 16, 19, 21, 24, 32, 33, 35, 37, 43, 47, 49, 60, 65, 67, 74, 77, 78, 84, 89, 98, 102, 104, 106, 108, 113, 116, 117, 124, 126, 144, 146, 153, 187, 188], "220": [13, 43, 144], "22005": 43, "22006": 43, "22022": 97, "2203": 19, "2209": 80, "221": 24, "2211": 107, "22139496": 78, "2219": [109, 114], "222": [24, 129], "2220": 107, "22205": 43, "2222": [19, 24, 183], "22231234": 148, "2225": 114, "2228": 107, "223": [72, 102, 130, 146, 186], "2230": 64, "2231": 64, "2237": 117, "224": [117, 173], "2247": 46, "2248": [49, 108], "224z": [39, 153], "225": [24, 113, 146, 187], "22507": 108, "2251251": 28, "2251401": 119, "2253": 98, "226": [7, 24, 30, 116], "2264": 146, "226874z": 78, "2269": 36, "226915": 117, "226955z": 152, "227": 74, "2271": 46, "2280": 146, "2281512608": 133, "228481z": 152, "2288": 108, "22893": 43, "228b22": 41, "229": [107, 108], "22947": 43, "2295449033841068855": 130, "22963": 43, "22965": 43, "22986": 43, "22991": 43, "22t04": [42, 102], "22t07": 74, "22t09": 108, "22t12": 19, "22t14": 146, "22t16": 24, "22t17": 153, "22t19": 146, "22t20": [78, 106], "22t23": 107, "22z": [42, 46, 90], "23": [7, 15, 16, 19, 24, 25, 33, 39, 42, 43, 49, 55, 56, 59, 63, 67, 69, 71, 74, 78, 84, 85, 86, 88, 91, 106, 108, 109, 111, 113, 114, 116, 117, 124, 127, 129, 131, 133, 137, 144, 146, 154, 188, 191], "230400": 146, "23050": 108, "231": 108, "2312": 113, "232": [74, 98, 104], "233": 13, "2334": 116, "2336799_domain_com": 144, "2338": 116, "234": [78, 124], "2344": 108, "234z": 107, "235": 124, "2357": 113, "23596a1e546d7c2aaa48e72c615bb1d72690da5559454acda41c4eb7ab07b2cf": 108, "235e": [102, 103, 186], "236": [74, 78, 85], "2360": 46, "236155": 117, "237": [3, 43, 89, 187], "238": 24, "2386": 15, "2387": 64, "2389": 117, "23899461092e5bb937223fcf3a0605e3": 117, "239": [13, 35, 64, 117], "23908": 15, "2391": 74, "239z": 39, "23db6760": 2, "23pm": 131, "23t07": 78, "23t11": 153, "23t14": 39, "23t16": 69, "23t17": 49, "23z": [42, 46], "24": [0, 13, 16, 18, 19, 20, 21, 24, 25, 33, 35, 37, 41, 43, 46, 49, 55, 70, 74, 78, 81, 91, 94, 98, 103, 104, 107, 108, 114, 117, 124, 129, 130, 137, 146, 148, 150, 167, 188], "240": 24, "2400": [117, 124], "240820001": 117, "240820021": 117, "240820081": 117, "24093702": 54, "241": 43, "242": [46, 116], "242a": 98, "2438340": 122, "243c35935ecc9829f30b30c45839cbf6": 122, "244ad4": 78, "245": [21, 24, 35], "245007": 65, "246": 104, "247": [46, 130], "248": [104, 144], "249": [24, 46], "24906": 18, "24939717": 19, "24t06": 90, "24t07": 90, "24t14": 90, "24t15": 19, "24t16": 49, "24x24": 64, "25": [10, 16, 19, 21, 24, 28, 42, 49, 55, 59, 64, 69, 78, 79, 83, 88, 89, 90, 91, 99, 102, 103, 104, 106, 108, 113, 116, 117, 122, 124, 130, 138, 146, 150, 159, 183, 187, 188, 191], "250": [69, 98], "2500608": 167, "25029": 117, "250429": 67, "251": [69, 78, 91], "2516895378499999999_c01aa88b": 80, "2517531803999999999_eb4f270a": 79, "2522": 113, "25238": 130, "2525": 88, "25265": 127, "2529": 43, "25291d90954c476d86c6fb2db38d7d72": 33, "252f": 106, "253": 46, "253125": 106, "2533333": 19, "2534": 76, "2535": 103, "254": [41, 117], "255": [24, 104, 117, 150], "25577": 43, "25583": 43, "256": [24, 33, 77, 78, 81, 102, 108, 113, 117, 127, 129, 144, 146, 173, 183, 188], "25623": 74, "25675937z": 33, "2578565a": 78, "2588b11a": 116, "258z": 107, "259": 63, "2592000": [13, 187], "25923177804": 148, "259357470209": 49, "25967357926": 148, "25c8": 144, "25e4": 98, "25mb": 182, "25t08": [19, 185], "25t09": 108, "25t10": 108, "25t12": 19, "25t13": 15, "25t14": 88, "25t20": 78, "26": [8, 13, 15, 16, 18, 20, 24, 35, 55, 74, 78, 79, 80, 102, 106, 108, 109, 113, 116, 117, 124, 130, 133, 146, 186], "260": [46, 98, 116], "2606": 144, "26084": 43, "2610ee49440fe757e3cc4e46e5b40819": 96, "262": [106, 113], "2624755629": 127, "263": 107, "2638443927": 67, "264": [117, 124], "2640": 106, "26432": 43, "2649763z": 79, "265": [78, 113], "2652": 108, "2653": 46, "2655451366": 133, "2666667": 19, "2668": 108, "267": [35, 46], "2671": 55, "2675": 106, "2677204": 88, "2680": 108, "26877": 43, "26897": 43, "26c1297f39175f4b401ebf74e3e5ce49775ba7720f5cce375cabff28cd3b18511a8d9463c1c9f8c85a0cd6d9133b1e5d6486d1054946b2379e4dcafa1d91cc27": 127, "26d58032ae40": 129, "26t03": 42, "26t04": 42, "26t10": 185, "26t13": 116, "26t15": 15, "26t20": [78, 146], "26t21": 78, "26t23": [57, 185], "26z": 42, "27": [7, 10, 13, 16, 19, 22, 24, 30, 32, 35, 46, 57, 69, 77, 78, 86, 96, 98, 108, 109, 114, 116, 117, 124, 137, 185, 187], "271": 124, "2714598076": 67, "272": 108, "273f9600ddee78a52891b2e4bbd0b7e6929459a3": 46, "2740086": 47, "2755b843": 106, "275ab471": 108, "276": 127, "27684": 187, "277": 116, "278": 98, "2788": 80, "279": 124, "27945a7fd8c": 106, "2795": 109, "2796": 109, "2797": 109, "2798": 109, "2799": 109, "27bf": 80, "27dc3b5f9bf2": 106, "27t00": 108, "27t01": 78, "27t03": 78, "27t12": [42, 78, 131], "27t13": 42, "27t17": 78, "27t18": 78, "27t20": 78, "27z": [24, 185], "28": [15, 16, 24, 41, 43, 47, 49, 54, 78, 80, 86, 87, 97, 98, 104, 106, 107, 108, 111, 113, 114, 116, 117, 119, 124, 126, 127, 130, 131, 137, 153, 159], "2800": [63, 109, 144], "2801": 109, "2802": 109, "2808": 108, "28131": 18, "282": [102, 186], "282100": [102, 186], "2825": 108, "2828": 108, "28324": 43, "2834": 42, "2839": 127, "2844": [38, 185], "2844breach": 185, "2848": 98, "285": 124, "2853": 124, "286": 124, "2862": 99, "2865": 35, "2868": 15, "2869": 117, "2875365": 65, "288": [108, 187], "288z": 37, "28965": 88, "28bd98610a29": 130, "28f65659": 64, "28t14": 66, "28t20": [107, 108], "28z": [46, 90], "29": [10, 16, 18, 19, 24, 35, 43, 46, 63, 78, 80, 84, 89, 91, 98, 103, 106, 107, 108, 109, 113, 117, 119, 129, 131, 138, 146, 148, 153, 167, 187], "2906506361": 133, "291": 35, "2912": 108, "29154": 106, "291z": 108, "292": 188, "2929171z": 78, "2936799z": 42, "2943": 108, "294e17c9092e5bb92aafdcfc6af01270": 117, "295": 33, "2952": 108, "296c": 24, "298": [7, 124], "2984": 108, "299": 46, "29ajsiap1141965": 91, "29d0": 146, "29d29d15d29d29d21c42d42d0000003014e6e1a0bc19438ed392b132659e77": 144, "29d3fd00029d29d00042d43d00041d598ac0c1012db967bb1ad0ff2491b3a": 188, "29d61af7163": 85, "29es1": 153, "29ok1bwgtwnrp1xwvxfyiol9rwlafmjf75": 187, "29raeyox0gswv": 85, "29t00": 24, "29t14": 130, "29t15": 146, "29t17": 24, "29t19": 124, "29t20": [24, 106], "29z": [90, 188], "2_amd64": 192, "2_i386": 192, "2a00": 187, "2a02fe6a5840": [102, 186], "2a58b28a880eab0ddc23d856e4871a69": 153, "2a59908315b3": 78, "2a5aff984283": 106, "2a75e6631e25ac1c998747ba1fd7dfac679ddc85": 46, "2a8419c4": 130, "2a94aaf80aa31094790ce40da6fdfc03a9a145c5": 78, "2af5": 98, "2b6699ac8a3976b67dfbddee26dbe3a5": 192, "2b9b9b9b9b9": 107, "2bba": 74, "2bjaaa": 42, "2bkaaa": 42, "2blaaa": 42, "2bmaaa": 42, "2bnaaa": 42, "2boaaa": 42, "2brsxw54": 111, "2c": 108, "2c47": 127, "2c7e70b08": 188, "2caeedb5092e5bb9462d7353add2908c": 117, "2cfc976767db44422e9281fb012845a2": 64, "2d05": 78, "2dforc": 43, "2e": 116, "2e1760254114": 99, "2e3760ce9fe8aaafbf41ce0eac49d0a9bf9b030d8840192ce053ff0b52d04b39": 38, "2ed7": 80, "2efa3": [88, 157], "2f": [35, 49, 64, 88, 157], "2f0aa046d48c": 72, "2f4ac158": [102, 186], "2f7qz33ra88bxme3gtzpelp": 98, "2f96536a092e5bb900fbb64ba54b9c2b": 117, "2fa": 88, "2fa86473c517": 102, "2favatar": 64, "2fc9": 102, "2fcallback": [88, 157], "2fe8aaa0ucmsaaa": 42, "2fe8aaa0uetzaaa": 42, "2fe8aaa0ugb5aaa": 42, "2fe8aaaaaaejaadi5xky9khuq48uewaxv": 42, "2fe8aaaaaaekaadi5xky9khuq48uewaxv": 42, "2fe8aaaaaaemaadi5xky9khuq48uewaxv": 42, "2fe8aaaaaaenaadi5xky9khuq48uewaxv": 42, "2fe8aaaaaaetaadi5xky9khuq48uewaxv": 42, "2fe8aaab6qy8aaa": 42, "2fe8aaapggugaaa": 42, "2fe8aaapgk": 42, "2fe8aaapgmcoaaa": 42, "2fe8aaapgmcpaaa": 42, "2fe8aaapgmcqaaa": 42, "2fe8aaapgmcraaa": 42, "2fe8aaapgtroaaa": 42, "2fe8aaavnld2aaa": 42, "2fe8aaavnld3aaa": 42, "2fe8aaavnld4aaa": 42, "2fe8aaavnld5aaa": 42, "2fe8aaavnld6aaa": 42, "2fe8aaavnlomaaa": 42, "2fe8aaavnlonaaa": 42, "2fe8aaavnlooaaa": 42, "2fe8aaavnlopaaa": 42, "2fe8aaavnloqaaa": 42, "2ffind": 49, "2finiti": 64, "2flocalhost": [88, 157], "2fmail": [88, 157], "2fr": 64, "2fsourc": 49, "2gb": 182, "2hbv": 111, "2lotuxhdmcntlgup8skhm0iip6akubl5pifbbu3snxt1roxrywjcwyp364aacaasurbvhja7j3ttxplhsejjdng5cobkhw4yixuapcqs1hwfuybmgkicdg": 187, "2m": 114, "2nd": 98, "3": [2, 3, 7, 8, 10, 11, 12, 14, 15, 16, 17, 19, 20, 21, 24, 27, 28, 29, 30, 32, 33, 35, 36, 37, 38, 39, 41, 43, 44, 47, 48, 49, 51, 53, 54, 55, 57, 58, 59, 60, 62, 63, 65, 66, 67, 69, 70, 71, 72, 74, 77, 78, 79, 80, 82, 84, 85, 86, 87, 88, 90, 92, 96, 97, 98, 99, 102, 106, 107, 109, 110, 112, 113, 114, 117, 119, 122, 124, 125, 126, 127, 129, 131, 133, 136, 137, 141, 142, 143, 144, 147, 148, 150, 151, 152, 153, 154, 155, 157, 160, 163, 167, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189], "30": [2, 3, 7, 10, 11, 12, 15, 16, 17, 19, 20, 21, 22, 23, 25, 27, 28, 31, 34, 35, 36, 39, 42, 43, 44, 46, 53, 55, 57, 58, 60, 61, 64, 65, 67, 68, 69, 70, 73, 74, 75, 76, 77, 78, 80, 81, 84, 87, 88, 93, 94, 95, 98, 99, 101, 106, 107, 108, 109, 110, 114, 115, 116, 117, 119, 122, 126, 130, 131, 133, 134, 136, 138, 140, 143, 145, 146, 151, 155, 157, 161, 180, 187], "300": [23, 35, 51, 90, 102, 103, 111, 113, 142, 186], "3000": [35, 117, 123], "30000001": 69, "30000001_qs1uuu5": 69, "30025": 107, "301": 13, "302": [76, 185, 187], "30201": 24, "3023": 16, "302456832": 117, "302fbea868fdefa5c8c1da79b3f98e32": 187, "30347ecb": 72, "305": [76, 78, 111], "3055": 43, "306": 98, "30624": 19, "307": 10, "3072ad5a": 98, "308": [13, 113], "3080": 43, "30909": 78, "3092": 108, "30d": [136, 143], "30t04": 42, "30t07": [42, 153], "30t13": [19, 130], "30t14": 130, "30t20": 130, "30z": [39, 90, 185], "31": [3, 8, 11, 13, 15, 16, 19, 24, 35, 36, 42, 43, 46, 49, 60, 63, 64, 67, 74, 77, 78, 81, 84, 85, 88, 89, 90, 104, 107, 108, 109, 113, 117, 120, 124, 130, 131, 136, 146, 148, 188, 191], "3100": 108, "3108": 108, "3116": 108, "31166": 43, "3118": 67, "31181": 43, "312": [78, 124], "3124": 108, "3128": [22, 29, 64, 89, 149], "313": 108, "3136": 108, "314": 108, "3145654620": 127, "3148": 108, "315": 108, "3156": 108, "316": 108, "3164": 108, "3172": 133, "3176": 108, "3176713z": 78, "3184": 108, "3187": 77, "3191": 98, "319z": 78, "31ab03c62b67b4d4162d9c5d92212cd732cc664ec65926c938c71c30d731f53f": 108, "31t00": 72, "31t09": 64, "31t11": 106, "31t12": 64, "31t16": 146, "31t18": 106, "31t20": 124, "31t21": 124, "31t22": [78, 124], "31t23": 78, "31z": [42, 46, 144], "32": [3, 7, 10, 13, 15, 24, 33, 35, 41, 43, 46, 49, 61, 66, 67, 69, 71, 74, 78, 81, 82, 88, 89, 90, 102, 106, 107, 108, 113, 117, 131, 138, 146, 150, 153, 161, 186], "3200": 108, "32000": 182, "3208": 148, "3210": 74, "32120969ccb74e5382fd587417e23e1c": 146, "3213": 106, "3217": 91, "3220": 19, "3229314z": 78, "322d20bf": 133, "3232": 54, "32322": 78, "3233": 41, "3235": 43, "323a": 98, "325": 46, "3265": 187, "3268": 117, "3274": 117, "3282": 94, "3283": 117, "328c96b1": 130, "329": 36, "329397z": 107, "3294cbfa1b4d09103351ca2b234bcbfa": 119, "3296": 108, "329a6ff4": 106, "32b7017d2019dfe922abc4e07c3fd": 15, "32b7017d2019dfe922abc4e07c3fdfff": 15, "32c5d847e3c0": 106, "32k": 182, "32x32": 64, "32z": [42, 116], "33": [3, 10, 13, 16, 19, 36, 46, 59, 63, 78, 85, 89, 100, 104, 108, 116, 117, 123, 124, 126, 127, 128, 129, 131, 138, 146, 148, 153], "3306": 182, "331": 78, "3310": 28, "332": 37, "332449fe0771": 78, "3326": [131, 137], "333": [124, 144], "3331741957707965158": 49, "3333": [19, 24], "33373": 130, "3340": 187, "3363": 88, "337895628616": 157, "3383": 148, "33851": 127, "3389": 43, "3390": 43, "33939ed01882": 146, "3396": 108, "33f98db5bdb6a7013d52f0120248df35": 122, "33z": [46, 146], "34": [3, 10, 11, 13, 15, 16, 19, 24, 29, 35, 38, 46, 47, 69, 76, 79, 89, 94, 96, 106, 107, 108, 109, 114, 117, 122, 124, 127, 134, 144, 146, 152, 153], "340": 146, "340546z": 146, "3416": 24, "3417": 130, "3418c720092e5bb96b7e42ad3be5d55f": 117, "3426": 116, "342z": 108, "3439": 3, "34467": 43, "34473": 43, "3449": 131, "344b": 106, "34525": 117, "34527": 43, "3456": 131, "3462": [15, 78], "3469": 106, "34703": 7, "3471": 3, "3476": 3, "348z": 133, "3490": 108, "3492": [108, 130], "349319": 67, "34958": 117, "3496": 41, "349764c9": 33, "34b3f509": 99, "34b6": 130, "34z": 42, "35": [3, 11, 13, 16, 24, 30, 35, 37, 42, 43, 56, 57, 67, 69, 72, 74, 78, 85, 93, 98, 104, 117, 122, 127, 130, 146, 153, 183, 185], "3500": 108, "35081d68": 146, "35118": 117, "351623070066166": 69, "3517": 137, "352": 69, "35224": 130, "3523470783": 67, "352z": 37, "353": 98, "353834463164": 138, "353861234567": 138, "35394": 43, "35395": 43, "3544": 117, "355": 96, "3552": 133, "356": 108, "3564fc4": 78, "356ba4b7bc9fda6ad64ed936f0d47e7b19022adfcfc236753182f13a82613c87e3b2dc206fb523952d1841837f785dd8bf137d74919253249327dec36a7b4f180a61cd29e2f2db53febac95deee3300519d4dd28ba08af297f29a5862653a314324e78e41fe2696ab25fb42aa80c63556eeb119d961157c0fb573d93953b7adc485e4cee5c3ecc5561acc5d45c2b1ccb5575a28763a877859d11c9f520d311a750314aebbd71e2459caa4d35a799aeee9f285934086f302d94f368ace46def566f6aac8884b5701914ff26f304b072931bbaeb697aa9d11a71d21767924c96ffe5793848aee50cf40d02dfe4f70f6d329cb83d380397f5f4081c1dcb39034458": 127, "358": 98, "358becb2c9cc": 127, "358z": 146, "3595": 131, "3599": 88, "35b9b7988223": 24, "35eb": 98, "35m": 11, "35mthe": 11, "35pm": 114, "36": [3, 13, 22, 31, 35, 43, 46, 49, 55, 59, 60, 72, 74, 77, 78, 79, 81, 85, 94, 98, 99, 106, 107, 108, 109, 116, 117, 124, 130, 133, 137, 146, 159, 187], "360": [43, 98], "3600": [35, 79, 144], "360017746394": 185, "362": 98, "3624": 116, "3624306361": 133, "363": 183, "36351": 15, "3635326852": 78, "364": 183, "3646436z": 78, "364a90b9c0d6": 130, "365": [7, 42, 78, 88, 96, 133], "3650": 88, "3661": 131, "366c": 24, "3670": [57, 185], "3672": 108, "367f5de4a7f346e4a40b3475dfd93b06": 117, "367z": 187, "3680c6ba": 146, "3684210526315789": 27, "3686931z": 78, "36c7d0f9": 103, "37": [4, 13, 15, 16, 37, 41, 43, 46, 49, 55, 62, 63, 67, 74, 78, 79, 88, 92, 106, 107, 109, 113, 117, 127, 130, 131, 136, 146, 154], "3702": 117, "3707": 133, "3713": 152, "3714": 67, "373": 127, "3731": 108, "373z": 124, "3749861717224121": 79, "375": 106, "376": 144, "377707z": 146, "377z": 107, "3789": 116, "3790": 129, "3792e397": 24, "37a9": 91, "37da": 98, "38": [13, 16, 19, 36, 43, 46, 47, 49, 60, 67, 78, 98, 107, 108, 113, 114, 117, 131, 150], "380": 46, "3805": [55, 109], "3810": 55, "38199c68": 78, "382": 187, "3828": 109, "3834_64215769": 124, "383879eab7c4e0c5d38c1c2e9709ffe9": 153, "384": 116, "3842_48c9cb33": 124, "3844edb09b68": 106, "386": 122, "3860": 62, "3860_7f3e3ad8": 124, "3861": 124, "3861_eb6723b9": 124, "38647": 43, "388": 74, "3888db45d29e": 106, "388dc550092e5bb9462d7353cf5066d4": 117, "389": [67, 117, 160, 192], "389000": 88, "3892": [57, 185], "38e6b909da46": 2, "38z": 133, "39": [3, 19, 37, 43, 46, 60, 67, 74, 78, 85, 91, 94, 104, 106, 110, 113, 114, 117, 119, 122, 124, 130, 131, 133, 147, 153, 155, 157, 167], "390": 98, "3912bbf391299d495109636a0ea47bcb": 78, "3920": 33, "39230892092e5bb957af518273836c33": 117, "3941": 42, "3949": 34, "3952": 43, "3976": 146, "3978861743009": 159, "398": 91, "398z": 146, "399": 116, "39a014ca092e5bb96712b9382e078d95": 117, "39z": [42, 46], "3a": [64, 88, 108, 157], "3a23b513092e5bb954b29f8789d7cf43": 117, "3a47": 81, "3a8080": [88, 157], "3a8d27c47a9c": 106, "3aa62cab990d8648b6a9047787e030fa7": 133, "3aaaaaaaaaa": 107, "3ac3qsgekplbzv": 111, "3ac875f7333fb843aeacb01d1cbfa52ae5": 133, "3b": 103, "3b40ace9067c": 81, "3b6c": 130, "3b89": 98, "3bc1732ca0fb": 106, "3bopen": 103, "3c1e": 74, "3c30bxzpajnj4bbcvle0laar8bvjtyfideezhxuxe4wzcuekxiwans3i8sl1cdgvgnssgefphbjq": 98, "3c47f0b6": 19, "3c7b5bd0": 59, "3cdd": 80, "3cde21c1": 133, "3d": [42, 43, 85, 103], "3d16493b0814a18d6806ed30f4efac31": 65, "3d2e": 98, "3de": 43, "3e45": 35, "3f45d825092e5bb954b29f875ae1d576": 117, "3f85cd99c850": 116, "3fa24409092e5bb9047c4962ece67cbf": 117, "3ge65": 153, "3lo": 64, "3qe_9ipdjkamvup3xolfkaufb": 157, "3rd": [113, 157], "3vaaanemjta": 42, "3xaaxaaxaaxaa": 107, "3y6cpx27gaqacfnp4ec3z2": 98, "4": [3, 7, 8, 10, 11, 15, 16, 17, 19, 21, 22, 24, 25, 28, 31, 33, 35, 36, 37, 39, 41, 43, 49, 54, 55, 57, 58, 59, 60, 63, 64, 65, 66, 67, 70, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 86, 87, 88, 90, 91, 93, 94, 98, 99, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 120, 122, 124, 125, 127, 130, 131, 136, 142, 144, 146, 147, 148, 150, 152, 153, 155, 157, 160, 161, 163, 172, 180, 182, 183, 187, 188, 191], "40": [3, 7, 19, 24, 25, 30, 38, 42, 43, 54, 58, 69, 74, 78, 79, 80, 84, 85, 98, 102, 104, 106, 107, 109, 113, 116, 117, 119, 124, 129, 131, 133, 136, 141, 143, 146, 148, 152, 153], "400": [43, 111, 117], "4000": [157, 182], "4001": 187, "4008551z": 78, "400f72f8": 98, "4035": [21, 63], "4036": 108, "404": [64, 98, 102, 111], "4040": 124, "4041": 133, "40542465": 122, "4057": 74, "4059": 19, "40599060058594": 13, "4078": 133, "4079": 80, "407e": 157, "4080": 108, "40888": 146, "4089": 124, "408e": 133, "409": [43, 109], "4096": 54, "40a9": 74, "40c2": 98, "40df": 24, "40e2": 78, "40e5d872": 81, "40ec": 106, "40ed": 81, "40ghz": 108, "40m": [136, 143], "40reshydradev": 42, "40thread": 133, "41": [3, 15, 16, 17, 18, 19, 25, 28, 32, 35, 36, 39, 41, 42, 43, 74, 78, 79, 80, 98, 107, 109, 113, 116, 117, 127, 130, 131, 136, 187], "410": 117, "4104": 108, "4108": 116, "411": 51, "411281": 130, "4116": 108, "411b": 126, "412": 20, "413": [85, 109], "413c58c8267d2c8648d8f6384bacc2ae9c929b2b96578b6860b5087cd1bd6462": 78, "4144": 98, "415": 35, "415z": 37, "416": [85, 108], "416000": 88, "41660": 19, "416c": [102, 103, 186], "4175": 24, "4175720882": 133, "418": 37, "419": 13, "419372797012": 94, "419z": 146, "41ad": 109, "41b42b9c2dc99253ea8de9509413cc634de748bae8e5b2ad3080db58991d0971": 187, "41bf": 24, "41c1": 106, "41cgnz": 98, "41d9": 98, "41f0": 96, "41f9": 78, "41z": 42, "42": [3, 16, 19, 24, 32, 33, 35, 37, 43, 46, 51, 64, 74, 78, 79, 80, 85, 106, 107, 117, 124, 127, 146, 182, 191], "4200": 10, "42000": 87, "4205": 106, "421": 35, "4216409aca4c": 187, "422": [43, 102, 124], "4220": 113, "4224": 109, "4231": 106, "4231735z": 78, "42321": 43, "4235": [3, 132], "4242": 109, "425": 150, "4254": [3, 75, 95, 161], "4259984z": 78, "425a": 130, "4260": 80, "426d547e345a": 130, "427": 25, "427c": 107, "428": 108, "4283": 117, "428ffee0df26012a5a2c95b65af0025c": 96, "429": 42, "4294430720": 117, "4294967295": 130, "4294967305": 43, "429a": 19, "429f": 80, "42a6370354e": 78, "42acd50c": 80, "42d4": 24, "42dc": 129, "42de": [102, 186], "42e3": 24, "42ef": 103, "42f7": 24, "42fb": 106, "43": [3, 7, 16, 19, 20, 33, 36, 37, 39, 42, 46, 49, 51, 69, 78, 86, 87, 92, 98, 104, 108, 109, 113, 117, 122, 124, 125, 131, 136, 146, 148, 153, 154, 159, 168, 185, 187, 190], "4300": 16, "4303": 16, "4305": 43, "430512z": 78, "4307": 43, "431": 131, "4313a3fc6fe92d6fddf3ce95bf171a033c09bfcf": 46, "432": [98, 108], "432b": 78, "433241117337583618": 116, "4333": 133, "434343434343434343": 116, "43434343434343434343434343": 116, "4346": 10, "434d": [19, 78, 79, 133], "436": 21, "4362": 148, "43798": 43, "4382": 127, "4388": 106, "4388963aaa83afe2042a46a3c017ad50bdcdafb3": 78, "438c14d8092e5bb93b8797fc3d2836c4": 117, "43a7": 80, "43ad": 64, "43ba": 24, "43bc4149": 103, "43c9": 106, "43dd7b73": [80, 133], "43e6": 127, "43e80046092e5bb97e3f195bc2f4ad74": 117, "43f7": 76, "43z": [24, 42], "44": [3, 19, 35, 36, 37, 42, 46, 53, 57, 63, 65, 74, 85, 87, 89, 90, 97, 98, 104, 106, 107, 108, 109, 117, 122, 124, 126, 150, 154, 159, 167, 185, 186], "440": 81, "4408": 80, "44096166": 106, "441000": 88, "4416c3a8": 78, "442": 46, "44228": 106, "4423": 99, "443": [15, 19, 43, 64, 70, 71, 85, 88, 90, 106, 108, 111, 117, 121, 129, 131, 155, 183, 187, 192], "4435": 127, "443631z": 152, "444": 113, "4444": [19, 113], "4445": 103, "445": 117, "445f0ac1a020": 24, "445z": 187, "4461": 133, "446181058884": 94, "4466": 24, "446b23e1": 78, "447": 124, "4470": 43, "447393z": 49, "447689": 187, "448000": 108, "44832": 106, "4487": 24, "448b": 67, "448e": 103, "449c": 78, "44b7ed9daadb3ac89ead8977d04a0537fa3125a": 127, "44bb68279d984220ad60a069dcf6079f": 117, "44c7": 78, "44d88612fea8a8f36de82e1278abb02f": 117, "44e0": 79, "44z": 49, "45": [3, 15, 19, 21, 32, 35, 36, 37, 42, 43, 46, 47, 49, 57, 59, 64, 66, 67, 69, 74, 78, 86, 89, 92, 97, 98, 99, 106, 108, 109, 117, 124, 125, 133, 136, 137, 146, 148, 153, 168, 184, 189], "4500": 117, "4502": [3, 68], "45046": 106, "450e": 133, "450f": 106, "45105": 106, "4510a89f4588": 24, "451528": 106, "4520": 80, "45214": 43, "4525": 42, "4543": 127, "45486": 131, "45488fd5092e5bb9045bbc3330d499ea": 117, "454d": 24, "455795fabfd3c2c246b4b9e37782db8dbac8c9957210d782331861b56010bb12": 78, "456": [42, 88], "4574": 106, "45756395": 37, "4577150344848633": 79, "457e": 106, "4585": 167, "4593": 133, "4593785z": 78, "4598": 36, "45a5": 98, "45bc27": [28, 67, 91], "45c4": 24, "45m": [136, 168], "45z": 185, "46": [3, 13, 15, 21, 24, 25, 30, 35, 36, 39, 41, 42, 46, 47, 49, 53, 66, 74, 78, 85, 96, 98, 102, 104, 108, 109, 113, 114, 116, 117, 124, 127, 136, 168, 187], "460272187173695": 69, "4608": 107, "4609": 80, "460b": 24, "461314z": 152, "461397z": 116, "4614": 106, "461b": 39, "461z": 146, "4621": 98, "46232z": 152, "462a": 24, "463": 104, "464": 64, "4642241z": 78, "465": 88, "4652": [85, 133], "4655": 102, "4657": 122, "4658": 130, "4659": 106, "465905z": 78, "46679a50632d05b99683a14b91a69ce908de1673fbb71e9cd325e5685fcd7e49": 24, "4673": 98, "467954c2": 91, "468": 131, "4680": [57, 185], "469": 157, "46a8": 127, "46ad": 24, "46ae4286c54b": 106, "46c1": 77, "46d2": 98, "46d6": 133, "46z": 46, "47": [13, 15, 16, 21, 24, 33, 35, 42, 59, 64, 65, 67, 74, 90, 104, 106, 107, 108, 109, 111, 113, 117, 124, 127, 131, 133, 137, 138, 143, 146, 153], "472z": [108, 146], "47314d20": 42, "473476": 127, "474": 187, "4748": 78, "4749": 124, "474e": 78, "474z": 146, "4751": 78, "4756": 39, "4759": 24, "475e": [80, 133], "4766": [15, 106], "4776": 130, "477d0222092e5bb91ec14117b8c56c14": 117, "4780": 108, "4784": 103, "478710": 159, "479": [81, 148], "4793b972092e5bb92e3450ad7023cd88": 117, "48": [3, 15, 16, 19, 20, 24, 25, 35, 41, 43, 55, 59, 69, 72, 78, 85, 88, 90, 91, 98, 106, 109, 116, 117, 124, 126, 127, 129, 130, 131, 137, 146, 168, 185, 187], "480": 117, "4801": 78, "481": 131, "4830": 108, "484648z": 152, "4848": 127, "484a": 2, "486": [111, 168], "4860": 188, "4861": 106, "4868": 108, "486z": 37, "488b": 24, "48ac": 106, "48b0": 78, "48b2": [78, 79], "48bbf98612290af2215c7a02b7ccbc82": 15, "48c3782d092e5bb97e3f195bd2035d87": 117, "48c9": 157, "48cd89827939b3a8976d9bb0993bc338": 146, "48e3": 35, "48x48": 64, "48z": 42, "49": [3, 15, 16, 20, 24, 37, 42, 51, 64, 72, 74, 77, 78, 80, 81, 86, 90, 92, 99, 106, 107, 108, 109, 113, 114, 116, 117, 122, 124, 125, 130, 131, 136, 154, 167, 168], "490": 187, "491": [74, 103], "491356741607": 98, "491f": 91, "491z": 108, "4925": 78, "4932": 106, "493371": 146, "494d": 98, "4951": 187, "4953": 107, "496b": 80, "49769": 126, "4988": 19, "49881": 7, "499": [104, 137], "4991": 106, "49a2a269271a": 98, "49ac": 184, "49ba": 106, "49ee": 106, "49f7": 103, "49x1": 98, "4a": 156, "4a15": 103, "4a2b": 24, "4a56": 24, "4a5b440a8c62": 106, "4a5db6fc6c11fd49b2836a4e77ed2284dc656222f73dbb8e59c8990a99edf8a9": 99, "4a90": 33, "4ab4e3b7bde4": 104, "4ad4": [102, 186], "4b": 156, "4b04": 137, "4b45p": 78, "4b7e": 187, "4ba0": 33, "4ba7": 24, "4bbf": 106, "4bcf": 78, "4bd4": 130, "4bd9": 98, "4bde1db6579b": 80, "4be17e67": 106, "4be4": 10, "4be6f56fdd37c9d3aa054a15cdfcb091bb16fa4d": 46, "4bea": 19, "4c10": 124, "4c1e": 108, "4c27": 133, "4c2c": 104, "4c47": 98, "4c4831e9": 80, "4c4c": [107, 130], "4c53": 99, "4c62": 80, "4c697374d15c433880a56800bac25e56": 117, "4c74": 24, "4c93": 24, "4c96": 19, "4c9b": 148, "4ca0": 19, "4ca2": 106, "4ccc": 107, "4d": 54, "4d12": 106, "4d136b0589a27ef": 24, "4d33": 99, "4d54": 24, "4d80": 106, "4d84": [78, 79], "4d96": 33, "4dd3": 98, "4dd9": 133, "4dfde5a": 133, "4e24": 106, "4e28": 106, "4e2a": 106, "4e48b231092e5bb94b04e043ac98c412": 117, "4e5b": 78, "4e5d": 78, "4e65": 35, "4e6c": 78, "4e6d": 124, "4e832627b4f6": 98, "4e9b": 80, "4eabcdefg": 152, "4eac5ba86b27414098820732fe7876f6": 33, "4eb1": 152, "4eced01ba15f": 152, "4ede": 106, "4ee8": 24, "4f": 108, "4f03": 117, "4f6d": 133, "4f7b": 106, "4f7f": 152, "4f8e": 102, "4f8f": 78, "4fac": 108, "4fbb": 98, "4fc4": 78, "4fd7": 124, "4fd97d44f069": 80, "4fe4": 146, "4ff3": 109, "4gb": 182, "4mo8bxwyxnmq0fd4xcb8ygnmwnypjgafaqaq": 98, "4py0d": 98, "4r85": 98, "4ur": 99, "4uv5mvsh7kopfhsgsb": 42, "4zohxoaq": 85, "5": [3, 7, 8, 15, 18, 23, 24, 25, 32, 33, 35, 36, 37, 39, 41, 42, 43, 44, 54, 55, 57, 59, 64, 65, 66, 67, 70, 72, 74, 78, 81, 85, 86, 88, 89, 90, 91, 94, 96, 98, 99, 102, 104, 106, 108, 114, 117, 122, 124, 125, 127, 129, 130, 131, 136, 137, 142, 144, 145, 150, 152, 153, 155, 167, 179, 183, 184, 186, 187, 188, 191], "50": [3, 7, 11, 16, 18, 24, 34, 36, 43, 60, 64, 66, 67, 69, 70, 71, 77, 78, 80, 81, 86, 88, 89, 90, 91, 92, 98, 99, 103, 104, 106, 107, 113, 117, 124, 127, 129, 130, 131, 144, 145, 146, 152, 154, 155, 183, 185, 187, 191], "500": [24, 28, 55, 78, 81, 103, 111, 117, 124, 152], "5000": [1, 81, 117, 181], "50000000": 24, "5001828": 103, "50051": 53, "500hr00001vhyiciab": 113, "500hr00001wthb4iab": 113, "500hr00001wu3etiaj": 113, "500hr00001x8wykiaf": 113, "500hr00001x906jiab": 113, "500hr00001x98nniaj": 113, "50102": 112, "50104": 112, "50136": 187, "501548362894b9a08f071b1565d8aa14": 96, "50246": 187, "502z": 187, "503": [42, 81], "504": 89, "5048": 77, "50594": 133, "5059b918": 24, "506": 187, "508": 64, "5084032z": 42, "5087": [3, 52], "5088": 108, "5098": 19, "50ad7d3": [19, 78, 79, 133], "50adc897": 106, "50b0": 24, "50c323c1": 146, "50c7": 130, "50ca7e01766a": 133, "50ce": 106, "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c": 153, "50f33fe0092e5bb95da9db7bfd3a2e41": 117, "50ghfd9jcw": 153, "50skqtffs2": 153, "50z": [42, 46], "51": [3, 8, 15, 16, 18, 24, 41, 66, 69, 78, 79, 89, 99, 102, 103, 106, 107, 110, 111, 113, 117, 124, 126, 127, 130, 131, 138, 146, 150, 152, 153, 155, 167], "512": 25, "5123526f5b08": 103, "513": 67, "514": [74, 79, 89], "5140": 108, "51417677b5e7b17542d383f5b25e2b43": 102, "51450374": 24, "515z": 146, "516": 188, "516z": 108, "517z": 187, "518149": 187, "518317": 187, "5184": 108, "51843": 187, "519": 74, "51948": 39, "51966": 117, "51a2": 39, "51c0": 98, "52": [10, 11, 16, 19, 24, 33, 35, 36, 37, 64, 69, 78, 85, 90, 98, 102, 103, 106, 107, 108, 113, 117, 127, 146, 154, 185, 186, 187], "520dd58e092e5bb97e3f195b7c029bf": 117, "5215": 116, "521z": [146, 187], "522": 89, "5223": 117, "523b0176092e5bb97f83814d1657f3a4": 117, "523e53ec092e5bb90a16a700daeebe85": 117, "524": 108, "5259227z": 78, "5261": [3, 56], "5263157894736842": 27, "526691595z": 33, "528": 108, "528b8e59": 103, "52a5f23ccdf1": 78, "52ad1f3f092e5bb927116fa915bbbdbf": 117, "52adef79fe80b4958050c700a8b0da15": 153, "52b41acc": 98, "52b5c0daeb16": 106, "52bba2a9092e5bb94dc766c08b9d6354": 117, "52c2ba8d": 98, "52e6b38b": 81, "52fc": 152, "53": [7, 15, 16, 19, 24, 42, 43, 58, 67, 77, 78, 81, 90, 103, 104, 106, 108, 113, 116, 124, 131, 146, 150], "5306946": 19, "5307443z": 78, "531cb865bb4a8c87090440414dfce5c16dec06e314797576ba4bac500f602bb5": 99, "532": 108, "5321": 109, "533": 19, "533077z": 116, "53371": 130, "534000": 130, "5343": [3, 101], "5353": 117, "535479z": 146, "5355": 117, "5357": 117, "5358": 117, "5365": 16, "537": [94, 187], "539": 98, "5394": 63, "539z": 187, "53dacf1e092e5bb90d7be4f2910f0f6a": 117, "54": [15, 16, 24, 33, 36, 42, 43, 49, 67, 74, 78, 91, 104, 106, 108, 116, 117, 127, 148], "540": 108, "541535": 69, "541548fc738f": 80, "54232": 24, "54233": 24, "543": [36, 74], "5432": [87, 114, 182, 183], "54336": 107, "5438": 98, "5445": [3, 115], "5448": 148, "545": 67, "54545": 146, "546": 36, "546z": 107, "547": [74, 127], "54708cb41d08344e2a8af58b": 111, "5471": 36, "548": 117, "54fc": 91, "55": [7, 16, 19, 37, 41, 42, 46, 49, 60, 74, 77, 78, 80, 85, 88, 90, 91, 96, 98, 99, 104, 107, 108, 113, 116, 117, 124, 127, 129, 152, 154, 167], "55000126pg": 153, "550001h8bt": 153, "550002yae9": 153, "5500038yxj": 153, "550004jmxn": 153, "55000aj8rt": 153, "550f104c94ea": 127, "551": 25, "5522": 98, "5528": 152, "5536": 130, "553648130": 24, "553648202": 24, "553648204": 24, "5540333z": 80, "554696714": 24, "554696715": 24, "555": [74, 96], "5555": 192, "55555555": 19, "5558": 126, "556": 153, "5565": 49, "5568": 108, "5574": 109, "558": [69, 81], "5580c55feaeaeb35e8a9f88dd9dac69d70acaacfabb39012c7ae9c26b4c2a239": 108, "5586762z": 79, "559": 66, "5590": 116, "55b865fcb6": 152, "55de7a4c": 78, "55eb": 80, "56": [15, 16, 24, 35, 36, 37, 42, 43, 46, 54, 65, 74, 78, 79, 91, 104, 107, 109, 111, 116, 117, 130, 146, 150, 186, 187], "560569": 187, "561976be4b6e992478c13ea230e0f6a4e708e3b7befc61642dcd281bcacec975": 127, "561z": 108, "562852": 127, "563006": 127, "563057": 127, "5634": [3, 22, 31, 55, 77, 94, 140, 151], "563z": 146, "564": 74, "5644": 16, "5647": 137, "564z": 107, "5672": 59, "56753": 146, "5678": 116, "568": 81, "5684": 108, "57": [3, 16, 18, 38, 42, 64, 67, 74, 78, 84, 88, 98, 99, 104, 106, 107, 108, 116, 117, 130, 133, 137, 146, 148, 150, 152, 188], "570": 91, "5713": 114, "573028fb092e5bb97e3f195b639b9f4d": 117, "5732": 97, "5733333": 19, "57382c61ba68": 78, "5762": 152, "57622753280": 117, "576771": 106, "578": [74, 131], "5789473684210527": 27, "57bae1c2": 78, "57c5bb9c88": 78, "57df779566": 78, "57z": [42, 124], "58": [10, 19, 36, 37, 42, 46, 64, 67, 74, 78, 87, 104, 106, 108, 109, 113, 116, 117, 130, 131, 133, 152, 159, 186], "580": 10, "58011": 39, "581": [74, 187], "5815": 96, "581b": 127, "584": [88, 153], "584485135": 98, "586": [10, 117], "587": [22, 88], "5877": 103, "588": 10, "588360": 127, "58e62790092e5bb954b29f87b6a521c4": 117, "58z": [42, 133], "59": [8, 25, 35, 36, 37, 49, 64, 67, 69, 78, 80, 88, 89, 91, 98, 106, 116, 117, 127, 138, 144, 146, 148, 153, 168], "5902": 43, "592f0bdc": 152, "59301": 107, "5931a062": 24, "5944": 109, "5963": 49, "5968": 98, "598": 36, "5985342": 19, "599": 64, "599379": 127, "59e44ad8a982ba9a4af1630c6d762675b33c74bec5f73da79192f8cf062d5810edf3b8d6fc6cff139632cd4fe98724850b74a2c2f60ff5a7d87d768aaee9c9582b6e006fb9cd24eec442c54c16859d34613923bfc68e95c984a9b2e5410f4478d795b9cfd974bf584fe716ff7c4030c46c4e224dcb83673a93bf2bc5c59c1af243a1253b84f6f7536ea885aede14749130060df207d4c408ba4364c5e23fdaacc541afa437e8427674f713bb4a7d3659819bc744df8973b93342e860c24d615d125a10f6efff33891450e8d69fc6b95c2b35dbadeddd36b625f2958aac693f9afe1af815286dea185ac2d26218af4078b5fa5e098f53f9ccf823a1833123f4c6": 144, "59g3vyg0wennecew6bz9f": 98, "5a": 42, "5a6bbf37092e5bb924bd0656c5edc154": 117, "5acd56f7639": 24, "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124": 24, "5afc7cfb": 106, "5b": 146, "5b3beaa8": 106, "5ba8": 98, "5be5af82": 130, "5c": 116, "5c01": 130, "5c4e": 152, "5cf1": 130, "5d": 146, "5d1f41e9546": 130, "5d63": 72, "5d7e9b38092e5bb968dcbe0fdfe2a339": 117, "5d836a4acc55922e49fc709c7a39e233": 96, "5d857b08092e5bb9744d3bd774298986": 117, "5d85c5e9": 98, "5da9bceb": 98, "5dbcb688": 106, "5dd0": 157, "5e0000000325": 35, "5e1c8874b29de480a0513516fb542cad2b049cc3": 78, "5e229e3630d1": 106, "5e29": 117, "5e91": 80, "5ed2b2de092e5bb936229e5022e27035": 117, "5ef2f214260ab8f58e55eea42e4ac04b0f171807d8d1185fddd67470e9ab6096": 144, "5ef6": 17, "5f170f6131b7": 106, "5f59": 42, "5fc876eac7e8": 106, "5h": 114, "5px": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "5xth": 148, "6": [4, 7, 11, 13, 15, 16, 17, 18, 19, 20, 21, 24, 25, 28, 30, 32, 33, 34, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 54, 55, 57, 58, 59, 60, 64, 65, 66, 67, 69, 70, 72, 74, 78, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 119, 120, 122, 124, 125, 127, 129, 130, 131, 133, 136, 137, 138, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 167, 179, 180, 182, 188], "60": [15, 35, 43, 64, 69, 73, 74, 78, 80, 90, 94, 99, 100, 101, 102, 103, 104, 106, 107, 108, 111, 113, 116, 117, 124, 127, 131, 136, 138, 144, 145, 146, 167, 168, 186], "600": [20, 56, 90, 103, 106, 108, 115, 117, 130, 144, 187], "6006": 60, "6014": 49, "601b3a550ab9": 108, "6024000000000": 152, "60372": 20, "6040000": 117, "604c4baa092e5bb9343dac446707079f": 117, "605": 60, "606": 74, "606060606060606060": 116, "6060606060606060606": 116, "606099": 130, "606e693c6ac040107c07dcc7c7ed6785": 33, "606z": 146, "607": 10, "607447413779893818": 116, "607447413805059643": 116, "60873d6d": 152, "609": [89, 109], "609a9f30b514": [80, 133], "609dc6e4d76f": 19, "60b7c0fead45f2066e5b805a91f4f0fc": 38, "60baffd3f9042e38640f2300d5c5a631": 15, "60bfae787651": 106, "61": [24, 37, 43, 107, 130], "610d4a69": 102, "61267": 130, "612822z": 116, "614": 72, "615": 109, "616": 98, "616308z": 116, "6167": 15, "617": [89, 109], "61758": 78, "61859": 78, "619a": 98, "6207": 43, "620z": 15, "623": 98, "624b3e67f533f89c2f700992": 154, "625": [74, 131], "6250": 55, "62514": 117, "62516": 117, "62524": 117, "625b": 106, "625z": 15, "626": [36, 106], "62646caa092e5bb97e3f195ba0c158e8": 117, "627": 98, "6287": 43, "629": 35, "62b1": 98, "62b2f277d0164e239457b719": 39, "62b326c9d0164ee8e257b729": 39, "62f3": 103, "63": [11, 33, 43, 127, 191], "631": 74, "6319": 80, "6324ff6f2bfc710a0dfcb59f0c2f991e0d68f81976b1e85777bb94827ec031a22720dd4b66b12e2576bde798b74a0645": 127, "6328": [3, 147], "63475044092e5bb970fe9eacab21efb1": 117, "636": 67, "6367011b1d93": 106, "637z": 148, "638246066435733333": 19, "638872": 130, "63b8": 98, "63dbcdf8df0c": 35, "63dce33f44ac": 10, "64": [25, 41, 54, 78, 86, 94, 102, 116, 117, 127, 146, 153, 188], "64013580": 111, "64088": 130, "641": 36, "641z": 146, "642": 36, "6422279z": 133, "643": 36, "643z": 108, "644": 36, "6443d9ca092e5bb936229e5074834588": 117, "6455442249407791000": 24, "6455442249407791109": 24, "6464": 188, "646e2686eba9": 116, "64762c8ef84d": 117, "6479": 106, "648": 187, "6481": 146, "649": 78, "64f6": 78, "64k": 182, "65": [24, 43, 54, 98, 127], "650": [62, 117, 148], "65001": [70, 71, 121, 129], "652": 117, "652z": 108, "6546xxxx29bc6cxxxx": 72, "655": 98, "6554": [3, 58, 84], "6565662z": 80, "657": 16, "6576": 98, "659": 85, "659151942": 24, "65994753": 33, "65afbd1c092e5bb9643c123950557886": 117, "65ef47d95cd7f554699537f0": 18, "66": [13, 43, 59, 80], "66048": 67, "6616d56e0000": 80, "6616d57f0000": 80, "6616d7020000": 80, "6625": 130, "663": 187, "663b833f6fc0": 98, "663f166080a8": 127, "665": 78, "66605": 96, "668": 152, "66848": 187, "6688": 78, "669": 185, "6695009330bb": 24, "6696966z": 78, "669z": 108, "66c4": 130, "66e54faed53c": 81, "67": [43, 103, 117, 127, 153], "6703": 33, "6719": 187, "672": 108, "673": 78, "673z": 108, "676": 108, "676d1be7": 33, "6776": 187, "6779": 146, "678": 131, "6783": [3, 17, 28, 36], "6785431z": 78, "6786": 109, "67f7e347b878": 117, "68": [88, 117, 127, 144, 188], "680271": 67, "6807": 107, "682820": 117, "68314": 131, "6833": 103, "6843": 187, "6853839cde69359049ae6f7bd3ae86d7": 24, "686z": 153, "6870926605261705032": 130, "689": 16, "689e": 152, "68a66f7f": 99, "68b1": 146, "68c4": 106, "69": [25, 103, 127], "690z": 49, "6912": 113, "696": 25, "699000": 154, "69ff496f092e5bb94e898d1e4d224d28": 117, "6_1_6_4": 18, "6a2d": 98, "6a3290f368de76e0dc83d7a380ca91e8950a57ff2aabc94c706b3418743e2743": 157, "6a35f99f092e5bb95ddd5b2960c09319": 117, "6a3f": 133, "6a70": [80, 133], "6ab8": 98, "6b0baed2": 24, "6b281d07ffde": 67, "6b54818cd110": 78, "6b9d": 78, "6bc4b73c": 24, "6bf8c47e": 109, "6c3245d4a9bc0244d99dff27af259cbbae2e2d16": 78, "6c3c2005": 24, "6c5000418a81": 80, "6c5000418a81_4c4831e9": 80, "6c825674": 130, "6c98b3f1dcc03245a5f9e525ad6ac11983dc26dadebeb497492462aa166e19f0": 157, "6cbc27a1941c": 106, "6cbce4a295c163791b60fc23d285e6d84f28ee4c": 108, "6d": 117, "6d7f": 35, "6db4c6bcafe3333fffaf5a754b7ae73d": 153, "6dc7": 117, "6e70f043092e5bb93f74fd57c083f99": 117, "6e7a6527092e5bb97e3f195b1bce841d": 117, "6e8476e5": 106, "6e85858585854": 107, "6ebcc33e092e5bb968e1c4ff9c750796": 117, "6efvp": 153, "6f097307fda711eeb0bd491bae9facb0": 146, "6f45": 91, "6f4fce57092e5bb97e3f195b0e91b958": 117, "6f7d": 129, "6i5fgoeg3ssimry4dqdovcpg4be4jjskcy1ii": 98, "6ikqchbpxlbmv4jv": 187, "6shmdt44sgg_v": 39, "6t2h2nhfyc8k9rzjiawgavjdsbrc27tey20kg": 98, "6v3hq": 98, "7": [1, 7, 11, 12, 15, 17, 19, 22, 24, 27, 28, 33, 35, 36, 37, 39, 42, 43, 44, 47, 49, 53, 54, 55, 56, 58, 59, 60, 66, 69, 74, 78, 88, 89, 91, 96, 97, 98, 102, 103, 104, 106, 108, 116, 117, 119, 124, 125, 127, 129, 130, 131, 136, 137, 144, 147, 148, 153, 159, 161, 163, 168, 180, 182, 186, 191], "70": [59, 69, 86, 108, 127, 130, 146], "7000": 117, "70000006": 24, "700082": 130, "701": 15, "701719": 106, "7018": 15, "702": 74, "704": 106, "7058": 3, "705z": 37, "7066667": 19, "707dfe08411": 106, "7091": 24, "709c76d53f1e": 130, "70ca": 137, "70f2a19ab22a": 19, "71": [24, 43, 127], "711": 111, "7112": 113, "711226z": 116, "711dc180092e5bb959a6acfc5861ceab": 117, "711z": 146, "712": 187, "712z": 108, "71440046": 24, "716": 108, "717": 187, "71760": 35, "71762": 35, "71763": 35, "71764": 35, "71765": 35, "7184658050537109": 79, "719": 43, "71c9": 98, "72": 127, "7200": 144, "720768": 108, "721": 98, "7212f8b4092e5bb9415de41eb43d4459": 117, "7216": 109, "721f": 33, "7231e523092e5bb93f329a371754a877": 117, "7247": 43, "725871979": 33, "725c8064c775432fb85ea16d7b7c85c7": 148, "72676": 146, "7272543713819412727": 130, "728ee069b76107e9e2930dbffd50dfc52f440823e5f252935eb8607a47b11efc": 33, "729": 16, "72b8204066d3b290b68bae2eeb1942cd": 192, "72e3": 133, "72ef5e10": 98, "73": [43, 69, 88, 89], "7309": 18, "731": 111, "7312": 131, "731z": 37, "7329": 150, "7333333z": 79, "734843z": 80, "7353f60b1739074eb17c5f4dddefe239": 108, "7368421052631579": 27, "739": 43, "7394034758": 74, "7397": 130, "73a3c4aef5de385875339fc2eb7e58a9e8a47b6161bdc6436bf78a763537be70": 78, "73e8bcb4092e5bb938013d7530fa8804": 117, "73loq": 153, "73z": 78, "74": [43, 117, 127, 187], "7411a4da": 108, "741389": 106, "741z": 153, "7428": 117, "742z": 146, "7477c64706110f4d0652b28c6618b8b83d27fef94ca9d112965f8c9a62ca3d7": 146, "74d793c0e151": 33, "75": [98, 106, 117, 127, 130, 145, 187], "751000": 154, "751e": [102, 186], "751z": 49, "752": 16, "754z": 49, "756508e728338b4931e199674e65ff9ba5daa25914f75cca8d424efd7ab89f0d": 127, "757": 30, "758451z": 78, "7585": [3, 65, 87], "759": 36, "7592": 146, "759a": 78, "759liuq4r3": 98, "76": [3, 29, 80, 106], "7611744a6e9a": 24, "761de33e1c3d08865f5f2d0cfc84c3b5401c7915a2953ca6b8c2fddbb007556b": 146, "764a62f2": 133, "765": 117, "76530f37092e5bb97e3f195b364ca62": 117, "765669c8c9": 78, "7657": 124, "7659xxxx29bc6cxxxx": 72, "7660": 39, "768224z": 116, "769050836563": 117, "7690508366": 117, "769721": 106, "76b1cfbd092e5bb91e4d52e426621842": 117, "76d9": 106, "76ed": 35, "76edc092": 24, "77": [7, 54], "7707565e": 98, "773": 19, "7740": 78, "7746": 116, "7753": 78, "77616": 187, "77910": 187, "77a01134092e5bb97f7828df8d14642d": 117, "77a6": 109, "77bb": 98, "77c094efe348": 24, "77d4a35822f0": 98, "78": [37, 79, 98, 127], "780": 43, "781": 127, "783": 108, "785": 187, "78566": 187, "78680309": 78, "78695": 187, "787": 74, "788": 108, "7889f07c092e5bb96a66b39a1e88630c": 117, "7899": [3, 32, 46, 106, 137], "78994z": 78, "78bt3": 153, "79": [43, 69, 127], "790": 16, "791": [78, 124], "792": 146, "794z": 49, "7951": 16, "7957": 78, "798": 43, "7981": 130, "7989": 19, "798z": 37, "799": 74, "7990619": 57, "799d84f0": 187, "799z": [124, 153], "79a5ab21908f": 24, "79b840a5092e5bb915d114ab2c0ea950": 117, "79k7": 153, "7a": 96, "7a07": 80, "7a42801f092e5bb954b29f87ca0ae4e7": 117, "7a576996e703": 106, "7a945e934638": 106, "7abca37c1c124cb2a4e74661f4a8c47": 148, "7ae5ba435f196a40cc08b8b02c6b0905774a40d": 46, "7b0c7f7133e4": 19, "7b54": 98, "7baa138c499f": 24, "7bc411976ec9": 146, "7c10": 98, "7c19": 78, "7c1fc997092e5bb90c24c0ea3ba7798a": 117, "7c551c65686c0866daafcee3d8061d6b": 153, "7c551c65686c0866daafcee3d838f052": 153, "7ca1fdfe537913b8854227efc1f11b00d405f2d21e416e7023c4ebed2bfa887d2bc4d4d553ce41667c99def47ea05e6ce4a773c4ee7173927f1d263e724c16c2": 122, "7cbbf08ebb723e7986f2369fc6b7e6fec773ff511484da8b643141e8b1aa221c": 99, "7cc5b89b": 80, "7cf204190449": [102, 186], "7cinc000000005009": 21, "7d": 59, "7d1eabcdefg": 152, "7d3f9127092e5bb9266a3276d4c51f7f": 117, "7d51": 146, "7d51bd774f20": 98, "7d52abd6": 106, "7d889aac958a5dbebc01a16979140eb2": 153, "7db452ea": 80, "7e": [24, 54], "7e639ad8ffb3": 98, "7e9c": 133, "7edbf1904269": 157, "7ef034b68320": 106, "7f1c3609": 78, "7f42db5a8e63019": 24, "7f4db93a": 103, "7f63": 78, "7f93ed7954ef": 35, "7fb0ff": 67, "7ffyzir1o5k6h97mxcmgbuss0vdrewt4hnxa5hrtghw9sna5qsyzn0zlk": 98, "7gbcp": 78, "7jookt1tj5hinlgfbgcbcrnj5": 98, "7m9fp6we": 146, "7ogelgyvhw": 98, "7p1qd0d8aoqbkgtoky3zgev2o": 98, "7sm0vq7vvnmyjt1puvghoxb7tbcge1aqeamsry4nm27p": 98, "7u7v8aae5otktls0hisfzwvnz2dlhywo3t7fhx8f": 187, "7ua1h": 153, "7z": 98, "8": [7, 8, 11, 13, 16, 19, 21, 24, 25, 31, 32, 33, 35, 36, 37, 39, 41, 42, 43, 46, 47, 49, 56, 57, 60, 62, 65, 72, 74, 78, 86, 88, 89, 90, 91, 98, 99, 102, 103, 104, 107, 108, 109, 111, 113, 114, 116, 117, 119, 124, 127, 130, 131, 137, 146, 148, 150, 153, 157, 167, 182, 185, 187, 188, 190, 191], "80": [15, 16, 24, 37, 43, 80, 85, 86, 117, 124, 147, 155, 185], "800": 117, "8000": [54, 192], "80010119": 35, "800z": 153, "80115532": 185, "802": 30, "802d": [19, 78, 79, 133], "803064": 67, "80386": 122, "804": 187, "8040": 78, "8042": 103, "805306368": 67, "8065": 35, "8066": 35, "8067": 35, "8075": 150, "8080": [10, 56, 82, 85, 88, 100, 133, 148, 150, 154, 157, 192], "808080": 102, "8083243z": 78, "808372800": 144, "8088": 184, "8089": 129, "808949021a04d66f9e54192028693507": 137, "809": [49, 187], "80ab": 152, "80c039c4": 106, "80ef843fa78c33b511394a9c7535a9cbace1deb2270e86ee4ad2faffa5b1e7d2": 24, "80m": 185, "81": 127, "810": 43, "8113": 127, "8121": 117, "8126235z": 78, "8131": [3, 13, 25, 47, 53, 85, 96, 108, 113, 168], "814a": 124, "81567": 117, "815f": 146, "816": 74, "8168": 124, "816e4d4f092e5bb97e3f195b3a42774": 117, "817450822869712903": 108, "817z": 153, "8180": 87, "81d1985def1840b92a0fc109761345e2966043a7": 46, "81e2d4bb": 184, "82": [13, 15, 127], "820": 74, "8205": 78, "822": [85, 91, 129, 144, 188], "8239": 85, "823c": 78, "825": 74, "825c234b510213d77f2a0b84b690ec541ea7e30178b28274f2231880d21e7fef": 187, "825z": [94, 124], "8260": 108, "8273": 98, "8282": 117, "82825b58": 137, "82862c65f3c8": 19, "82ca6db1": 106, "82f6": 98, "83": [43, 127], "8304": 42, "8305": 8, "8312": 106, "8328": 35, "8329": 35, "8329e587": 116, "833": 187, "8330": 35, "833246": 130, "834299573936": [1, 15], "8344": 98, "836": 146, "836686917654282240": 108, "838": 127, "8394": 43, "8395": 78, "839608851933167623": 108, "83a8bc932fc27c3e8f7c064a809c23aa8d737d2e1844b3c512e912fef14678f43bb0c994250a1d628b06b88075f2b441": 127, "83b1": 98, "83b76efe": 152, "83c0": 107, "84": [89, 91, 98, 117], "8402983z": 78, "842z": 108, "844": 185, "8442": 130, "8443": [21, 55, 56, 74, 110, 117], "8445378z": 80, "8446": 117, "8447": 130, "844e": 78, "8458727z": 78, "8466667z": 78, "8467": 113, "847c": 152, "8495": 146, "85": [13, 24, 91, 96, 97, 127, 130], "8502": 24, "8503": 15, "850e0b0b": 98, "851553z": 116, "854780206e7abbf5a46704f1e75c5075881e4e914c7b44bea45fac1677781096": 146, "857d21c8a80297fb0078cdc036b290b61cb4eec5c1889eab4c7ae3daeeeaa655": 108, "857f": 10, "858": 187, "858689": 106, "858z": 37, "8591": 106, "85c62850": 59, "85dc76156e96": 80, "86": 37, "8601": 79, "861c": 10, "862": 54, "862a": 42, "86400": [27, 152], "8640423z": 78, "864e": 148, "8653881344": 54, "8678": 133, "8678ccd8c8": 126, "868013z": 78, "86b0": 106, "86e0bfc8": 10, "86ikwxssg": 19, "87": [3, 19, 37, 116, 127, 146, 192], "871": 35, "872": 21, "8725": 31, "87423": 16, "875": 129, "876174682842202112": 108, "876667": 11, "877": 130, "877000": 130, "878z": 124, "87b8e8c7": 98, "87bf": 78, "87fd1ea0": 133, "87z": 124, "88": [35, 37, 91, 108, 116, 117, 127], "880": 77, "8803": [3, 15], "880d": 98, "882": 150, "8827": 78, "883": [80, 117], "883158861": 79, "8838": 24, "8842": 41, "8844": 188, "884d30da092e5bb930dc6ebc4a3e9b5b": 117, "887": 74, "88750037": 103, "88750545": 103, "88750854": 103, "888730": 11, "8888": [73, 188], "889e958fb8354a0e4f9f5abcb3016bfa": 33, "88c3": [80, 133], "88f1": 106, "88f5fb3b8c2436b172fbb4c8fa1c4ff4": 146, "88fcc040092e5bb930fddc8eee3946b6": 117, "89": [102, 127, 152, 186], "891007z": 152, "8925": 124, "8927": 98, "8944": 108, "8960": 187, "89637cf1d7204d028522c81c4389301b": 117, "89663c44": 24, "896d": 24, "897": 49, "8970": 106, "89922216709": 32, "899z": 108, "89bb": 106, "89d65": 78, "89e99b336784": [19, 78, 79], "8_oauth": 157, "8a33": 78, "8a53": 152, "8a68fc7ffd25e12cb92e3cb8a51bf219cada775baef73991bee384b3656fa284": 24, "8a7c6bf0092e5bb97c19f9df273312a7": 117, "8a87acebc21e2cc5eeb24af602b32b30": 146, "8aalgaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaa4fug4atannibgbtm0hvghpcybwcm9ncmftignhbm5vdcbizsbydw4gaw4gre9tig1vzguudq0kjaaaaaaaaabqrqaaziycad": 78, "8aueshcfnhbpsncgaakiiaafblaqiuabqacagiabowifvz4w6bdqoaacoiaaakaaaaaaaaaaaaaaaaaaaaaablehbvcnqucmvzuesfbgaaaaabaaeaoaaaaeukaaaaaa": 98, "8b8d9514c6180d5fcd7b7eb52b9f3286cea9c8df818abc5a63ad50ba37bd9935": 60, "8b9342a1bb64": 127, "8bea5e5453c4": 98, "8c0e": 106, "8c1b": 108, "8c2c": 98, "8c428752092e5bb954b29f87bc51c1d2": 117, "8c4e": 98, "8c61d4bf": 103, "8c64": 19, "8c73": 106, "8cmb0q": 187, "8d64165fb1599e845faefe04040f8151589fec8fb13e09aeb6ea68e5f5b98ef5032e5233a6463785f1f613e8ba5b0fdb385754845c5f40b6d8f620496366d72709daca6b711ed9646f971e2ad76f78e83077bc8525e8b37610bc6584b96e89439672b093594b541a4c1a9b54bc9b5594d61aaaa3eee7435890cfa9035b820495": 127, "8da48d11092e5bb97e3f195bd8691a78": 117, "8dace2559c1c951e09cc0bf71d973bb7": 117, "8dae": [78, 79], "8dbb": 24, "8dd7415a": 98, "8e0b6b736093": 106, "8e0f26ea940b": 77, "8e2aaa7770fb": 98, "8e451d96092e5bb94d06f6f216972f1c": 117, "8e6ffdf6": 80, "8e76e0da": 117, "8e8f59e68bd8": 152, "8ea2": 24, "8eb293471ee7": 42, "8ec7022f092e5bb9462d73539d642d01": 117, "8ec9": 96, "8eec": 24, "8eee": 107, "8ef9": 106, "8f": 108, "8f2b": 130, "8f3bbdae092e5bb9462d7353b2402856": 117, "8f3f": 103, "8f69": 98, "8f7c9555176248ea553d9ac4c8df5a4b5e36ba43d2b02c153e3ee322970877e0": 146, "8fc9": 107, "8fit": 185, "8h1blbwjmedmgdgoaacoiaabqswecfaauaagicaawpihvzhg5hg4kaaaqigaacgaaaaaaaaaaaaaaaaaaaaaazxhwb3j0lnjlc1blbqyaaaaaaqabadgaaabgcgaaaaa": 98, "8ih": 98, "8ljucb6hgs4ftmzucpdaampmvlzwintpfmzpttu6wtkvjd3by8vp4vl": 187, "8po": 98, "8rt": 111, "8track": [57, 185], "8v1aaaaaaa5f": 107, "9": [2, 7, 8, 11, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 32, 35, 39, 41, 42, 43, 46, 47, 49, 51, 53, 59, 64, 65, 66, 67, 72, 74, 78, 79, 80, 81, 82, 85, 86, 87, 88, 89, 90, 91, 92, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 120, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 148, 150, 152, 153, 154, 155, 157, 163, 167, 182, 184, 187, 191], "90": [37, 78, 98, 106, 127, 130, 157], "900": 117, "9000": [4, 170, 171, 172, 173, 174, 176], "9010714z": 80, "9011": 80, "9048930534532860994": 49, "905z": 146, "906c": 106, "9092": [66, 181], "9097": [3, 11, 24, 66, 80, 146, 152], "9099": 24, "909eb7d918e2": 106, "90d1": [35, 88, 157], "91": [24, 72, 127], "910001": 91, "910332z": 79, "911z": 80, "912": 187, "9129": 8, "9133333": 19, "9133333z": 78, "913851": 106, "913z": 106, "914": [72, 113], "914c": 106, "915": 69, "9170": 16, "918c": 130, "9190697z": 78, "91ac": 130, "91z": 124, "92": [24, 116, 159], "9200": [117, 180], "920097": 91, "921": 187, "921173": 86, "92192": 18, "923af5dd": 106, "923b": 80, "925": 78, "9250": 130, "925b": 117, "928": 108, "9297673": 19, "92f3": 148, "92f8": 127, "92fd": 67, "93": [27, 69, 86, 108, 127, 144], "930": 33, "930097": 91, "93166": 107, "932": 108, "9332": 107, "9333333z": 78, "9338": 133, "9340": [3, 8, 16, 79, 102, 103, 110, 111, 117, 124, 131, 150, 155], "935": 124, "936": 150, "9392": 129, "939525795968188423": 108, "93b197b4092e5bb97b99073c27a4a7fb": 117, "93dfc3af285816182861e0a5252624420bcc0484": 78, "94": [24, 106, 131], "94035": 62, "940c4d2": 78, "941": 138, "94238995092e5bb9278b654265950a7": 117, "942z": 108, "944": 16, "944506478": 91, "944626604": 91, "9451859": 19, "945a": 80, "946671267z": 33, "94667175z": 33, "948": 43, "9480498z": 78, "9484": 106, "94a5": 80, "94aee176e311": 98, "95": [127, 182], "950": 187, "9501": 106, "9507": 106, "9507dae4092e5bb9147007d3306bb8dc": 117, "951": 69, "9515": 130, "952": 108, "952427": 122, "9533333z": 78, "954c": 106, "95538": 146, "9564": 130, "9582": 19, "9591": 148, "959z": 107, "95c7f1040af1": 98, "96": 127, "96005082130432": 117, "9603": 79, "9604553": 19, "960c": 78, "960z": 15, "962": 104, "963z": 37, "9649": 2, "965": 43, "96667px": 102, "9667": 98, "9670": 43, "9683de062b98f63f5d1be56538a01e923115c78102ab71d6442579998228ad7b": 46, "968a": 67, "968z": 72, "969": 43, "96aa": 24, "96b8": 104, "97": 127, "9705338z": 79, "971": 108, "9710a198": 24, "9717": 117, "9730547z": 78, "9742": 130, "975": 60, "97583": 187, "975z": 37, "976": 35, "97645": 187, "9775": 81, "978": [96, 127], "9785550145": 96, "9796746496148376": 35, "979ca3": 67, "97b31dfdc7621e7daef56e339df8fafc43c8ae71be2c79ef311832281dc1810c": 99, "97d2": 77, "97de": 106, "97e2": 39, "97waaaibewaaaa": 42, "98": [43, 106], "98000000": 24, "98052": 150, "981": 131, "9813614d": [102, 186], "982": 16, "9827": 8, "9864": 69, "9876": 78, "987654321098765432": 116, "9888736570875306": 72, "9893": [57, 185], "989bb854092e5bb93fabba6edc80ec8": 117, "989eq": 153, "98af": 24, "98d8": 24, "98e6dd8d092e5bb94f3948010b0eeac9": 117, "99": [24, 35, 72, 77, 104, 116, 149], "9903": 167, "9905": 131, "99185ba4": 98, "992": 117, "993z": 107, "994": 88, "995": 117, "995b": 78, "99791": [57, 185], "998231069301": 152, "998z": 107, "999": 23, "9999": 67, "999999": 67, "99999999": 15, "999c463c": 127, "999e509752141a0ee42ff455529c10fc": 96, "99c3": 39, "99e5ebfa1cbebdd970bb3d841bb645d8bee76c375a637406859e2a8425951177": 109, "99f846f3": 19, "9a": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "9a05": 98, "9a4b": 157, "9a7d483f1db2": 108, "9ab6ae14bb10": 102, "9ab8": 106, "9acd32": 91, "9acef57500d9b89f82cc91e2fd336a7d91a9b9b7aba2142926c7ec0200add67837547c1edfad047efe447f2db1882b2d7955f413426997e0adb17b80d8d6436a2bf36050fe9a45dd102316a8fa2a848e9a31ef4e9ff17d17759b199c38a5266578b47b9c0820d9016281a9270996615441438e1aba839683171f085e8b05d3cd492213361fbb27c761184de071bdc67baaaee09a448a3f25829b29ef37d57dcffe10df94faca02e01536f62fcd67285d1e504d56b6a639ef0531a7dcd3ef39fa9e34409a32be16ddcf530b787d0e5739a0e4bc60dc676a50894ee532a10f421acd621f3bded71c427881357ef20b5f8918eaad29e337a11981cfb97533ec3941": 188, "9ae9cd9c": 42, "9aef": 109, "9b07dd735441": 80, "9b09": 24, "9b2b": [102, 103, 186], "9b2d": 24, "9b3e": 127, "9b4630d4b69a2b1381c9e39c66cbfafc4d3a9288": 46, "9b67": 24, "9b71": 106, "9ba82fd36919": 98, "9bd2": 137, "9c0a": 130, "9c4f": 78, "9c5ed05e092e5bb97e3f195b9b610d17": 117, "9c6d": 24, "9c84": 148, "9cc7": 106, "9d1969c7": 98, "9d234710c5e5": 81, "9d32e1b": 78, "9d38": 106, "9d55c259": 24, "9d64": 146, "9d86": 24, "9e688968fd94": 24, "9e9f": 24, "9ee3fa9f9907f3c6321a7323aaf0bee5a4aa5eb59652911d3cde20567d90f75": 127, "9ee8fac8927c": 39, "9eef": 24, "9f": 116, "9fc8f81b962541b26d1e0feaf2c1523": 33, "9jf5st900y1h": 107, "9o9yondfpqb8": 111, "9t6hycryc0imfyglh8huh6orq0qo6pnmv8gcgw4zdhnhuqms3xwhn5c3mwsxgs5": 111, "A": [4, 9, 10, 12, 13, 15, 16, 18, 19, 20, 24, 25, 27, 29, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 56, 59, 60, 61, 64, 65, 66, 67, 68, 69, 72, 74, 76, 77, 78, 79, 80, 83, 85, 87, 88, 90, 91, 95, 98, 99, 100, 101, 103, 104, 106, 107, 109, 111, 113, 114, 115, 116, 117, 120, 121, 122, 123, 127, 128, 130, 131, 132, 133, 136, 137, 138, 141, 143, 144, 146, 148, 152, 153, 154, 155, 157, 159, 161, 167, 168, 180, 181, 182, 183, 184, 186, 189, 190, 191, 192], "AND": [15, 16, 19, 24, 25, 35, 49, 72, 79, 80, 81, 103, 106, 107, 108, 113, 116, 117, 119, 124, 130, 131, 137, 146, 152, 155, 167, 168], "AS": [15, 27, 43, 103, 150], "AT": 37, "And": [72, 111], "As": [16, 33, 35, 49, 57, 64, 70, 71, 72, 76, 102, 106, 107, 108, 113, 130, 137, 146, 152, 157], "At": [4, 15, 16, 108, 116, 133, 137], "BES": 137, "BY": 103, "Be": [49, 64, 67, 76, 77, 82, 87, 89, 97, 103, 104, 110, 129, 155, 162, 182, 183, 184, 191], "But": [11, 15, 35, 36, 42, 43, 49, 66, 67, 74, 78, 81, 88, 89, 90, 91, 99, 102, 103, 104, 114, 117, 118, 125, 129, 133, 153], "By": [4, 10, 12, 16, 21, 29, 43, 52, 55, 61, 68, 78, 80, 95, 98, 100, 101, 104, 106, 113, 115, 121, 123, 125, 128, 132, 141, 143, 156, 161, 188], "FOR": [119, 182, 188], "For": [3, 4, 6, 9, 27, 30, 33, 34, 38, 45, 48, 68, 73, 95, 101, 118, 119, 120, 121, 134, 135, 139, 143, 145, 160, 165, 170, 173, 177, 178, 179, 180, 181, 182, 183, 184, 190, 191, 192], "IN": [27, 113], "INS": 15, "INTO": 192, "IT": [11, 21, 67, 119, 146], "If": [1, 3, 4, 7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 55, 56, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 110, 111, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 138, 140, 141, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 161, 162, 167, 168, 176, 178, 179, 180, 181, 182, 183, 184, 189, 190, 191, 192], "In": [3, 4, 11, 13, 14, 15, 18, 21, 24, 25, 26, 30, 33, 34, 35, 36, 37, 38, 42, 43, 46, 47, 48, 49, 57, 59, 64, 66, 67, 69, 70, 71, 74, 76, 77, 78, 79, 80, 81, 82, 85, 87, 88, 89, 90, 91, 97, 99, 100, 101, 102, 103, 104, 106, 107, 108, 111, 113, 114, 116, 117, 119, 120, 121, 123, 125, 127, 128, 129, 130, 131, 133, 134, 136, 141, 142, 144, 146, 148, 152, 153, 155, 157, 166, 178, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "It": [1, 3, 4, 5, 13, 30, 35, 36, 43, 49, 56, 64, 66, 72, 77, 82, 88, 90, 91, 97, 98, 99, 100, 102, 103, 104, 106, 107, 108, 111, 113, 119, 120, 121, 123, 125, 127, 130, 133, 135, 142, 146, 148, 152, 167, 168, 176, 179, 182, 184, 186, 190, 191], "Its": 119, "NOT": [25, 38, 88, 107, 113, 116, 130, 131, 146, 181], "No": [8, 10, 11, 12, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 41, 42, 43, 45, 46, 47, 49, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 68, 69, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 93, 94, 95, 96, 97, 98, 99, 100, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 121, 123, 124, 125, 126, 127, 129, 130, 131, 133, 134, 136, 137, 138, 139, 140, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 155, 157, 161, 167, 168, 180, 182, 183, 184, 185, 186, 187, 188, 192], "Not": [8, 13, 16, 38, 41, 43, 54, 66, 78, 80, 88, 91, 104, 106, 107, 108, 113, 115, 116, 117, 124, 129, 130, 146, 152, 155, 179, 183], "ON": [76, 146, 182], "OR": [13, 18, 24, 25, 35, 39, 49, 67, 72, 80, 102, 107, 109, 113, 116, 117, 119, 120, 129, 146, 155], "Of": 104, "On": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 120, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 157, 167, 192], "One": [2, 8, 14, 16, 41, 61, 77, 101, 102, 115, 117, 123, 127, 128, 136, 137, 143, 150, 183, 186, 191], "Or": [41, 80, 82, 110, 155, 157], "Such": 15, "TO": [88, 182], "That": [77, 127], "The": [0, 1, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 46, 47, 48, 49, 51, 52, 53, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 128, 129, 130, 131, 132, 133, 136, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 158, 159, 160, 161, 162, 163, 164, 165, 167, 168, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 192], "Then": [3, 9, 14, 33, 37, 44, 47, 64, 67, 77, 83, 97, 103, 112, 146, 192], "There": [10, 12, 15, 16, 20, 24, 29, 38, 43, 49, 52, 53, 58, 60, 61, 68, 69, 70, 71, 78, 79, 81, 86, 91, 95, 100, 101, 107, 111, 115, 119, 120, 123, 127, 128, 130, 132, 133, 136, 141, 143, 148, 155, 159, 161, 179, 183, 191, 192], "These": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 56, 57, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 118, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 143, 144, 146, 147, 148, 150, 152, 153, 154, 155, 157, 163, 167, 178, 180, 181, 182, 183, 186, 191], "Theses": 168, "To": [4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 39, 41, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 55, 56, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 136, 137, 138, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 157, 159, 160, 161, 162, 163, 164, 167, 169, 170, 173, 174, 175, 176, 177, 182, 183, 184, 185, 186, 187, 188, 190, 191, 192], "WITH": 182, "Will": [38, 59], "With": [35, 62, 90, 102, 103, 104, 106, 107, 108, 111, 113, 123, 127, 128, 136, 141, 146, 154, 180, 186], "_": [13, 18, 25, 43, 46, 55, 79, 91, 98, 107, 116, 130, 131, 146, 155, 178, 180, 182], "__c": 113, "__emailmessag": [117, 137], "__future__": 192, "__import__": 30, "__init__": [13, 18, 25, 46, 79, 91, 116, 130, 131, 137, 146, 192], "__main__": [15, 16, 117, 155], "__name__": [15, 16, 117, 155, 192], "__typenam": [103, 152], "_ansible_no_log": 11, "_assigned_d": 21, "_attribut": 96, "_attribute_valu": 96, "_blank": [35, 49, 57, 88, 90, 103, 106, 107, 109, 113, 117, 130, 146, 185], "_broker_id": 76, "_client_id": 76, "_create_templ": 66, "_destination_tenant_guid": 76, "_destination_top": 76, "_file": 130, "_grr_search_funct": 192, "_hash": 146, "_hostnam": 130, "_id": 39, "_index": [39, 130], "_ip": 130, "_item": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "_kei": 129, "_link": [21, 46], "_mac": 130, "_message_id": 76, "_mitreattacktact": 130, "_mitreattacktechniqu": 130, "_other_field": 76, "_payload": 76, "_process": 130, "_raw": 130, "_raw_param": 11, "_request": 76, "_request_message_id": 76, "_resili": 68, "_score": 39, "_service_id": 76, "_sourc": 39, "_source_broker_id": 76, "_source_client_id": 76, "_source_tenant_guid": 76, "_summary_": 43, "_t": 108, "_unpacked__raw_resulttyp": 130, "_update_templ": 66, "_url": 130, "_userag": 130, "_usernam": 130, "_uses_shel": 11, "_valu": 133, "_version": 76, "a0": 24, "a00728ff": 77, "a00f861a": 96, "a06053fbd98a": 24, "a069": 98, "a091bb08092e5bb9462d735340e9132c": 117, "a0b2": 130, "a0b9fc7873584eeaa44e1c3f78882d28": 117, "a0d5": [106, 108], "a1": [69, 117], "a123": [27, 100], "a1234567a1ab12345a5308c05fac0abc": 188, "a124": 19, "a12ab1abc1ab123c12abc1ab1a12a1a12345a1a1": 144, "a12ab1abc1ab123c12abc1ab1a12a1a12345a1a2": 144, "a142f062": 104, "a14cb453f735": 78, "a17f": 64, "a1abc12345678b716d2a7d61b51c6d5764ab1234": 144, "a1abc123456c7a1234567890d6b12a1": 144, "a1b2c3d4597": 142, "a1b2c3d4e5f6": 19, "a259": 24, "a2875ba": 78, "a296": 106, "a29d": 99, "a2a8": 127, "a2b5": 24, "a2dbb074cb64": 96, "a39d": 106, "a3ff": 78, "a4": 69, "a4066fa7f2fa3b28d9f6ad4fc556d77074d0800a": 46, "a422": 72, "a44a": 80, "a47778e8373dc356e9726f2ebe9b210455a32e76b6fd893a8b691bd99436509c": 188, "a485": 130, "a49d": 124, "a4b7e24a": [78, 79], "a4bd": [102, 186], "a4d7d5c9092e5bb97e3f195baeef6330": 117, "a4fa638ab155": 39, "a4t": 122, "a5": [117, 122], "a51eb932122b9f71062e9ed8705f35f0": 192, "a51fcf09092e5bb97e3f195b11557294": 117, "a5523442": 117, "a55f": 106, "a574": 106, "a5cd": 103, "a5e2ee53092e5bb91ebe5413ee47c386": 117, "a5f818c5": 106, "a6037efe092e5bb936343f3a4f976490": 117, "a62cab990d8648b6a9047787e030fa7": 133, "a656": 19, "a6a5": 116, "a6c2": 24, "a7132944092e5bb91799542349877dc4": 117, "a736": 127, "a776161a9ff8": 98, "a7a7": 184, "a7b6": 152, "a7c8cfb0b6ba": 81, "a7db": 106, "a80d": 80, "a849": 98, "a863": 78, "a8a8afd5c67": 80, "a8f1": 106, "a8pqqpskl7vgrx8vheovs7toybctxbwcmcxtfdjmnhfsmzzzwoy4frkyqlychfdr0muotntpjpb": 98, "a9": 117, "a927": 117, "a9563": 153, "a96b": 24, "a98a0f97": 24, "a9a09646": 148, "a9c6": 98, "a9e3": 10, "a_url": 91, "aa": [91, 117, 124, 137], "aa08": 19, "aa0d": 59, "aa123abc12abcd95cd3d9cd0e24614f123456a12": 188, "aa123abc12abcd95cd3d9cd0e24614f123456a13": 188, "aa123abc12abcd95cd3d9cd0e24614f123456a22": 188, "aa419": [13, 72], "aa8404d4a129": 117, "aa916f54d4e2bdf424a8e36a5fa2252770cbcbf3": 46, "aaa": [43, 80, 124, 147], "aaa7": 80, "aaa_auth_error": 43, "aaa_brute_forc": 43, "aaaa": [19, 78, 81, 144, 147, 191], "aaaaaaa": 24, "aaaaaaaa": [19, 24], "aaaaaaaaaa": 107, "aaaaaaaaaaaaa": 107, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa": 24, "aaaae": 78, "aaae": 103, "aac19471": 130, "aad": 80, "aaddeviceid": 78, "aadtenantid": 78, "aadus": 133, "aaduserid": [78, 79], "aamkagvhzgflndvhlti0mdatnge1ni05zjk3ltaxnzllyjfindazywbgaaaaaadg92sqc8zpqj1gsk2sch2nbwdi5xky9khuq48uewaxv": 42, "aaqkagvhzgflndvhlti0mdatnge1ni05zjk3ltaxnzllyjfindazywaqalxvooc96jzpnurwrwacvyg": 42, "ab": 157, "ab06": 133, "ab1234b123456e7bd0cb4d9049298eb7d18fef66d950e8ab78bcd3f484345ce74536c19a85d0ba3d32dc9e7d1878cd4d341254e7ad129255c6983e6e154c4530a0daaf665ea325fc0206f8b1d7e0b6b7ab9abc71abcd4a12345678abcd123456": 96, "ab12a": 157, "ab250219d796": 24, "ab2ef34gh56ijklm012n3abc41ab2ef34gh56ijklm012n3abc4": 43, "ab2ef34gh56ijklm012n3abc41ab2ef34gh56ijklm4": 43, "ab66": 103, "ab6fdfdc092e5bb9493e327e03cfe785": 117, "ab7b": 130, "ab89": 80, "ab9b": 152, "aba": 107, "abac": 49, "abc": [13, 18, 25, 46, 78, 79, 91, 116, 124, 130, 131, 146, 155], "abc8": [88, 157], "abcd": [19, 99], "abcd1234": [17, 27, 88, 100, 148], "abcd1efghi2jk3l4mnop": 15, "abcde5abcabc2maqxcvdhvegowkt1abcd": 157, "abcdef": [88, 157], "abcdefg": [16, 24, 152], "abcdefg1": 152, "abcdefg1234": 24, "abcdefg12345": 16, "abcdefg1234567": [24, 88], "abcdefg123457": 24, "abcdefg2": 152, "abcdefg3": 152, "abcdefgh": [15, 16, 19, 91], "abcdefghi01234567": 24, "abcdefghij0k": 155, "abcedefg": 152, "abcpassword": 67, "abcxyzabc": 31, "abe1": 99, "abil": [16, 21, 25, 33, 41, 59, 66, 67, 70, 71, 76, 77, 80, 87, 88, 89, 97, 109, 111, 115, 119, 124, 129, 132, 133, 148, 153, 179, 182, 184, 191], "abl": [15, 16, 21, 80, 110, 111, 125], "abnormal_s3_upload": 43, "abnormal_user_cr": 43, "abnormally_large_database_respons": 43, "abort": [17, 74, 181], "abort_scan_result": 116, "about": [8, 16, 17, 24, 27, 29, 35, 46, 49, 64, 67, 78, 79, 82, 85, 87, 88, 89, 90, 91, 98, 99, 102, 103, 104, 106, 107, 108, 111, 113, 114, 115, 117, 127, 129, 133, 134, 142, 146, 149, 153, 154, 155, 156, 160, 175, 177, 181, 182, 184, 188, 190], "aboutm": 113, "abov": [3, 4, 7, 8, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 33, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 120, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 157, 162, 167, 183, 185, 186, 187, 188, 190, 191, 192], "abs7350fc": 133, "absenc": 147, "absent": 191, "absolut": [71, 98, 135, 183], "absolute_resilience_devic": 97, "absolute_resilience_is_serial_numb": 97, "absolute_resilience_list_devices_by_local_ip": 98, "absolute_resilience_local_ip": 98, "absolute_resilience_ord": 98, "absolute_resilience_order_by_valu": 98, "absolute_resilience_skip": 98, "absolute_resilience_top": 98, "abstract": 19, "absupd": 99, "abus": [7, 13, 102, 141, 150, 167, 188], "abusecomplaint": 188, "abuseconfidencescor": 7, "abuseipdb": [127, 156], "abuseipdb_artifact_typ": 7, "abuseipdb_artifact_valu": 7, "abuseipdb_check_ip_address_blocklist": 7, "abuseipdb_ct": 169, "abuseipdb_kei": [7, 169], "abuseipdb_range_of_dai": 7, "abuseipdb_threat_fe": 169, "abuseipdb_url": [7, 169], "abusix": [144, 188], "abw": 137, "ac1f": 102, "ac38af87": 81, "ac5f04be092e5bb97e3f195b3897defb": 117, "ac9f": 133, "aca5": 35, "acb2": 74, "acc5c44e941d": 98, "acceler": [102, 107], "accept": [35, 42, 65, 76, 85, 86, 91, 96, 98, 106, 111, 120, 133, 147, 157, 183, 187, 190], "access": [1, 4, 8, 9, 12, 17, 18, 19, 20, 21, 23, 24, 25, 31, 33, 34, 35, 36, 37, 38, 41, 42, 43, 46, 49, 55, 59, 62, 64, 68, 69, 71, 73, 74, 75, 77, 78, 79, 80, 81, 82, 84, 85, 87, 88, 89, 95, 96, 97, 98, 99, 100, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 119, 120, 121, 124, 125, 127, 129, 131, 133, 134, 137, 139, 146, 148, 150, 152, 156, 157, 168, 180, 182, 183, 184, 186, 188, 190, 192], "access_id": 130, "access_kei": [16, 130], "access_key_id": [15, 16], "access_key_id_list": 16, "access_token": [64, 88, 148], "access_token_secret": 64, "accesscod": 148, "accesskei": 15, "accesskeydetail": 15, "accesskeyid": [15, 16], "accessmod": 21, "accesss": 35, "accident": 148, "accommod": [72, 111, 118, 167], "accompani": [4, 73], "accord": [4, 21, 87, 92, 98, 102, 110, 127, 129, 148, 188], "accordingli": [4, 182, 185], "account": [1, 4, 7, 8, 9, 11, 13, 15, 16, 17, 18, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 57, 58, 59, 60, 63, 64, 65, 66, 67, 69, 71, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 114, 115, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 140, 141, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 162, 163, 166, 167, 168, 169, 182, 183, 185, 186, 189, 190, 191], "account_delet": 19, "account_deleted_account": 19, "account_detail": 113, "account_id": [15, 19, 116], "account_info": 19, "account_nam": 19, "account_name_account": 19, "account_name_credenti": 19, "account_name_runbook": 19, "account_name_schedul": 19, "account_name_statist": 19, "account_query_d": 19, "account_result": 19, "account_takeov": 137, "account_upd": 19, "accountexpir": 67, "accountid": [15, 64, 113, 116], "accountnam": [78, 79, 80, 116], "accountnumb": 113, "accountsourc": 113, "accounttyp": 64, "accredit": 188, "acct": [49, 130, 182, 183], "accumul": 119, "accur": [51, 115], "accuraci": 188, "acheiv": 49, "achiev": 111, "achren": 72, "ack": 181, "acknowledg": [21, 43, 90, 115, 117, 138, 163, 188, 192], "acknowledge_inc_output": 35, "acknowledge_md_output": 35, "acknowledgement_timeout": 90, "acltyp": 131, "acord": 192, "acquir": [42, 48, 56, 85], "acqur": 79, "acroform": 91, "acroni": [144, 188], "across": [43, 53, 69, 79, 80, 86, 98, 116, 117], "act": [112, 133, 143], "act_field_guardium_insights_fetch_s": 55, "act_field_guardium_insights_from_d": 55, "act_field_guardium_insights_to_d": 55, "action": [8, 9, 11, 21, 25, 30, 35, 36, 37, 39, 41, 42, 43, 46, 47, 49, 55, 56, 59, 60, 64, 66, 67, 73, 74, 77, 78, 81, 88, 89, 90, 91, 92, 98, 99, 103, 104, 106, 108, 109, 114, 116, 117, 118, 119, 120, 121, 125, 127, 129, 130, 133, 142, 144, 150, 153, 155, 163, 164, 165, 166, 181, 183, 184, 186, 190, 191, 192], "action_api": 15, "action_file_cr": 146, "action_id": 20, "action_msg": 78, "action_service_nam": 15, "action_taken": 43, "action_typ": 15, "actionafterreboot": 19, "actionid": 69, "actions_compon": 30, "actionstatu": 69, "actiontyp": 15, "activ": [2, 8, 9, 11, 13, 15, 16, 18, 22, 30, 31, 32, 34, 35, 36, 37, 42, 43, 49, 51, 60, 64, 66, 67, 68, 69, 72, 74, 77, 78, 80, 81, 82, 85, 88, 89, 90, 91, 96, 98, 99, 100, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 121, 125, 129, 130, 131, 133, 136, 137, 138, 142, 143, 144, 146, 148, 150, 152, 153, 155, 157, 160, 166, 167, 168, 183, 186, 190], "activation_cod": 146, "activation_code_expiry_tim": 146, "activation_condit": 98, "activation_typ": 98, "active__c": 113, "active_from": 43, "active_util": 43, "activedirectori": [108, 116], "activethreat": 116, "activetim": 35, "activity_field_given": 82, "activity_nam": 19, "activityd": 113, "activitygroupnam": 79, "activityid": 35, "activitykind": 124, "activitylog": 74, "activitymap_id": 43, "activityscor": 130, "activityst": 108, "actor": [10, 55, 99, 150], "actor_caller_typ": 15, "actornam": 78, "actors_list": 99, "actual": [21, 27, 91, 111, 160, 182], "actualavailableallocationunit": 54, "ad": [7, 9, 10, 11, 12, 13, 15, 16, 18, 19, 20, 21, 24, 25, 26, 27, 33, 34, 35, 36, 39, 41, 42, 43, 46, 47, 49, 52, 55, 56, 57, 58, 59, 60, 61, 64, 65, 66, 67, 69, 70, 72, 73, 74, 75, 76, 77, 79, 80, 81, 82, 85, 87, 88, 89, 90, 91, 92, 97, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 119, 120, 123, 124, 125, 127, 128, 129, 130, 131, 133, 134, 137, 141, 142, 144, 146, 148, 149, 150, 152, 153, 154, 155, 161, 167, 168, 174, 176, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 191], "ad1": 187, "ad18": 106, "ad2": 187, "ad22": 109, "ad3": 187, "ad8176b49d94a51aec11e0b5f0dc3257e60f288540315d72e21477a0c73a192d": 99, "ad_group_id": 146, "ad_hoc": 85, "ada7": 103, "adada": 154, "adam": [57, 185], "adamtheautom": 91, "adapt": [18, 25, 70, 117, 118, 120], "adapter_list_length": 18, "adaptivenetworkcontrolsresourceblad": 79, "adaptivenetworkharden": 79, "adb2": 79, "adb2292c092e5bb93065667f4a40bff9": 117, "adb5d27282c0": 98, "adb9": 103, "adblock": 187, "adc": [43, 117], "add": [0, 1, 4, 7, 8, 10, 13, 14, 15, 17, 18, 19, 21, 24, 26, 30, 32, 33, 34, 37, 38, 39, 41, 42, 46, 49, 50, 51, 53, 54, 57, 59, 60, 62, 63, 64, 66, 69, 77, 78, 79, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 95, 96, 98, 99, 100, 101, 102, 103, 105, 106, 108, 109, 110, 114, 115, 116, 120, 123, 125, 127, 131, 132, 133, 134, 136, 137, 138, 139, 142, 143, 144, 145, 146, 148, 149, 152, 153, 157, 162, 163, 166, 167, 168, 179, 180, 181, 182, 183, 184, 189, 190, 191], "add_artifact": [15, 117, 137], "add_artifact_from_email": 117, "add_artifact_result": 25, "add_attach": 119, "add_attachments_result": 107, "add_comment_to_insight_result": 130, "add_detection_note_result": 43, "add_email_convers": [137, 191], "add_fingerprintlist_result": 117, "add_groups_result": 67, "add_incident_not": 137, "add_info_to_cas": 137, "add_intel_item": 129, "add_members_from": 133, "add_members_incid": 133, "add_node_to_dt": 106, "add_perm_set": 74, "add_printer_driv": 43, "add_response_as_hit": 72, "add_result": 67, "add_results_not": 69, "add_row": 69, "add_row_to_campaign_object_dt": 99, "add_row_to_pipl_datat": 96, "add_separ": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "add_si": 74, "add_soar_id_as_security_mark": 49, "add_tag_result": 130, "add_tags_output": 35, "add_task": 102, "add_to_q": 73, "add_to_row": 19, "add_us": 74, "addal10": 108, "addartifact": [15, 24, 35, 41, 42, 43, 59, 69, 78, 79, 80, 85, 91, 96, 99, 102, 103, 107, 108, 117, 127, 130, 137, 140, 144, 146, 152, 188, 191], "addcustomdata_002": 18, "added_group": 16, "added_polici": 16, "added_tag": 35, "addedd": [57, 185], "addemailattach": 137, "addhit": [7, 51, 72, 92, 122, 130, 154, 167, 185, 187, 188], "addit": [1, 3, 4, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 56, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 70, 71, 72, 73, 74, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 136, 137, 138, 141, 142, 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 156, 157, 161, 164, 167, 168, 181, 183, 186, 190, 191], "addition": [22, 38, 41, 85, 111, 127, 153, 181, 182], "additional_com": 119, "additional_data": [21, 110], "additional_memb": 133, "additionaldata": 80, "additionalinfo": [15, 78], "additionalproperti": 124, "additon": 148, "addl": 190, "addnot": [7, 8, 9, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 33, 34, 35, 36, 38, 39, 41, 43, 46, 47, 49, 50, 51, 53, 54, 55, 59, 60, 62, 63, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 84, 85, 86, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 110, 113, 114, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 137, 138, 139, 140, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 185, 188, 192], "addon": 90, "addproperti": [13, 16, 18, 25, 43, 46, 79, 91, 107, 116, 117, 130, 131, 142, 146, 155, 189], "addr": [50, 60, 78, 102, 127, 130, 186], "addreject": 88, "addrespons": 67, "address": [1, 7, 8, 9, 10, 13, 14, 15, 18, 20, 22, 23, 24, 25, 27, 31, 33, 35, 37, 41, 42, 43, 45, 46, 49, 52, 54, 55, 56, 57, 60, 62, 65, 66, 67, 69, 72, 74, 76, 78, 79, 80, 81, 83, 85, 88, 90, 91, 92, 95, 96, 100, 102, 103, 104, 105, 106, 108, 111, 113, 115, 117, 119, 121, 123, 124, 127, 128, 129, 130, 131, 133, 134, 135, 137, 144, 146, 148, 149, 150, 155, 157, 162, 167, 174, 182, 185, 186, 188, 192], "address_group": 89, "address_md5": 96, "addrow": [8, 15, 16, 18, 19, 20, 24, 25, 33, 34, 35, 37, 38, 41, 43, 59, 67, 69, 74, 77, 78, 80, 82, 87, 88, 96, 98, 99, 102, 103, 104, 106, 107, 108, 114, 117, 124, 129, 130, 137, 138, 146, 152, 155, 186, 192], "addtask": [82, 102], "addtoreferencedata": 103, "addtoreferenceset": 103, "addtrust": 88, "adhocurl": [57, 185], "adiminstr": [123, 128, 141], "adjust": [29, 124, 130, 142], "admin": [8, 10, 35, 36, 41, 42, 43, 46, 59, 74, 76, 80, 81, 85, 89, 91, 99, 102, 103, 104, 107, 111, 116, 120, 121, 127, 129, 130, 133, 137, 148, 153, 154, 155, 157, 160, 166, 188, 191, 192], "admin_id": [60, 127], "admin_password": 192, "administ": 124, "administr": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 29, 30, 31, 32, 35, 36, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 100, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 140, 142, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 163, 167, 168, 180, 183, 185, 186, 187, 188, 189, 190, 191, 192], "administratoraccess": 16, "administratorcount": 117, "adminsoarm": 133, "adminstr": 161, "adminus": 107, "adminuslab": [144, 188], "adob": 43, "adobe_malware_classifi": 122, "adopt": 96, "adserv": 160, "adservic": 187, "advanc": [1, 19, 30, 43, 70, 71, 82, 96, 99, 148], "advanced_schedul": 19, "advancedschedul": 19, "advantag": [21, 49, 53], "adversari": 82, "advertis": 188, "advis": [38, 57, 80, 103, 131, 185], "advisor": [19, 98, 156], "advisori": 106, "adw": [43, 108], "adwar": [10, 37, 153], "ae": [15, 111], "ae2861b242686e7bd0cb4d9049298eb5d18fef66d950e8ab78bcd3f484345ce74536c19a85d0ba3d32dc9e7d1878cd4d341254e7ad12c25596cc3e7f51186468fd84b26f5ea234ef1546e7f5cdf7f7f5ba84b228f4a349812f8c57a1de7b6388b6": 96, "ae2861b242686e7bd0cb4d9049298eb7d18fef66d950e8ab78bcd3f484345ce74536c19a85d0ba3d32dc9e7d1878cd4d341254e7ad129255c6983e6e154c4530a0daaf665ea325fc0206f8b1d7e0b6b7ad9ebf71afac4c88709957ecdd78608b": 96, "ae3aa3d9307f": 124, "ae69": 80, "ae6c": 33, "ae7b": 78, "ae973ab4": [78, 79], "aeb7": 19, "aebab623": 80, "aec0": 152, "aec6": 59, "aed0": 108, "aes_128_gcm": 187, "aexampl": 88, "af": 147, "af217af0": 106, "af2b": 19, "af36": 78, "af3c39a10a320801000000dbf200c60a": 117, "af4ccbfba9c6": 130, "af52828c": 152, "af6c0b7f092e5bb90f1f6aaaa6a9091c": 117, "af73d9d5": 24, "af8b16cd": 67, "af94": 130, "afd6c37d": 106, "aff4": 54, "affect": [43, 49, 114, 116, 117, 152], "affected_project": 152, "affectedresourc": 15, "affili": 106, "affiliation_st": 106, "afg": 137, "afghanistan": 137, "aforement": 133, "africa": 137, "african": 137, "afrikaan": 147, "after": [9, 13, 18, 25, 33, 35, 38, 41, 42, 43, 46, 47, 56, 59, 64, 68, 69, 73, 74, 79, 85, 87, 88, 90, 91, 97, 100, 104, 105, 106, 107, 112, 113, 116, 118, 119, 121, 130, 131, 134, 135, 136, 138, 142, 146, 148, 157, 159, 162, 168, 179, 189, 191, 192], "afterward": [103, 191], "ag": [11, 13, 54, 187, 192], "again": [36, 42, 49, 56, 82, 85, 110, 114, 145, 146, 155, 168, 192], "against": [11, 13, 35, 36, 38, 43, 62, 67, 72, 78, 80, 85, 87, 92, 94, 99, 105, 106, 113, 114, 117, 134, 137, 149, 150, 151, 153, 155, 163, 166, 179, 191], "agenda": [31, 32, 148], "agent": [21, 24, 39, 43, 54, 103, 108, 111, 117, 122, 129, 130, 137, 168, 173, 187, 192], "agent_act": 24, "agent_data": 192, "agent_id": [116, 192], "agent_load_flag": 33, "agent_local_tim": 33, "agent_nil_st": 24, "agent_polici": 116, "agent_support": 24, "agent_vers": 33, "agentcomputernam": 116, "agentdecommissionedat": 116, "agentdetectioninfo": 116, "agentdetectionst": 116, "agentdomain": 116, "agentguid": [74, 77], "agentid": [80, 116, 117], "agentinfect": 116, "agentinfo": 54, "agentipv4": 116, "agentipv6": 116, "agentisact": 116, "agentisdecommiss": 116, "agentlastloggedinusernam": 116, "agentmachinetyp": 116, "agentmitigationmod": 116, "agentnetworkstatu": 116, "agentosnam": 116, "agentosrevis": 116, "agentostyp": 116, "agentrealtimeinfo": 116, "agentregisteredat": 116, "agentregistrationinform": 19, "agentsvc": 19, "agenttimestamp": 117, "agenttyp": 117, "agentusn": 117, "agentuuid": 116, "agentvers": [74, 78, 108, 116, 117], "aggi8ni7jmr52asax0bbsax0bb0en3": 21, "aggreg": [15, 99, 103, 107], "aggregate_flag": 99, "aggregated_cvss": 103, "aggregateprogress": 64, "aggregatetimeestim": 64, "aggregatetimeoriginalestim": 64, "aggregatetimesp": 64, "aglosec": 8, "ago": [137, 159], "agoddard": 99, "agre": [188, 192], "agreement": 11, "ahead": 99, "ahnlab": 122, "ai": [35, 43, 116, 144, 148, 156, 188], "aia": 137, "aiagroup": 35, "aiaincidentev": 35, "aianalyst": 35, "aianalystdata": 35, "aiascor": 35, "aicc": [144, 188], "aid": 6, "aida4eqbbg2ylag6dd5j3": 15, "aim": [72, 81], "air": 1, "airmauritiu": 99, "airport": 117, "aiza": 45, "ak_id": 16, "ak_stat": 16, "akam": 149, "akamai": 72, "akia4eqbbg2yczi44f7r": 15, "al32utf8": 182, "ala": 137, "alb": 137, "albania": 137, "albanian": 147, "alberta_health_risk_assess": [60, 127], "alert": [35, 37, 43, 57, 90, 91, 98, 106, 113, 117, 124, 130, 185], "alert_categori": 146, "alert_classif": 137, "alert_compromised_ent": 80, "alert_confidence_level": 80, "alert_count": 90, "alert_cr": [90, 146], "alert_d": 80, "alert_data": 107, "alert_datatable_upd": 137, "alert_descript": [78, 80], "alert_group": 90, "alert_grouping_paramet": 90, "alert_grouping_timeout": 90, "alert_id": [78, 80, 146], "alert_link": 78, "alert_list": 107, "alert_nam": 80, "alert_notes_pres": 146, "alert_queri": 79, "alert_remediation_step": 80, "alert_row": [107, 137], "alert_rrn": 107, "alert_sever": 80, "alert_sourc": 107, "alert_statu": 80, "alert_tact": 80, "alert_time_rang": 79, "alert_time_range_sec": 79, "alert_typ": [80, 107, 146], "alert_type_descript": 107, "alert_url": [80, 108, 146], "alert_url_urlencod": 146, "alertblad": [79, 80], "alertcreationtim": 78, "alertdeeplink": [79, 80], "alertdetect": 79, "alertdisplaynam": 80, "alertgroupidentifi": 124, "alertid": [78, 79, 80, 108], "alertidentifi": 124, "alertlink": 80, "alertmessageenqueuetim": 80, "alertnam": 124, "alertproductnam": 80, "alertrul": 80, "alerts_result": 80, "alertscount": 80, "alerttyp": 80, "alexa": [144, 167], "alexa_1m": 72, "alexand": 96, "alg": 108, "algeria": 137, "algorithm": [43, 70, 111, 130, 144, 168, 188], "algosec": 156, "algosec_appl": 8, "algosec_change_request_id": 8, "algosec_destin": 8, "algosec_includedevicespath": 8, "algosec_includeruleszon": 8, "algosec_internet_connectivity_queri": 8, "algosec_isolation_request": 8, "algosec_query_target": 8, "algosec_servic": 8, "algosec_sourc": 8, "algosec_traffic_change_act": 8, "algosec_traffic_change_request_descript": 8, "algosec_traffic_change_request_devic": 8, "algosec_traffic_change_request_subject": 8, "algosec_traffic_change_templ": 8, "algosec_us": 8, "alia": [43, 113], "alias": [56, 82], "alien_search_typ": 9, "alien_search_valu": 9, "alien_sect": 9, "alien_vault_search_section_ip": 9, "alienvault": [144, 156, 188], "alienvault_search_typ": 9, "alienvault_search_valu": 9, "alienvault_sect": 9, "align": [88, 91, 118], "all": [3, 4, 8, 10, 11, 12, 13, 16, 18, 19, 21, 22, 23, 24, 25, 29, 30, 32, 33, 34, 35, 39, 41, 42, 43, 44, 45, 46, 47, 49, 54, 55, 59, 60, 61, 66, 67, 68, 69, 70, 72, 73, 75, 76, 77, 78, 79, 80, 81, 84, 85, 86, 88, 90, 91, 92, 97, 98, 99, 102, 103, 106, 107, 108, 109, 111, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 130, 131, 133, 134, 137, 138, 139, 141, 142, 144, 145, 146, 148, 152, 153, 154, 155, 157, 159, 163, 167, 168, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 190, 192], "all_firewal": 8, "all_firewalls_queri": 8, "all_incid": [15, 43], "all_incidents_field": 43, "all_tag": 35, "alleg": 185, "allen": 15, "allianc": 130, "alloc": [88, 150], "allocateaddress": 15, "allow": [0, 4, 8, 9, 11, 14, 15, 16, 18, 19, 20, 21, 23, 24, 25, 29, 31, 33, 34, 36, 38, 39, 42, 43, 49, 53, 54, 56, 57, 60, 64, 65, 66, 67, 68, 69, 72, 74, 75, 78, 79, 80, 81, 83, 85, 86, 87, 88, 89, 91, 99, 103, 104, 105, 106, 109, 111, 113, 114, 115, 116, 117, 118, 119, 121, 124, 127, 129, 130, 131, 133, 136, 146, 147, 148, 153, 155, 157, 161, 162, 178, 179, 180, 181, 182, 183, 184, 188, 190, 191], "allow_ad_hoc_execut": 85, "allow_codetag": [119, 121], "allow_fork": 46, "allow_legacy_authorization_en": 49, "allow_open_ssh_port": 49, "allowal": 148, "allowanyusertobecohost": 148, "allowauthenticateddevic": 148, "allowed_ip": 74, "allowed_status_cod": 111, "allowedip": 74, "allowfirstusertobecohost": 148, "allowjoin": 148, "allowlist_url": 155, "allowmoduleoverwrit": 19, "allownewtimepropos": 42, "allowremoteshel": 116, "allrecord": 130, "almost": [4, 57, 152, 179, 185], "aln": 104, "along": [1, 11, 15, 22, 25, 36, 42, 43, 66, 67, 74, 77, 78, 81, 88, 89, 90, 91, 99, 103, 104, 109, 111, 114, 117, 118, 119, 120, 125, 129, 133, 136, 144, 153, 191], "alongsid": [111, 185], "alphamountain": [144, 188], "alphanumber": 97, "alphanumer": 103, "alphasoc": [144, 188], "alreadi": [10, 11, 12, 16, 21, 22, 29, 30, 35, 37, 38, 45, 55, 61, 74, 81, 88, 89, 109, 111, 113, 114, 115, 117, 121, 124, 131, 137, 142, 145, 148, 168, 178, 180, 181, 182, 184, 191, 192], "also": [1, 4, 8, 10, 11, 12, 13, 15, 16, 18, 19, 20, 21, 24, 25, 27, 29, 33, 35, 36, 38, 41, 42, 43, 44, 49, 52, 56, 57, 61, 64, 66, 67, 68, 70, 72, 79, 80, 81, 82, 86, 88, 89, 91, 95, 96, 98, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 115, 116, 117, 119, 121, 123, 124, 126, 128, 130, 131, 132, 133, 136, 137, 141, 143, 145, 146, 148, 150, 152, 155, 156, 161, 178, 179, 180, 181, 182, 183, 184, 185, 186, 190, 191, 192], "alt": [102, 186, 187], "alt1": 13, "alt2": 13, "alt3": 13, "alt4": 13, "alter": [4, 38, 43, 56, 77, 182, 190, 191], "altern": [30, 36, 38, 43, 58, 79, 88, 111, 116, 138, 157, 158], "although": [86, 95, 111, 113], "alto": 156, "alwai": [86, 111, 118, 119, 148, 166, 192], "am": [10, 43, 117, 187], "am_descript": 43, "am_id": 43, "amazon": [15, 16, 90, 103, 152], "amazonaw": [1, 15, 16, 152], "amazonroute53readonlyaccess": 16, "amber": 10, "amd": 116, "amd64": [54, 59], "amer": 90, "america": [13, 32, 64, 90, 108, 113, 114], "american": [96, 137], "american_indian": 96, "amhgor1zpif2": 98, "among": [180, 184], "amount": [19, 43, 64, 73, 103, 136, 145, 168], "amp4ep": 24, "amp_act": 24, "amp_application_sha256": 24, "amp_artifact_type_act": 24, "amp_artifact_type_ev": 24, "amp_artifact_type_trajectori": 24, "amp_com": 24, "amp_comput": 24, "amp_computer_isol": 24, "amp_computer_trajectori": 24, "amp_conn_guid": 24, "amp_detection_sha256": 24, "amp_ev": 24, "amp_event_typ": 24, "amp_external_ip": 24, "amp_file_descript": 24, "amp_file_list_fil": 24, "amp_file_list_guid": 24, "amp_file_sha256": 24, "amp_group": 24, "amp_group_guid": 24, "amp_group_nam": 24, "amp_hostnam": 24, "amp_internal_ip": 24, "amp_limit": 24, "amp_offset": 24, "amp_q": 24, "amp_scd_file_list": 24, "amp_scd_nam": 24, "amp_sever": 24, "amp_start_d": 24, "ampersand": 42, "amqp": 59, "ams_": 43, "ams_descript": 43, "ams_id": 43, "ams_nam": 43, "amsterdam": 21, "amzn": 111, "an": [0, 1, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 35, 36, 39, 41, 42, 43, 45, 46, 48, 49, 51, 52, 53, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 108, 109, 110, 111, 112, 114, 115, 116, 117, 118, 119, 120, 122, 123, 124, 125, 126, 128, 129, 131, 132, 133, 134, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 160, 161, 162, 163, 167, 168, 169, 172, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "an_ip": 91, "anaconda": 84, "analys": [142, 182], "analysi": [9, 40, 43, 52, 62, 63, 72, 73, 81, 96, 98, 119, 120, 135, 142, 144, 145, 155, 156, 182, 188], "analysis_id": 145, "analysis_job_start": 145, "analysis_level": 43, "analysis_link": 145, "analysis_report_id": 65, "analysis_report_nam": 65, "analysis_report_statu": 145, "analysis_report_url": 65, "analysis_sever": 145, "analysis_statu": [65, 145], "analysis_tim": [102, 186], "analysis_vti_scor": 145, "analysis_webif_url": 145, "analyst": [23, 25, 35, 57, 79, 82, 102, 103, 116, 121, 161, 185], "analystverdict": [72, 116], "analystverdictdescript": 116, "analyt": [39, 107, 115], "analytics_poll_tim": 55, "analyz": [38, 40, 63, 65, 73, 82, 99, 100, 102, 115, 127, 135, 137, 155, 156, 182, 186, 187], "analyzer_report_statu": 145, "anchor": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "andorra": 137, "android": [65, 69, 78], "androiddeviceid": 69, "angel": 144, "angola": 137, "anguilla": 137, "ani": [2, 8, 9, 10, 11, 15, 16, 18, 20, 21, 22, 24, 25, 29, 33, 37, 41, 43, 49, 53, 56, 57, 59, 61, 62, 64, 67, 71, 72, 77, 78, 79, 81, 82, 85, 86, 87, 88, 89, 91, 93, 98, 101, 102, 103, 104, 106, 107, 110, 111, 113, 114, 115, 116, 117, 118, 119, 120, 121, 123, 125, 127, 128, 129, 130, 137, 142, 143, 145, 148, 152, 154, 155, 157, 162, 164, 165, 168, 179, 181, 182, 183, 186, 188, 189, 190, 191, 192], "ann": 96, "annmari": 130, "announc": [38, 41], "annualrevenu": 113, "anomal": [15, 108], "anomali": [15, 55, 56, 156], "anomalousapi": 15, "anomalousbehavior": 15, "anonym": [43, 67, 91], "anonymous_ftp": 43, "anorc": 113, "anoth": [35, 36, 38, 41, 42, 49, 58, 66, 67, 80, 104, 106, 107, 108, 113, 127, 146, 179, 182, 183], "another_script": 85, "another_templ": 88, "ansibl": 156, "ansible_host": 11, "ansible_modul": 11, "ansible_module_argu": 11, "ansible_paramet": 11, "ansible_playbook_nam": 11, "ansible_playbook_vari": 11, "antarctica": 137, "anti": 117, "anti_viru": 122, "antigena": 35, "antigua": 137, "antii": [144, 188], "antiip_spoof": 117, "antimac_spoof": 117, "antimalwar": [108, 117], "antisoci": 13, "antispam": 91, "antiviru": 78, "any_platform": 51, "anymor": 192, "anyon": 133, "anyth": [7, 24, 85, 102, 111, 120, 179], "anytim": 30, "anywher": 163, "ap": [35, 107], "apach": [43, 106], "apache_http_server_path_travers": 43, "apache_struts2_exploit_attempt": 43, "apart": [96, 133], "apcu": 122, "apg": 16, "api": [2, 4, 7, 9, 10, 11, 12, 14, 17, 22, 26, 27, 28, 29, 31, 32, 34, 39, 45, 46, 47, 50, 51, 52, 53, 56, 57, 58, 60, 62, 63, 65, 66, 71, 72, 75, 76, 79, 81, 83, 84, 85, 86, 90, 91, 92, 93, 94, 95, 97, 100, 101, 105, 113, 115, 118, 122, 123, 126, 127, 128, 131, 134, 136, 140, 141, 142, 144, 145, 147, 148, 150, 151, 153, 154, 156, 158, 162, 166, 169, 170, 171, 174, 176, 179, 183, 184, 187, 188, 191, 192], "api_access_nam": 35, "api_cal": 34, "api_call_typ": 34, "api_call_type_text": 34, "api_cli": 192, "api_document": 99, "api_endpoint": 192, "api_endpoint_url": 130, "api_id": 146, "api_kei": [18, 35, 45, 52, 72, 89, 100, 107, 108, 124, 139, 183], "api_key_id": 183, "api_key_secret": 183, "api_nam": 182, "api_request_id": 137, "api_secret": [18, 35, 72, 80, 108, 139, 146], "api_token": [14, 24, 26, 27, 46, 83, 90, 103, 104, 106, 111, 116, 125, 137, 144], "api_url": [78, 152], "api_vers": [18, 24, 80, 89, 102, 106, 107, 108, 113, 116, 131, 137], "api_void_artifact_typ": 13, "api_void_artifact_valu": 13, "api_void_request_typ": 13, "apibl": 128, "apidoc": [66, 117], "apikei": [57, 98, 108, 109, 127, 154], "apikey_valu": 154, "apislaexpir": 124, "apistageslaexpir": 124, "apiv4": 72, "apivoid": 156, "apivoid_api_kei": 13, "apivoid_base_url": 13, "apivoid_sub_url": 13, "aponoff": 117, "app": [0, 6, 9, 14, 23, 27, 34, 42, 52, 56, 68, 70, 71, 73, 82, 83, 86, 95, 100, 101, 105, 112, 118, 120, 127, 132, 134, 135, 143, 159, 160, 161, 166, 169, 172, 173, 174, 175, 176, 181, 185, 187, 188, 190, 191], "app_app_id_attr": 69, "app_attr": 69, "app_config": [35, 43, 49, 64, 90, 106, 107, 113, 130, 146, 152], "app_dt": 69, "app_fn_components_exe_fn_compon": 30, "app_id": [69, 102], "app_instal": 98, "app_logo": 4, "app_nam": [4, 69, 157], "app_search": 39, "app_secret": [78, 80], "app_vers": 69, "app_version_attr": 69, "apparent_encod": 111, "appbuild": 109, "appcompliancest": 69, "appdata": 154, "appdatas": 69, "appear": [10, 21, 22, 59, 116, 120, 121, 125, 128, 133, 137, 176, 183, 185, 191], "append": [10, 13, 16, 17, 18, 25, 36, 38, 46, 53, 59, 60, 64, 72, 78, 79, 80, 81, 82, 89, 91, 97, 98, 102, 108, 113, 114, 116, 117, 122, 127, 130, 131, 138, 146, 150, 159, 167, 180, 182, 186, 191, 192], "apperrorcod": 117, "appexchang": [4, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 142, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167], "apphost": [8, 39, 59, 65, 86, 88, 94, 108, 109, 114, 118, 148, 182], "appid": 69, "appinstanceserv": 21, "appinterfaceform": 21, "appl": [34, 72], "appld8dth6rcih86": 69, "applewebkit": [94, 187], "appli": [13, 16, 18, 21, 25, 33, 46, 49, 74, 78, 79, 80, 90, 91, 97, 98, 102, 106, 110, 111, 113, 116, 130, 131, 146, 166, 167, 179, 191], "applianc": [9, 25, 33, 34, 43, 52, 132, 163, 178, 180, 181, 182, 184, 192], "appliance_id": 43, "appliance_nam": 146, "appliance_uuid": [43, 146], "applic": [4, 8, 19, 23, 24, 27, 29, 37, 38, 41, 42, 43, 61, 64, 69, 72, 78, 79, 80, 88, 90, 101, 103, 106, 107, 108, 109, 111, 115, 117, 121, 123, 127, 128, 137, 138, 143, 146, 148, 153, 156, 157, 160, 167, 169, 170, 173, 177, 183, 190], "application_block": 24, "application_id": [133, 137], "application_sha256": 24, "application_whitelist": 24, "applicationid": 103, "applicationnam": [79, 103], "applications_to_monitor": 117, "applied_d": 33, "applogin": 21, "applyandmonitor": 19, "applytag": 76, "applytempl": [21, 110], "appnam": [37, 107], "apppassword": 21, "approach": [82, 99, 136, 191], "appropri": [4, 16, 49, 58, 64, 70, 71, 72, 97, 103, 108, 111, 133, 167, 183, 190], "approv": [23, 38, 146], "approve_list": 190, "approxim": [57, 185], "approximate_unaggreg": 146, "appspot": 187, "appsvulnerabilitystatu": 116, "apptyp": 69, "appx": 48, "apr": 114, "april": [104, 153], "apschedul": 114, "apt": [78, 82, 86], "aqhzksvjvfwihz3qnk": 42, "aql": [18, 103], "aqmkagvhzgflndvhlti0mdaaltrhntytowy5ny0wmtc5zwixyjqwm2malgaaa8b3zkolzolanuzktaxwfy0baolletl0oe5djxr7brg": 42, "ar": [1, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 41, 42, 43, 44, 45, 46, 47, 48, 49, 51, 52, 53, 55, 56, 58, 59, 60, 61, 62, 63, 65, 66, 68, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 88, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 105, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 127, 128, 130, 131, 132, 133, 134, 136, 137, 138, 140, 141, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 165, 167, 168, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 190, 191], "ara": 86, "arab": [86, 137, 147], "arabia": 137, "arbitrari": [43, 78], "arc": [40, 99], "arch": [15, 108], "archenemi": 96, "archiv": [11, 30, 38, 42, 46, 81, 108, 127], "archive_format": 46, "archive_oper": 133, "archive_result": 133, "archive_search": 59, "archive_url": 46, "archived_fil": 24, "archivefind": 15, "archives_to_search": 59, "arcsight": [144, 188], "area": [21, 36, 37, 38, 60, 107, 127, 190], "arg": [4, 13, 18, 25, 43, 46, 72, 79, 85, 91, 98, 106, 111, 114, 116, 130, 131, 137, 146, 167, 192], "argentina": 137, "argument": [1, 35, 38, 85, 111, 192], "argv": [11, 187], "arial": 58, "ariel": 104, "arin": [83, 187, 188], "arm": 137, "armenia": 137, "armenian": 147, "armi": [144, 188], "armonk": 50, "army6j8scotdjyfdvo0yaisktifdxa7r": 98, "arn": [15, 16, 152], "around": [29, 42, 67, 119, 179], "arrai": [17, 182], "arriv": 191, "arrow": 192, "arsi": 21, "art": 88, "articl": [106, 185], "artifact": [7, 8, 9, 10, 11, 13, 18, 24, 26, 27, 28, 30, 33, 36, 37, 39, 40, 44, 46, 47, 48, 49, 51, 53, 54, 55, 57, 58, 59, 60, 61, 62, 63, 64, 65, 67, 73, 74, 76, 79, 80, 81, 85, 86, 87, 88, 89, 91, 92, 93, 94, 95, 97, 98, 100, 104, 105, 106, 107, 111, 113, 116, 117, 122, 123, 125, 126, 128, 129, 131, 134, 140, 141, 142, 144, 145, 146, 149, 150, 152, 153, 154, 155, 159, 160, 161, 162, 164, 166, 167, 169, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 191, 192], "artifact_analysi": 65, "artifact_api_to_typ": 15, "artifact_count": 130, "artifact_creation_count": 103, "artifact_data": 59, "artifact_descript": [42, 69, 78, 96, 99, 102, 117, 137], "artifact_dir": 11, "artifact_filt": 79, "artifact_id": [5, 28, 38, 40, 47, 63, 65, 73, 91, 109, 111, 113, 117, 125, 127, 144, 145, 188], "artifact_ip": 8, "artifact_keys_as_list": 59, "artifact_list": 131, "artifact_map": 18, "artifact_name_list": 131, "artifact_rel": 102, "artifact_retention_num": 11, "artifact_top": 181, "artifact_typ": [15, 24, 35, 42, 43, 59, 65, 69, 78, 96, 99, 102, 114, 117], "artifact_type_id": [60, 127], "artifact_type_lookup": 124, "artifact_type_map": 130, "artifact_type_to_row": 117, "artifact_valu": [11, 13, 15, 24, 42, 43, 59, 65, 69, 94, 96, 99, 114, 117, 137, 159], "artifact_values_as_list": 59, "artifactflg": 78, "artifacttyp": 191, "artificat": 124, "artifici": [102, 137], "artist": 13, "aruba": 137, "as15169": [62, 187], "as8075": 150, "as_own": 188, "asa": 156, "asa_ip": 25, "asa_password": 25, "asa_usernam": 25, "asabusecontact": 167, "asav": 25, "asc": [36, 60, 69, 74, 79, 98, 116, 117, 127, 182], "ascend": [43, 74, 98, 117], "ascens": 137, "ascii": [16, 111], "ascountri": 167, "asdf": 94, "asdm": 25, "asia": 41, "asia3": 149, "ask": [81, 192], "ask_en": 117, "asm": [106, 137], "asn": [15, 27, 37, 62, 94, 150, 187, 188], "asn_cidr": 150, "asn_country_cod": 150, "asn_dat": 150, "asn_descript": 150, "asn_org": 15, "asn_registri": 150, "asnam": 167, "asnnam": 187, "asnnumb": 15, "asnorg": 15, "aspect": [38, 182], "aspmx": 13, "ass": 107, "assess": [60, 102, 127, 137, 153], "asset": [14, 18, 33, 46, 80, 98, 104, 106, 113, 152], "asset_group": 146, "asset_id": 103, "asset_nam": 103, "asset_row": 18, "assetid": 113, "assets_format": 49, "assets_list": 18, "assets_raw": 49, "assets_url": 46, "assign": [4, 20, 21, 24, 33, 59, 60, 78, 80, 90, 97, 103, 110, 111, 113, 119, 124, 127, 131, 133, 144, 148, 155, 162, 181, 184, 191], "assign_fingerprintlist_to_group_result": 117, "assign_polici": 74, "assign_tag_result": 43, "assigne": [21, 43, 46, 64, 74, 90, 107, 124, 130], "assigned_d": 33, "assigned_to": [78, 104], "assigned_via": 90, "assignedto": [43, 78, 79, 80, 90, 103, 107, 130, 146], "assignedtocloudgroup": 117, "assignedtoloc": 117, "assignedusernam": 124, "assignee_nam": 74, "assigneenam": 74, "assignees_url": 46, "assignment_group": 119, "assist": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 167, 168], "assistantnam": 113, "assistantphon": 113, "assiz": 167, "associ": [11, 16, 17, 24, 31, 34, 36, 37, 41, 43, 49, 64, 72, 74, 78, 80, 81, 86, 88, 90, 97, 98, 99, 103, 104, 106, 107, 108, 113, 114, 115, 117, 119, 123, 125, 128, 130, 133, 134, 137, 141, 146, 152, 167, 168, 180, 181, 183, 184, 185, 187, 190, 191], "associatewithincid": 137, "assum": [30, 53, 79, 85, 111, 114, 117, 137, 148, 173], "assumed_rol": 15, "assumpt": [117, 191], "asymmetr": 182, "asynchron": [11, 17, 59, 76], "at_id": [60, 127], "ata": 137, "atd": [77, 156], "atd_password": 73, "atd_trust_level": 77, "atd_url": 73, "atd_usernam": 73, "atf": 137, "atg": 137, "atl": 64, "atlassian": [43, 64], "atleast": 133, "atp": [78, 79], "atpdeviceid": 117, "atpserv": 117, "atsvc": 43, "att": [15, 69, 81, 102, 156], "att_nam": [20, 117], "att_not": 117, "att_tact": [102, 186], "att_tech": [82, 186], "attach": [11, 18, 20, 21, 28, 30, 36, 40, 41, 43, 44, 47, 55, 58, 60, 61, 63, 64, 65, 68, 72, 73, 81, 84, 85, 86, 91, 97, 98, 99, 103, 104, 109, 114, 115, 117, 118, 126, 129, 131, 133, 137, 142, 144, 145, 165, 167, 173, 179, 180, 181, 182, 183, 184, 188, 191], "attach_fil": [60, 127], "attachmennt": 36, "attachment_base64": 41, "attachment_content_typ": 41, "attachment_desc": 48, "attachment_form_field_nam": 111, "attachment_id": [5, 28, 36, 38, 40, 41, 47, 63, 65, 73, 91, 111, 113, 119, 125, 127, 144, 145, 188], "attachment_id1": 41, "attachment_id2": 41, "attachment_input": 38, "attachment_nam": [18, 38, 41, 42, 47, 107, 113, 119, 126, 127], "attachment_s": 41, "attachmentinfo": 131, "attachments_count": [60, 127], "attachmentsourceformnam": 21, "attachmentsourceguid": 21, "attack": [7, 43, 49, 57, 72, 78, 79, 80, 82, 87, 88, 99, 100, 102, 103, 106, 107, 116, 117, 130, 133, 146, 152, 167, 185, 186, 191], "attack_not": 106, "attack_tact": [82, 146, 186], "attackdetail": 37, "attackphas": 35, "attatch": 145, "attempt": [1, 7, 16, 24, 35, 36, 37, 38, 43, 59, 78, 79, 80, 85, 98, 99, 103, 104, 107, 108, 111, 114, 130, 133, 137, 147, 153, 155, 167, 182, 191], "attempted_connections_drop": 43, "attende": [31, 32, 41, 42, 148], "attendee_url": [31, 32], "attendee_url_with_pass": 32, "attent": [21, 41, 136, 138], "attribut": [35, 38, 41, 42, 49, 59, 67, 69, 77, 80, 88, 111, 113, 121, 122, 133, 139, 144, 160, 167, 188], "attribute1": 67, "attribute2": 67, "attribute_count": 81, "attribute_id": 81, "attribute_nam": 67, "attribute_uuid": 81, "attribute_valu": [67, 122], "attributeextens": 117, "attributetag": 81, "atualizar": 95, "au": [57, 107, 133, 137, 148, 157, 185], "audit": [24, 59, 100, 130, 190], "auditlogg": 59, "aug": 114, "augment": 102, "august": [27, 41], "auid": 130, "australia": 137, "austria": 137, "aut": 137, "auth": [7, 19, 43, 46, 55, 56, 64, 85, 88, 91, 130, 152, 157, 160, 192], "auth_head": 111, "auth_method": 64, "auth_password": 180, "auth_token": 64, "auth_url": [19, 88, 157], "auth_us": 180, "auth_util": 157, "autha": 91, "authdetail": 74, "authent": [14, 16, 19, 21, 33, 39, 40, 43, 55, 56, 57, 64, 66, 67, 72, 80, 83, 85, 90, 91, 99, 104, 107, 110, 117, 118, 121, 125, 129, 130, 131, 133, 143, 152, 155, 168, 180, 185], "authentihash": 173, "author": [10, 12, 19, 29, 30, 38, 43, 46, 49, 52, 61, 64, 68, 80, 83, 95, 100, 101, 102, 106, 108, 111, 113, 115, 123, 125, 128, 130, 131, 132, 133, 137, 141, 143, 144, 146, 148, 157, 161, 168], "authoritativeverdict": 72, "authority_dist": 106, "authority_key_identifi": [144, 188], "authority_overrid": 106, "authorization_cod": [88, 111], "authorization_st": 106, "authorship": 125, "authsourc": 91, "authtyp": 74, "auto": [21, 30, 35, 49, 88, 89, 97, 100, 111, 113, 117, 124, 184, 192], "auto_approv": 10, "auto_resolve_timeout": 90, "auto_rol": 43, "auto_scaling_group_nam": 146, "auto_sync_darktrace_com": 35, "auto_test": 60, "autoblock": 117, "autoblock_dur": 117, "autoid": 74, "autom": [7, 8, 11, 13, 15, 16, 17, 18, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 142, 143, 144, 146, 147, 148, 150, 152, 153, 154, 155, 156, 162, 167, 183, 185, 187, 188], "automat": [11, 15, 18, 23, 33, 35, 36, 43, 49, 55, 64, 65, 66, 67, 69, 72, 74, 78, 80, 81, 87, 88, 89, 90, 91, 97, 98, 102, 106, 107, 108, 109, 111, 113, 116, 117, 118, 119, 125, 130, 131, 133, 137, 142, 146, 148, 152, 153, 161, 163, 167, 168, 174, 176, 182, 183, 184, 185, 187, 191, 192], "automaticallyresolv": 116, "automation1": 19, "automationaccount": 19, "automationhybridserviceurl": 19, "autoshun": [144, 188], "autostart": 43, "autosuppress": 35, "autotester24": 19, "autoupd": 35, "autoupdat": 35, "av": 117, "av_act": 146, "av_api_kei": 9, "av_ave_vers": 146, "av_base_url": 9, "av_engin": 146, "av_last_scan_tim": 146, "av_mast": 146, "av_pack_vers": 146, "av_product_vers": 146, "av_statu": 146, "av_update_serv": 146, "av_vdf_vers": 146, "avail": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 38, 39, 41, 42, 43, 45, 46, 47, 49, 51, 52, 53, 55, 56, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 74, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 138, 141, 143, 144, 146, 147, 148, 150, 152, 153, 154, 155, 159, 161, 167, 168, 179, 182, 191], "avalid": 40, "avast": 122, "avatar": [46, 64], "avatar_url": 46, "avatarid": 64, "avatarurl": 64, "avdefsetrevis": 117, "avdefsetsequ": 117, "avdefsetvers": 117, "avecbnzttwn0vlsgyznibork": 85, "avengineonoff": 117, "aventail": 117, "avenu": 21, "averag": [77, 86], "avg": 122, "avinstal": 108, "avira": [122, 144, 188], "avl": [144, 188], "avoid": [18, 49, 68, 72, 80, 85, 111, 116, 118, 127, 131, 148, 182, 190], "avt": 159, "aw": [43, 103, 104, 152, 153, 156], "aw2cacdq": 111, "awar": [64, 67, 77, 87, 89, 97, 103, 104, 129, 133, 182, 184, 191], "aws_access_key_id": 17, "aws_aim_group_filt": 16, "aws_aim_policy_filt": 16, "aws_api_cal": 15, "aws_gd_access_key_id": 15, "aws_gd_close_incident_templ": 15, "aws_gd_detector_id": 15, "aws_gd_finding_id": 15, "aws_gd_lookback_interv": 15, "aws_gd_master_region": 15, "aws_gd_polling_interv": 15, "aws_gd_region": 15, "aws_gd_regions_interv": 15, "aws_gd_secret_access_kei": 15, "aws_gd_severity_threshold": 15, "aws_guardduty_archiv": 15, "aws_guardduty_count": 15, "aws_guardduty_detector_id": 15, "aws_guardduty_finding_arn": 15, "aws_guardduty_finding_id": 15, "aws_guardduty_finding_typ": 15, "aws_guardduty_finding_updated_at": 15, "aws_guardduty_region": 15, "aws_guardduty_resource_typ": 15, "aws_guardduty_sever": 15, "aws_guardduty_trigger_refresh": 15, "aws_iam_access_kei": 16, "aws_iam_access_key_filt": 16, "aws_iam_access_key_id": [15, 16], "aws_iam_arn": 16, "aws_iam_group": 16, "aws_iam_group_filt": 16, "aws_iam_group_nam": 16, "aws_iam_mfa_serial_num": 16, "aws_iam_mfa_serial_numb": 16, "aws_iam_password": 16, "aws_iam_password_reset_requir": 16, "aws_iam_policy_filt": 16, "aws_iam_policy_nam": 16, "aws_iam_query_typ": 16, "aws_iam_secret_access_kei": 16, "aws_iam_sign_cert_id": 16, "aws_iam_ssc_id": 16, "aws_iam_ssh_key_id": 16, "aws_iam_ssh_keys_id": 16, "aws_iam_statu": 16, "aws_iam_us": 16, "aws_iam_user_filt": 16, "aws_iam_user_nam": [15, 16], "aws_imds_proxi": 43, "aws_region_nam": 17, "aws_s3_bucket_nam": 15, "aws_secret_access_kei": 17, "aws_services_enumer": 43, "aws_sms_topic_nam": 17, "awsapicallact": 15, "awscloud": 103, "awsdenyal": 16, "awsdenyall_2": 16, "awsserviceroleforaccessanalyz": 15, "awsserviceroleforamazonguardduti": 15, "awsserviceroleforconfig": 15, "awsserviceroleforsecurityhub": 15, "awsservicerolefortrustedadvisor": 15, "ax5ezig32a8mbpkcwyoi": 98, "axon": 18, "axoniu": 156, "axonius_attachment_nam": 18, "axonius_countri": 18, "axonius_device_dis": 18, "axonius_device_limit": 18, "axonius_devices_dt": 18, "axonius_email": 18, "axonius_enforcement_set_nam": 18, "axonius_field_name_list": 18, "axonius_get_device_by_queri": 18, "axonius_get_device_count": 18, "axonius_hard_drives_encryption_statu": 18, "axonius_hostnam": 18, "axonius_id": 18, "axonius_incident_id": 18, "axonius_internal_axon_id": 18, "axonius_ip": 18, "axonius_last_used_us": 18, "axonius_last_used_users_dept": 18, "axonius_limit": 18, "axonius_link": 18, "axonius_nam": 18, "axonius_os_type_distribut": 18, "axonius_own": 18, "axonius_query_d": 18, "axonius_query_str": 18, "axonius_region": 18, "axonius_saved_query_nam": 18, "axonius_security_level": 18, "axonius_tag": 18, "axonius_task_id": 18, "axonius_write_attach": 18, "axzhgjdf4g9knzzoimqgcridsfrsgptao": 98, "az": [19, 137, 147], "azadvisorconfigur": 19, "azerbaijan": 137, "azerbaijani": 147, "azorult": 72, "azur": [42, 72, 79, 80, 130, 156, 157], "azure_automation_account": 19, "azure_automation_account_disable_local_auth": 19, "azure_automation_account_loc": 19, "azure_automation_account_nam": 19, "azure_automation_account_public_network_access": 19, "azure_automation_account_resource_group": 19, "azure_automation_account_tag": 19, "azure_automation_activity_nam": 19, "azure_automation_agent_key_to_regener": 19, "azure_automation_create_ui_tab": 19, "azure_automation_credenti": 19, "azure_automation_credential_descript": 19, "azure_automation_credential_nam": 19, "azure_automation_credential_password": 19, "azure_automation_credential_usernam": 19, "azure_automation_job_nam": 19, "azure_automation_module_nam": 19, "azure_automation_node_id": 19, "azure_automation_report_id": 19, "azure_automation_resource_group": 19, "azure_automation_resource_group_nam": 19, "azure_automation_runbook": 19, "azure_automation_runbook_input_paramet": 19, "azure_automation_runbook_nam": 19, "azure_automation_schedul": 19, "azure_automation_schedule_descript": 19, "azure_automation_schedule_nam": 19, "azure_automation_schedule_start_tim": 19, "azure_automation_statist": 19, "azure_resource_group": 19, "azure_url": 80, "azureautom": 19, "azureautomationdsc": 19, "azurechinacloud": 19, "azurecloud": 19, "azuregermancloud": 19, "azureid": 80, "azureresourc": 80, "azuresentineldemo": 80, "azuresubscriptionid": 79, "azuretenantid": 79, "azureusgovernm": 19, "b": [15, 16, 18, 20, 22, 24, 28, 30, 31, 32, 33, 34, 35, 36, 38, 39, 41, 43, 46, 47, 49, 50, 53, 54, 59, 62, 65, 66, 67, 76, 78, 79, 80, 91, 93, 96, 99, 106, 107, 108, 113, 116, 117, 119, 120, 124, 127, 129, 130, 131, 133, 137, 138, 139, 144, 146, 148, 149, 150, 152, 153, 155, 157, 187, 188, 192], "b02b5cbdd543": 130, "b052": 103, "b077d6bc": 24, "b0c4de": 41, "b0de": 24, "b14d": 130, "b168": 24, "b16e": 80, "b17ce924d5c75dd1e222f438fda67c526a77783403737613f261980b7bcc7510": 99, "b184": 24, "b1b1": 24, "b1e43228990c4bfe8e979969d955b800": 33, "b211": 98, "b22222": 41, "b23e": 98, "b271": 133, "b276": 130, "b2f9": 103, "b2fb5c8f": 127, "b34e": 187, "b3763ac5": 80, "b39c": 106, "b39f": 106, "b3ee6501": 117, "b4": 117, "b404": 80, "b41a290abff3ef1770ec7570fcee8575e7bb93a995c562119709087fdbd933ea": 108, "b47b44938636895a503d54aeeb825207": 117, "b483sj": 45, "b491": 103, "b4a3": 106, "b4a3b681": 106, "b4be": 24, "b4ydtroxd46j9q9hn": 98, "b5": 108, "b50616ee": 108, "b50e": 39, "b524aa8c65c3": 80, "b5399550db67cad2b136d83fa4895b4a040ac865e3eaa5fb55870ddd4d227eb54313ce15d30a8716c25fb0fe0364fbf87ac82610cc0eecfacc7891eedb5dee35b7634002900fe9d8d89ad5a182a5d3e65d14060ef1a1322799b1656f61a75e4407fecb7938f7e0cf96fbb73917f8635447ee9a5814d4a842fabc6e3dc2487d93e5746beff941b544e7233db8ebcb78384ffc0fb47c67cdcbdd333a4633f3610c02d0b4f9ab08e6878e4aa436f31008c42505a3c7b1b701609a9a7026d220eb47005fc263d3422121d0214994f9c53c025d3a3a01fc6381344a422dd018a20893d94cdbcef4bf53a54fac15372e13048673be1b250fe172215e404b8ef45dc569": 188, "b576": 157, "b59c": 85, "b59pudg6fb81qmsuzkiu3z": 187, "b5a1": 98, "b5c1": 98, "b6": 43, "b626": 78, "b64": 127, "b6929ec040fc733128de56e0dadbb6d6211fd6169ac2150af9df4bc0d47f1a1a": 46, "b6d6": 106, "b6df": 133, "b6e8": 106, "b6ee": 102, "b720": 98, "b733": 98, "b74e5ff66d5": 74, "b759": 133, "b77a": 78, "b77de9b4": 98, "b799": 124, "b7a6": 80, "b7e3c7e0": 74, "b8": [43, 69], "b833": 24, "b84b": 130, "b84e": 152, "b86e3a85": 98, "b8860b": 41, "b889": [19, 78, 79, 133], "b8c0fd37092e5bb96c6760f6e662a23d": 117, "b8dee9c8e74b": 24, "b906": 116, "b935736a092e5bb9462d73537bbd9220": 117, "b95a": 24, "b98308abb5851cacd0589ec3177389d6": 129, "b986": 133, "b9b364b9905c": 99, "b9ce5c65": 80, "b9d8": 117, "b9e9": 10, "ba": [117, 147], "ba0f": 99, "ba33": 126, "ba356d0fe198472": 24, "ba35c9746835": 130, "ba51": 98, "bacd7b02f178": 152, "back": [11, 15, 35, 38, 42, 43, 49, 53, 64, 77, 78, 80, 81, 88, 89, 98, 100, 102, 103, 106, 107, 108, 109, 111, 113, 116, 117, 124, 130, 131, 137, 144, 152, 168, 183, 190, 192], "backdoor": 122, "backend": 86, "backend_timestamp": 146, "backend_update_timestamp": 146, "background": [102, 133, 146], "backoff": [42, 167], "backslash": 91, "backtick": 43, "backup": 103, "backupdata": 35, "backward": [85, 111, 173], "bad": [7, 43], "bad_report_statu": 155, "bad_summari": 155, "badgetext": 113, "badpasswordtim": 67, "badpwdcount": 67, "badrequestexcept": 15, "bae5": 108, "baf0": 129, "bafybeicfmpubkjm27jyai3bgvcerhr4ewupxngxvt7kj4yhihb3rfuxq5q": 99, "bafybeifluccxb2hveire3sevma2galuosmtm2egvpbegknas2bmlcjfykq": 99, "bafybeifwtldig24fsmrgbwlm2vr2gll4axhcdrpvdqxlg6akalewirimmi": 99, "bag": 70, "bahama": 137, "bahrain": 137, "bak": 168, "balanc": [70, 117], "ban": [23, 146], "bandit": 82, "bandwidth": [43, 131], "bangladesh": 137, "bank": 72, "banner": 121, "bannerphotourl": 113, "banners_uuid": 106, "baqd": 85, "bar": [56, 115, 121, 130, 192], "barbado": 137, "barbuda": 137, "barth\u00e9lemi": 137, "base": [2, 4, 7, 8, 9, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 92, 93, 94, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 158, 162, 164, 167, 168, 180, 181, 182, 183, 184, 188, 190, 191, 192], "base64": [41, 46, 58, 86, 88, 98, 111, 142, 180, 181, 184], "base64cont": [48, 58, 91], "base64screenshot": 48, "base64toattach": 48, "base_devic": 146, "base_device_url": 35, "base_model_breach_url": 35, "base_url": [24, 27, 33, 35, 46, 99, 100, 105, 106, 115, 124], "baseimag": 130, "baseline_rul": 117, "basestr": [36, 53, 59, 64], "bash": [1, 3, 85, 143, 165], "bashkir": 147, "bashstatu": 117, "basi": 107, "basic": [5, 8, 14, 16, 19, 24, 64, 65, 74, 83, 85, 98, 104, 111, 113, 120, 143], "basic_alert_group": 90, "basiccliprovis": 76, "basicconstraint": 91, "basqu": 147, "bat": 117, "batch": [8, 42, 59, 117], "batchgetresourceconfig": 15, "baz": [111, 130], "bb05": 98, "bb0f": 19, "bb7d": 78, "bbb": [80, 147], "bbb_ccc": 147, "bbbb": [19, 24], "bbdf": 24, "bbe9": 116, "bbremner": 67, "bc36": 78, "bc40": 107, "bc48": 33, "bc5a499d6ae2": 98, "bc6hr123456789qpd2eeowet9rdrqfjmnjmuohp123450": 19, "bcc": [88, 137], "bcc5": 24, "bcc5aacc1e80": 130, "bccfolder": 91, "bccrecipi": 42, "bcd90285ec6b": 98, "bcl": 91, "bcrypt": 185, "bd13": 76, "bd7e": 98, "bde8": 98, "bdi": 137, "be5f636f": 106, "be60": 107, "beacon": 43, "bearer": [88, 111, 152], "beautifulsoup": 88, "beautifulsoup4": [90, 161], "becaus": [15, 35, 85, 119, 152, 179, 191], "becom": [10, 30, 97, 146, 191], "bed46322589d": 24, "been": [3, 7, 11, 13, 15, 17, 18, 19, 21, 24, 25, 30, 32, 33, 35, 36, 37, 38, 39, 41, 42, 43, 46, 49, 51, 53, 64, 66, 67, 72, 73, 74, 78, 79, 81, 82, 86, 88, 89, 90, 91, 92, 99, 102, 103, 104, 106, 107, 108, 110, 113, 114, 116, 117, 118, 119, 120, 121, 122, 124, 125, 129, 130, 131, 133, 136, 137, 138, 144, 146, 148, 150, 152, 153, 155, 156, 158, 176, 180, 183, 184, 186, 187, 188, 191], "befor": [4, 16, 25, 33, 35, 36, 39, 42, 43, 53, 57, 64, 65, 68, 73, 76, 80, 85, 86, 87, 89, 98, 99, 103, 106, 109, 111, 130, 133, 137, 138, 142, 146, 152, 155, 168, 181, 183, 184, 185, 189, 190, 191], "begin": [15, 16, 41, 42, 43, 49, 74, 85, 88, 91, 104, 111, 192], "beginnavig": 187, "begins_with": 106, "begintim": 117, "behalf": [42, 113, 133], "behavior": [1, 35, 41, 43, 44, 73, 78, 99, 107, 108, 116, 119, 165, 188], "behavioralanalysisdefsetvers": 117, "behaviour": [35, 108], "behind": [56, 118, 121], "being": [38, 41, 43, 49, 51, 53, 56, 59, 64, 72, 73, 74, 85, 100, 103, 111, 117, 119, 133, 146, 148, 153, 155, 167, 168, 179, 191], "bel": 137, "belaru": 137, "belarusian": 147, "belgium": 137, "believ": 80, "beliz": 137, "belong": [72, 125], "below": [3, 4, 8, 11, 12, 15, 19, 20, 21, 22, 24, 25, 30, 33, 34, 35, 41, 42, 43, 48, 49, 55, 56, 58, 59, 60, 64, 69, 70, 74, 75, 77, 78, 80, 82, 83, 84, 86, 87, 88, 89, 90, 96, 97, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 115, 116, 117, 119, 120, 121, 124, 127, 129, 130, 131, 133, 136, 138, 140, 145, 146, 148, 152, 155, 156, 157, 159, 182, 183, 186, 190, 191, 192], "ben": 137, "benefit": 179, "bengali": 147, "benign": [72, 102, 107, 146], "benign_count": 72, "benign_qa_testware7": 24, "benignposit": 80, "benigntot": 187, "benignverdict": 187, "benin": 137, "benkow": [72, 144, 188], "berkelei": 43, "berlin": 187, "bermuda": 137, "bernoullinb": 70, "best": [30, 46, 98, 135, 153, 168, 183], "beta": 46, "better": [13, 18, 25, 46, 49, 79, 91, 109, 116, 119, 130, 131, 146, 170, 179, 183, 191], "between": [4, 13, 18, 19, 20, 21, 25, 30, 35, 42, 43, 46, 49, 56, 64, 65, 74, 78, 79, 80, 85, 88, 90, 91, 96, 98, 103, 105, 106, 107, 108, 109, 111, 115, 116, 117, 118, 119, 121, 124, 130, 131, 137, 146, 148, 151, 152, 167, 182, 183, 189], "beyond": 64, "bf": 24, "bf2b": 78, "bf2d": 106, "bf2f": [78, 79], "bf63b8c7c3585d05dd2358eb52f4a9ca05d02aec8b2ae7a5eaed4d9320bcfbb9940055167dba6bd2d936c8af29efcf70b569cad8e3d3cf55e956ac1fb43bee7476127e1746cd442207d6bff13ed82e4e6c80b8306ff74afbf301fdc93f4e0d3b6c5d8b6b57db7546813506ea2d8f613dbc58de5cab9281ced1def935f7e92b8c1f07441fda6eb534f6e8a39eb687256043aac4a2eb3526ee5e6860b75fed448a4fa2f66f72012593f91a854f6c3b082999dfae3a72b50292c99916c106f233c9d0bb16ac85650b1584e039c4298319045624b53895bf0e7ff6c7fa2196d7302bd6a2239e0855ab36f441ba336fac06bf5a9235cc05479f7262571c5e4961464b3513b543879036e347b5ed780b9a0d9088bcc11632036711f6ebb3815143cb618484939d7e6b527feef4ac7f85ad3aa7f663165cae3cbacf80c81ec6f8203eca62a0edb74a29bda7c5dea39da96d075294e41aaef353db096cddcf224713ee7d3c8b286893121ed84dabc5e9cd7177b7bcf2e03687a1c93cfc89b8b47d002acb52e331ff2a730bcdc72c130b2ab9e20c5da2d46afbc2cf87ff547910de9414bb8ad436cc89fea9bdaca8c2a0fb297b56fc9bf54a561607aa18a5dc966744ee2807c2faa30a92b0e05345fc31e2af240fffecf108c7ce0f8ebc482d84d344cd99668ad3799a1ae28df6b4c06c28f1b3f4744880b959b769efad87b02be9ba567d647142ced2d00ff5b8f47da4c3b4e0fd54347fe4839fb117584eb2c07dfa239b9cd64676ad3a5aff1140e3c2d591ef7da67171afcd1adbef3628ac21cf56d9465212ea01555c736a7d17d3435f68526dc21354f7b70bb768202d3c90e08cc028ed4f97500e3445f7ad9626d3dbe61824dd59c2ac77603ab39ed8e46078c5108205f689e8ede8e0de2fe230247c6f9242fa6ebd77a7e2e629e11acfd08612cc6d88e696aa28d1ccb4210ef0a568b5a54175e6246a2e79225fbbe39e3a8bddc884fd9a2b6760f0f6a76b7fb2d1fdf48d81393374e5e4b8442e5af8ba50cefbcafbb15d65cf5ff22233aedbbe5931de02e1203df2704838cd0e727dc916dcf6f3f2c4fa925f7c1bdc3565133cddd338ef8f2f93d924456fc317d5f4414b815977014bd551aec83c8f60fcbc1d1fed6f996776302ce8324e66ceba93636e942bbbd6eb6bbf4762a2063a1cda838e20b9d551a03c5a6b6613a443f90d7a2d6c8517a1f18202e11c2dee7295bb3cdbe755bb0105d142a9fc0b3220d4615b1b47fd3991514a24156f99c011b8239491b5d70414162811ff60cf0b6d5598743e17bd4cfe9f0f32e8ab02599ca010f75d86c9e60ca8958fa575d04eb20f807352634c53ae285a750cfc6bac6b2836f4ba42b2cc041c37a8529a4e87b99c7e36fd49d318c09188b49ce3ef596f951c93b1af5a099b37f5dc75ed232f10b377b904ec361e764d12f28f2bfc9b8b891140f46f475fedcdeb2cd769994dbed0a6c8bd45d75588bc7de9b6d69ed8592eb3d65c2a4480d0704a484e0904fd7cc6c990ec3911b0fbe35d095ef2674904dbd97ce9b70eb480d1f75a86dda86c02c830ccfe9fe86856756babbb8554e684155d3c3dc9f86fbd12c18b10e0382f38817fbd76fb3f84c4ad4e0c529962e03e77310d5336985e456c26a2f0bf9e2d8f40e6d5f2ad3a3e51b7d1c5a743768211e924d5083bf55aa": 96, "bf64": 10, "bf74": 98, "bf7fe476": 98, "bf88": [102, 186], "bfa": 137, "bfb9": 124, "bfd0e1f9808d": 78, "bfore": [144, 188], "bg": [99, 146, 147], "bgbgmq": 91, "bgcolor": 91, "bgd": 137, "bgiaaackaabsu0exaagaaaeaaqdjqwpswllrapkfkrrh": 117, "bgr": 137, "bh": 137, "bhr": 137, "bhutan": 137, "bi": [35, 49, 80, 81, 90, 107, 113, 118, 124, 130, 131, 137, 179, 183], "bidirect": [49, 106, 107, 108, 113, 116, 130, 146], "bidirection": 183, "big": [20, 43], "bigfix": 156, "bigfix_action_id": 20, "bigfix_artifact_id": 20, "bigfix_artifact_properties_nam": 20, "bigfix_artifact_properties_valu": 20, "bigfix_artifact_typ": 20, "bigfix_artifact_valu": 20, "bigfix_asset_id": 20, "bigfix_asset_nam": 20, "bigfix_endpoints_wait": 20, "bigfix_hunt_results_limit": 20, "bigfix_incident_id": 20, "bigfix_incident_plan_statu": 20, "bigfix_pass": 20, "bigfix_polling_interv": 20, "bigfix_polling_timeout": 20, "bigfix_port": 20, "bigfix_query_for_artifact": 20, "bigfix_remedi": 20, "bigfix_retrieve_resource_detail": 20, "bigfix_update_action_statu": 20, "bigfix_url": 20, "bigfix_us": 20, "bigfixadmin": 20, "bigint": 182, "bih": 137, "bill": [49, 63, 69, 123, 188], "billi": 67, "billingaccount": 49, "billingaddress": 113, "billingc": 113, "billingcountri": 113, "billinggeocodeaccuraci": 113, "billinglatitud": 113, "billinglongitud": 113, "billingpostalcod": 113, "billingst": 113, "billingstreet": 113, "bin": [1, 2, 56, 71, 117, 175], "binari": [44, 86, 111, 117, 127, 192], "binaryfileid": 117, "bind": [38, 86], "bind_fold": 38, "bind_paramet": 182, "bios_manufactur": 33, "bios_vers": 33, "biosreleased": 54, "biosrevis": 54, "biosroms": 54, "biosvendor": 54, "biosvers": [54, 117], "birthdat": [47, 113], "bissau": 137, "bit": [78, 116], "bit9_escal": 23, "bitdefend": [122, 144, 188], "bittorr": 43, "bittorrent_act": 43, "biz": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 140, 141, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 167, 168, 183, 185, 187, 188], "bkav": [144, 188], "black": [23, 58, 156, 192], "blackberri": 69, "blacklist": [7, 13, 24, 83, 117, 124, 144, 145, 169, 188], "blacklist2": 117, "blacklisted_cert": 43, "blacklistrul": 117, "blacklisturl": 155, "blacktop": 38, "blade": [79, 80], "blake2": 127, "blake2b": 127, "blank": [13, 18, 25, 38, 39, 41, 42, 43, 46, 55, 56, 60, 64, 68, 78, 79, 80, 85, 87, 90, 91, 97, 108, 116, 121, 124, 127, 130, 131, 137, 138, 146, 148, 150, 155, 187, 191, 192], "blend": 190, "blind": 88, "blinkbox": 37, "blkio_stat": 38, "blm": 137, "blob": [44, 46, 84, 142, 182], "blob_url": 46, "blobs_url": 46, "block": [8, 11, 15, 24, 25, 28, 78, 79, 80, 82, 83, 88, 89, 99, 104, 108, 110, 117, 124, 140, 142, 150, 151, 153, 155], "block_policy_nam": 56, "block_result": 55, "blocked_us": 89, "blocked_user_2": 89, "blocklist": [7, 25], "blocklist_in": 25, "blocklist_url": 155, "blog": [7, 57, 88, 91, 185], "blogg": 53, "bloodhound": 43, "bloodhound_enumeration_act": 43, "blr": 137, "blue": [64, 91, 96, 121, 130], "bluekeep": 43, "bluelink": 117, "blueliv": [144, 188], "bluemix": [29, 85], "blur": 96, "blz": 137, "bmc": 156, "bmc_helix_additional_data": 21, "bmc_helix_assigned_support_organ": 21, "bmc_helix_assigned_to": 21, "bmc_helix_compani": 21, "bmc_helix_created_d": 21, "bmc_helix_customer_first_nam": 21, "bmc_helix_customer_last_nam": 21, "bmc_helix_descript": 21, "bmc_helix_impact": 21, "bmc_helix_incid": 21, "bmc_helix_incident_numb": 21, "bmc_helix_incident_typ": 21, "bmc_helix_organ": 21, "bmc_helix_prior": 21, "bmc_helix_reported_sourc": 21, "bmc_helix_request_id": 21, "bmc_helix_statu": 21, "bmc_helix_support_group": 21, "bmc_helix_templ": 21, "bmc_helix_urg": 21, "bmigroup": 99, "bmu": 137, "bn": 147, "bob": 87, "bodi": [8, 22, 41, 42, 46, 47, 64, 81, 88, 89, 90, 91, 102, 107, 117, 119, 129, 130, 131, 133, 137, 146, 167, 168, 173, 190, 191], "body_html": 46, "body_text": 46, "bodypreview": 42, "boe": 21, "bokmal": 147, "bol": 137, "bold": [13, 18, 25, 46, 79, 88, 91, 102, 116, 130, 131, 146, 168, 189], "bolivarian": 137, "bolivia": 137, "bonair": 137, "bone": 97, "bonjour": 117, "book": 107, "bookmarkscount": 80, "bool": [13, 18, 25, 36, 43, 46, 53, 59, 64, 74, 79, 88, 91, 111, 116, 117, 124, 126, 130, 131, 137, 146, 151, 167], "bool_to_str": 108, "boolean": [8, 15, 16, 17, 18, 19, 24, 32, 35, 36, 41, 42, 43, 46, 49, 59, 60, 64, 67, 74, 76, 82, 84, 85, 91, 96, 97, 98, 99, 102, 103, 105, 106, 107, 108, 109, 111, 113, 114, 116, 117, 124, 125, 127, 130, 133, 137, 145, 146, 148, 151, 155, 167, 168, 182, 183, 186, 187], "boost": 70, "booster21": 96, "bootp": 117, "bootstrap": [66, 181], "bootstrap_serv": 66, "border": [58, 91, 102], "borphanedroot": 21, "bosnia": 137, "boston": 50, "bot": [7, 125], "both": [4, 11, 13, 15, 16, 20, 22, 25, 28, 30, 33, 36, 39, 41, 42, 43, 44, 55, 59, 60, 64, 66, 67, 74, 78, 80, 81, 82, 86, 87, 88, 89, 90, 91, 97, 99, 103, 104, 108, 111, 114, 117, 118, 119, 121, 125, 127, 129, 130, 136, 137, 144, 147, 153, 157, 168, 182, 183, 185, 188, 190, 191], "botnet": [43, 102], "boto3": [15, 16, 17], "botocor": 15, "botswana": 137, "bottom": [10, 12, 29, 41, 45, 52, 55, 95, 100, 101, 102, 113, 115, 121, 123, 126, 128, 132, 141, 143, 145, 161], "botvrij": 72, "botvrij_url": 72, "bounc": 183, "bound": 98, "boundari": [111, 173], "bouvet": 137, "box": [21, 25, 34, 56, 88, 106, 118, 120, 121, 130, 190, 192], "bp_host": 72, "bpmn": 98, "bpmndi": 98, "bpmndiagram": 98, "bpmndiagram_1": 98, "bpmnedg": 98, "bpmnelement": 98, "bpmnlabel": 98, "bpmnplane": 98, "bpmnplane_1": 98, "bpmnshape": 98, "br": [13, 16, 18, 22, 25, 28, 31, 33, 36, 38, 39, 41, 43, 46, 47, 49, 50, 53, 54, 59, 60, 62, 65, 67, 76, 78, 79, 80, 82, 88, 91, 93, 94, 95, 97, 99, 102, 106, 107, 108, 113, 116, 117, 119, 120, 124, 127, 129, 130, 131, 133, 137, 138, 139, 142, 144, 146, 148, 149, 150, 153, 155, 186, 189, 190, 192], "bra": 137, "brace": 111, "bracket": [13, 18, 25, 46, 60, 79, 85, 87, 91, 116, 127, 130, 131, 137, 146, 189], "branch": [1, 2, 3, 41], "branches_url": 46, "brand": [99, 187], "brand_protect": 37, "brazil": 137, "brb": 137, "breach": [56, 82, 106, 183], "breachdat": [57, 185], "breachdevic": 35, "break": [13, 16, 18, 25, 39, 43, 46, 79, 89, 91, 108, 116, 117, 118, 130, 131, 137, 146, 167, 179, 182, 189], "breakdown": 72, "breakpoint": 192, "bremner": 67, "brew": [0, 3, 86], "brg1trxqkztgsgukcgyaa7swvz3lgj42tifzoh4f5": 111, "brian": 96, "brief": 80, "bring": [38, 47], "britain": 7, "british": 137, "brn": 137, "bro_dns_answ": 130, "bro_file_byt": 130, "bro_file_connuid": 130, "bro_flow_servic": 130, "bro_ftp_pendingcommand": 130, "bro_http_cookievar": 130, "bro_http_origfuid": 130, "bro_http_origmimetyp": 130, "bro_http_request_head": 130, "bro_http_request_proxi": 130, "bro_http_response_head": 130, "bro_http_response_respfuid": 130, "bro_http_response_respmimetyp": 130, "bro_http_tag": 130, "bro_http_urivar": 130, "bro_kerberos_clientcert": 130, "bro_kerberos_servercert": 130, "bro_sip_head": 130, "bro_sip_requestpath": 130, "bro_sip_responsepath": 130, "bro_ssl_certchainfuid": 130, "bro_ssl_clientcertchainfuid": 130, "broadcast": 117, "broadcom": 117, "broadwai": 96, "broker": [21, 76], "brokera": 66, "brokerb": 66, "brought": [79, 131], "brows": [64, 142, 156], "browse_rich_text": 34, "browse_rich_text_fin": [9, 34], "browser": [15, 88, 107, 117, 126, 157], "browsertyp": 116, "brunei": 137, "brute": [7, 38, 43, 80, 130], "bs4": [32, 144, 147], "bso_ip": [55, 56], "bso_password": [55, 56], "bso_us": [55, 56], "btn": 137, "bu": 131, "bucket": [43, 103], "bucket_arn": 15, "bucket_nam": 15, "bucket_own": 15, "bucket_typ": 15, "bucketnam": 15, "buddies_forev": 96, "buffer": 53, "bug": [11, 12, 15, 20, 24, 25, 36, 41, 42, 43, 49, 64, 65, 66, 67, 69, 74, 75, 77, 78, 80, 81, 88, 89, 90, 91, 99, 100, 102, 103, 104, 110, 112, 114, 117, 118, 125, 127, 129, 131, 133, 141, 142, 143, 144, 150, 153, 169, 179, 182, 191], "bugfix": [39, 41, 99, 144], "bugreport": 69, "build": [6, 11, 24, 30, 32, 38, 48, 86, 89, 103, 104, 108, 109, 129, 137, 147], "build_dict": 137, "build_nlp": 71, "buildtim": 54, "built": [4, 6, 11, 38, 70, 77, 81, 91, 111, 123, 128, 136, 141, 180, 183], "builtin": [13, 18, 25, 46, 79, 91, 111, 116, 130, 131, 146, 189], "builtinmodul": 19, "bulgaria": 137, "bulgarian": 147, "bulk": [179, 183], "bulletproof": 72, "bundl": [4, 43, 77, 88, 102, 186, 189, 190, 191], "burger": 120, "burkina": 137, "burlesqu": 91, "burmes": 147, "burundi": 137, "busi": [15, 42, 64, 96, 97, 119, 120, 131, 136, 151, 152, 179, 190], "business_unit": 152, "businessimpact": 152, "businessnam": [137, 191], "businessunit": 152, "button": [10, 12, 16, 29, 30, 42, 45, 55, 61, 76, 107, 113, 115, 121, 123, 128, 130, 133, 137, 141, 142, 145, 157, 180, 189, 190, 191, 192], "bvcddgjrecxdkbxzqwslpugoqarh9sltwvjnozsebeuy0bnokoimnavmp1wydfaexzmumhsge7tmjduxsaaac587wpwiv1xlrm4kqsem5atgwpvfiofuuikngn5guu3srzdyw4rjtkmv6ajtuswiez1tbuwitlhfsswkjx5esjato6ncu5ymkeg932rjr8tgopgitoaj7d1qfjknemqebp8hheg8delgufgxelvcqvk5wqq5hkfmfamqngv7wbehxdnrcj4b6r7clpialbfcpjpw0awchxszbhxkhvpf73tvgafjlhb1metcattoph": 98, "bvmware": 146, "bvow5qzrtnubcuoeophtzn9asgz4vcfrctzijnsyladejxlak7ycabpylthaiw8sbwctcqocmwfl": 98, "bvt": 137, "bwa": 137, "bwf": 117, "bypass": [30, 36, 74, 78, 90, 146, 180, 183], "bypassdurationhour": 78, "byte": [43, 85, 103, 127, 180, 182, 184], "bytea": 182, "bytespersector": 54, "bytypeeventcount": 108, "bzz1madgczc3ch4yrq": 85, "c": [10, 11, 13, 14, 16, 18, 19, 23, 24, 25, 27, 35, 43, 44, 46, 49, 54, 56, 64, 66, 70, 71, 73, 74, 78, 79, 80, 83, 85, 90, 91, 105, 106, 107, 108, 113, 116, 117, 119, 122, 127, 129, 130, 131, 133, 137, 138, 144, 146, 147, 148, 152, 154, 155, 157, 159, 162, 178, 180, 181, 182, 183, 184, 188, 192], "c0": 24, "c000": 59, "c008": 184, "c01770161d68": 78, "c03qzgv0yju": 125, "c06fa6c3": 157, "c07ce910092e5bb97e3f195b25ec92bf": 117, "c09beb673a5": 124, "c0afe420092e5bb91a59800472b588d8": 117, "c0bb86dc6104": 98, "c0bf408c999": 184, "c0dfacf7": [102, 103, 186], "c15119ca5c0b": 130, "c15ff9a5092e5bb903c0d2eca39fb09d": 117, "c18c": 108, "c18d5d63092e5bb937bfab713e75e3e9": 117, "c1b52a5273fa0254f2f35f75a8b7a3944939fea11d22e08e1164314d88b6f808e75bb7": 122, "c1c063ec9b69": 98, "c1ff": 106, "c248": 130, "c250ef8f3919": [102, 103, 186], "c26dc4e73a335b4414d238b6b30bfd6aff693293f9e4946b5df13f9aac40af5c": 24, "c280778959b8456fba4ad911fa7badc757d07afbb6fadd05bba28171bbe17f21d25f2ef0d2724e7534f88d62e34ada5190d4013d9c0cc071f7e62fb6d6076726d0deff17cef085fd31c166ca876505472a5fc0abb88cc3bfd0177f63a35cf046fb86aafb4dd72a5e7f9ae013977dbefb7d35570d5d5e819835ea1642a2d3b074f7592ded38e7fe7a1bb336e67eae3f9ea61683de53014e8100aebb42f51f752934cde9848038ae3c3714c0f027ce3052b98adc5f22a079f84f4e4904e2757caa2f2a1e03ec714ca32a61fc6fca911e935a2e780858f6eebb34205d9ae6afc6d7f2bf0a7bfa8e9277e36c7b0c4086644a15ec70d7728e6330e10bef5a30972e25": 144, "c2_web_beacon": 43, "c2bb95a17b879bffc96c58f8a1689784": 15, "c2bb95a17b879bffc96c58f8a1689785": 15, "c3": [24, 108], "c3465af09c46": 80, "c37e": 64, "c3be9c35": 108, "c3bf1b3634a2": [78, 79], "c4af": 80, "c4c4": 107, "c4d5b6bafe03": 24, "c54022c7": 78, "c56ba498d41caa7be3c1eb5588cec27c413eb208": 122, "c57b14f911e20ef253dd822c05443f52": 187, "c5926008a5d3": 80, "c5c4cac9092e5bb9315a5137b5b8dc8b": 117, "c5e36a0098f54a6d4bf33037c5c68bf4": 108, "c61f3dfaf47": 80, "c645": 146, "c670630c6c19434d3d62b9f6e800bffd4cf5d5c361d64c8c92c628f1aba368e": 127, "c6c712b0": 80, "c6c9f775092e5bb954b29f871ca45a10": 117, "c7": 117, "c708d037ae5a46b69ec4dcbf7e4555e5": 43, "c73763ef092e5bb9462d7353c645bc2c": 117, "c74c": 99, "c770": 108, "c784cc7c2ddc": 80, "c79839fc": 98, "c7aa": [78, 79], "c8": [24, 54], "c8013082092e5bb93cfa886c25c48a04": 117, "c80cd55d": 98, "c815": 60, "c831966a9c313235f314ffa88c3126f556e9191c70bddea0cc3883ba1d64edd8": 99, "c84d": 19, "c875f7333fb843aeacb01d1cbfa52ae5": 133, "c8769d55": 81, "c9456a597a0e42a89f243b8a537a056d": 117, "c95648v1": 117, "c960": 24, "c96b": 106, "c986": 24, "c_outer": 117, "ca": [41, 43, 75, 77, 78, 88, 91, 100, 107, 111, 144, 146, 147, 187, 188], "ca1": 144, "ca1df3031a00e387c8a7da086272f2b6": 18, "ca_file_to_be_us": 39, "ca_information_access": [144, 188], "caafba4e4f6d130e7db30ed4d5e53504": 190, "cacert": 144, "cach": [13, 152, 182, 187], "cachedur": 51, "cachetool": [98, 108], "cade": 98, "cadenc": [130, 152], "caf": 137, "cafil": [12, 25, 99, 100, 103, 104, 108, 115, 124, 131, 180, 183, 192], "cafm": 102, "caico": 137, "cakei": 88, "calbro": 21, "calcul": [3, 103, 127], "caledonia": 137, "calendar": [42, 106, 133, 136, 137, 156], "calendar_invite_datetim": 22, "calendar_invite_descript": 22, "calendar_invite_extra_email_addr": 22, "calendar_invite_incident_id": 22, "calendar_invite_subject": 22, "calibri": [41, 88], "california": [13, 62, 144], "california_health_risk_assess": 127, "call": [4, 8, 9, 13, 15, 16, 18, 20, 21, 22, 25, 30, 34, 37, 41, 42, 43, 44, 46, 48, 49, 53, 56, 57, 60, 63, 66, 72, 74, 78, 79, 80, 88, 91, 98, 99, 102, 103, 104, 108, 111, 114, 116, 120, 125, 127, 130, 131, 133, 136, 137, 142, 146, 147, 148, 152, 158, 164, 166, 178, 180, 181, 182, 183, 184, 186, 189, 191, 192], "call_does_not_exist_error": 43, "call_rest_api": [111, 143], "callback": [88, 113, 133, 148, 157, 164], "callcenterid": 113, "caller": [15, 43], "caller_id": 119, "callertyp": 15, "callinnumb": 148, "callintollfreenumb": 148, "callintollnumb": 148, "calluses1": 108, "cambodia": 137, "cambridg": [50, 114, 136, 159], "came": 150, "cameroon": 137, "campaign": [10, 153], "campaign_descript": 99, "campaign_id": 99, "campaign_members_list": 99, "campaign_nam": 99, "campaign_result": 99, "campaign_start_d": 99, "campaignfamili": 99, "campaignid": 99, "campaignmemb": 99, "camunda": 98, "can": [1, 4, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 46, 47, 49, 51, 53, 54, 55, 56, 57, 58, 59, 60, 63, 64, 65, 66, 67, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 105, 106, 107, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 124, 125, 126, 129, 130, 131, 132, 133, 136, 137, 138, 140, 142, 143, 144, 145, 147, 148, 150, 151, 152, 153, 154, 155, 157, 160, 161, 162, 163, 164, 166, 167, 168, 170, 178, 180, 181, 182, 183, 184, 186, 188, 189, 190, 191, 192], "canada": [19, 102, 137], "cancel": [16, 21, 41, 69, 98, 104, 119, 120, 182], "cancel_command_result": 117, "cancellationcom": 78, "cancellationdatetimeutc": 78, "cancellationrequestor": 78, "candid": 72, "cannot": [11, 23, 35, 38, 43, 49, 64, 68, 72, 86, 88, 90, 93, 106, 107, 111, 113, 114, 116, 127, 130, 137, 146, 148, 167, 182, 183, 190, 191], "canon": 83, "canonical_nam": 49, "canonicalid": 15, "canopenincid": 124, "canva": 192, "capabl": [10, 11, 12, 14, 15, 21, 25, 30, 36, 38, 39, 41, 42, 43, 47, 66, 67, 68, 74, 76, 78, 80, 81, 88, 89, 90, 91, 97, 99, 103, 104, 108, 110, 111, 114, 115, 117, 118, 119, 124, 125, 129, 133, 134, 144, 153, 158, 168, 180, 181, 182, 183, 184, 190], "capac": 19, "cape": 137, "capit": [107, 149], "captur": [0, 43, 47, 49, 58, 80, 88, 98, 114, 117, 130, 137, 152, 179, 182, 190, 191], "carbon": [23, 156], "card": [72, 117, 133, 167], "care": 102, "carefulli": [53, 188], "carrier": [37, 88], "case": [4, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 36, 37, 38, 39, 41, 42, 46, 47, 48, 51, 53, 55, 58, 59, 60, 63, 65, 66, 67, 72, 74, 75, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 103, 104, 108, 109, 110, 111, 114, 116, 117, 118, 119, 120, 121, 122, 125, 126, 127, 129, 133, 134, 136, 138, 142, 144, 147, 148, 150, 153, 154, 155, 156, 161, 163, 167, 168, 178, 179, 180, 181, 182, 183, 184, 186, 190, 191], "case_3a649db8": 124, "case_fields_to_queri": 113, "case_json": 113, "casefil": 153, "casefileid": 153, "caseid": [113, 124], "casenumb": 113, "caserecommend": 124, "caserecommendationoutcomestatu": 124, "cases_closed_from_funct": 49, "casesourc": 124, "cassandra": 16, "cast": [136, 182], "cat": [0, 7, 91, 155, 185], "cat_id": 155, "cat_nam": [60, 127], "catalan": 147, "catalog": [23, 55, 69, 156], "catalogu": 59, "catch": [120, 130, 181], "categor": [10, 21, 52, 72, 106, 155, 159, 167], "categori": [7, 8, 21, 27, 34, 35, 37, 39, 42, 43, 49, 55, 56, 72, 78, 79, 81, 82, 88, 96, 98, 100, 104, 106, 108, 116, 124, 133, 144, 187, 188, 191], "categories_list": 7, "categories_nam": 7, "categories_set": 7, "categorization_list": 159, "categorization_nam": 159, "categorizationresult": 159, "category_count": [103, 104], "category_id": [59, 60, 127, 155], "category_list": 155, "category_map": 43, "category_nam": 103, "categorydefinit": 104, "categorynam": [103, 104], "categoryname_categori": 104, "catname_exist": 155, "cattelecom": 7, "caus": [30, 71, 78, 103, 116, 124, 136, 168, 183, 191], "caution": [43, 127], "caveat": 39, "cayman": 137, "cb": 146, "cb1a7e68": 109, "cb94c359": 24, "cb971c75": 103, "cb_analyt": 146, "cb_firewall_inact": 146, "cbc": [43, 130], "cbc_device_external_ip": 146, "cbc_device_id": 146, "cbc_device_internal_ip": 146, "cbc_device_loc": 146, "cbc_device_nam": 146, "cbc_device_os_vers": 146, "cbc_device_polici": 146, "cbc_device_policy_id": 146, "cbc_device_quarantin": 146, "cbc_device_statu": 146, "cbc_device_tim": 146, "cbc_device_usernam": 146, "cbc_file_scan_result": 146, "cbc_filemod_nam": 146, "cbc_filemod_reput": 146, "cbc_process_cmd": 146, "cbc_process_effective_reput": 146, "cbc_process_nam": 146, "cbc_process_pid": 146, "cbc_process_policy_act": 146, "cbc_process_sha256": 146, "cbc_process_typ": 146, "cbc_process_usernam": 146, "cbc_query_d": 146, "cbc_sensor_st": 146, "cbid": 35, "cbmdvby5nbiikd3d3lmdvby5nbiiuz29vz2xllwfuywx5dgljcy5jb22cfi": 85, "cc": [88, 91, 131, 137, 144, 188, 190], "cc0f": 106, "cc4934376adfa2c4d5c698791c51264d0080948b": 78, "cc7cdc7674ebaa353386f4529c800cd78ac5dd88": 108, "ccc": [80, 147], "ccc4": 107, "cccc": [19, 24, 107], "cccccccc": 107, "cccccccccccc": 24, "cccccccccccc0": 24, "ccccccccccccd": 24, "ccf2d5f4ab37650ccbb582f351aa6fdd": 102, "ccf70323092e5bb9462d7353600b23f8": 117, "cck": 137, "ccrecipi": 42, "cd": [0, 29, 68, 78, 91, 95, 101, 115, 128, 141, 143, 145, 161, 163, 177, 192], "cd0f7a5bd5d5": 19, "cd5c5c": 41, "cd64": 107, "cd9f8f74430fa82254987d8c01e4316fb82102d7": 46, "cda5cca328c811efb47ec103488c1130": 146, "cdcatalog": 91, "cdd7": 99, "cde7": 74, "cdfca802092e5bb97e3f195b7f1a8637": 117, "cdnoqxknafn5": 107, "cdp": 43, "cdp_name": 43, "cdvc2haa8xorjasvhwvndqtrsvwbpqo5iegobiaztfg1e7clhgxfe4t61vphvvhcul4wxa2eqistpwz8v1sruhamddhxndm3vyx4tvjxdg5dzh48jbzvgqc": 98, "ce": [43, 98, 192], "ce2b": 117, "ce35": 98, "ce856be3092e5bb95c42d34f3bd620dd": 117, "ceas": 111, "ced": 117, "cell": [15, 33, 36, 37, 60, 109, 119, 127, 137], "cell_nam": 21, "cellco": 15, "cellular": 88, "center": [17, 21, 22, 28, 30, 31, 39, 47, 53, 55, 58, 60, 63, 69, 75, 76, 77, 78, 80, 84, 88, 93, 94, 96, 98, 103, 104, 107, 115, 140, 145, 147, 151, 156, 157, 167], "cento": [9, 11, 33, 34, 56, 116, 117, 192], "central": [56, 59, 103, 107, 137, 147], "central1": 49, "centralu": [79, 80], "centurylink": 15, "cer": 100, "cert": [41, 43, 64, 75, 80, 81, 89, 100, 103, 104, 106, 117, 124, 129, 150, 173, 188], "cert_private_kei": 117, "cert_signatur": [144, 188], "cert_uuid": 106, "certain": [4, 35, 111, 133, 148, 159, 167, 191], "certego": [144, 188], "certfic": 168, "certif": [12, 23, 25, 39, 43, 46, 53, 55, 56, 64, 65, 66, 74, 76, 77, 78, 85, 89, 90, 99, 100, 102, 103, 106, 108, 113, 115, 116, 117, 131, 133, 137, 146, 155, 157, 167, 168, 180, 187], "certificate_path": 53, "certificate_polici": [144, 188], "certificatebodi": 16, "certificateid": [16, 116, 187], "certificateinfo": 78, "certificatetransparencycompli": 187, "certinfo": 108, "cf": 29, "cf23df2207d99a74fbe169e3eba035e633b65d94": 153, "cf7f235xxxxxxxxxxddxxxx930ae68d377754b971xxxxxxxxx": 148, "cf973382698e6d6fb61d6fe6c9e241cb66afff98": 46, "cf_api_apikei": 29, "cf_api_bas": 29, "cf_api_password": 29, "cf_api_usernam": 29, "cfb1": 80, "cfbc": 80, "cfg": [15, 84, 85], "cfid": 35, "ch": [13, 141], "chad": 137, "chain": [43, 98, 119], "challeng": [111, 182], "chanc": 38, "chang": [7, 10, 16, 18, 21, 22, 24, 29, 30, 32, 35, 39, 41, 42, 46, 49, 56, 57, 61, 63, 68, 79, 80, 81, 82, 84, 85, 95, 97, 101, 106, 107, 108, 109, 111, 113, 114, 115, 119, 120, 121, 123, 124, 128, 130, 131, 134, 137, 141, 142, 143, 145, 146, 149, 150, 152, 157, 159, 161, 168, 169, 179, 189, 190, 192], "change_m": 168, "change_memb": [60, 127], "change_request": 8, "change_request_detail": 8, "change_timestamp": 146, "change_workspac": [60, 127], "changed_bi": 146, "changed_by_typ": 146, "changed_to": [15, 79, 107, 110, 116, 130, 131, 152], "changekei": 42, "changelog": 64, "changem": [88, 91, 104, 129], "changerequestid": 8, "changetyp": 119, "channel": [53, 90, 127, 137], "channel_nam": 133, "channelid": 133, "channelident": 133, "channelmessag": 133, "char01": 21, "char02": 21, "char03": 21, "char04": 21, "char27": 21, "charact": [10, 11, 16, 25, 42, 85, 86, 97, 106, 113, 125, 136, 137, 143, 146, 147, 148, 182, 184, 191], "characterist": [106, 111], "characteristic_tag": 106, "characteristics_count": 106, "characterset": 182, "chardet": [85, 143], "charl": 67, "charleston": 188, "charset": [13, 41, 42, 91, 111], "chat": 21, "chatid": 133, "chatter_api": 113, "chdir": 11, "che": 137, "check": [0, 3, 7, 8, 13, 14, 15, 19, 23, 27, 30, 32, 41, 42, 43, 49, 51, 59, 65, 67, 72, 73, 80, 83, 86, 92, 95, 99, 100, 102, 103, 106, 113, 114, 116, 117, 122, 130, 131, 136, 137, 144, 145, 152, 157, 162, 169, 182, 183, 191], "check_add_quot": 16, "checkbox": 113, "checker": [144, 188], "checkin": 0, "checkout": [49, 168], "checkurl": 95, "chengdu": 78, "chi_sim": 86, "chi_tra": 86, "chid": 35, "child": [88, 103, 118, 119, 146, 151, 156], "child_artifact_result": 109, "child_incid": 109, "childproc_cmdlin": 146, "childproc_guid": 146, "childproc_usernam": 146, "children": [35, 60, 109, 127], "chile": 137, "china": [72, 137], "chines": [86, 147], "chl": 137, "chloe": 96, "chmod": [38, 192], "chn": 137, "choic": [4, 98, 183], "chong": [144, 188], "choos": [9, 32, 38, 41, 46, 56, 88, 116, 131, 148, 157, 168, 191], "chosen": [69, 191], "christma": 137, "christohersmbp2": 136, "christoph": 84, "chrome": [48, 94, 126, 187], "chuck": 124, "chuvash": 147, "ci": [49, 133, 148, 157], "cid": [33, 35], "cidr": [8, 129, 150, 173, 191], "cidsbrowserffonoff": 117, "cidsbrowserieonoff": 117, "cidsdefsetvers": 117, "cidsdrvmulfcod": 117, "cidsdrvonoff": 117, "cidsenginevers": 117, "cidssilentmod": 117, "cif": 43, "cifs_round_trip_tim": 43, "cin": [144, 188], "cio": 15, "cip": 91, "cipher": [43, 187], "circl": [34, 192], "circuit": [3, 4, 7, 8, 9, 11, 14, 17, 18, 19, 21, 23, 25, 26, 27, 28, 30, 31, 32, 34, 35, 40, 42, 43, 44, 45, 46, 47, 49, 51, 55, 56, 57, 59, 66, 70, 71, 72, 73, 75, 76, 77, 78, 82, 83, 84, 85, 86, 88, 90, 91, 92, 93, 94, 96, 97, 98, 103, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 118, 120, 121, 122, 124, 126, 127, 130, 134, 135, 136, 137, 138, 140, 142, 144, 145, 146, 147, 148, 151, 152, 154, 155, 159, 160, 162, 164, 167, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 180, 181, 182, 183, 184], "circuits_": 68, "circul": 81, "circumst": 15, "cisco": [43, 104, 117, 144, 156], "cisco_1m": 72, "cisco_add_domain": 26, "cisco_asa_artifact_typ": 25, "cisco_asa_end_rang": 25, "cisco_asa_firewal": 25, "cisco_asa_firewall_network_object_group": 25, "cisco_asa_fqdn_ip_vers": 25, "cisco_asa_ipv4_netmask": 25, "cisco_asa_netmask": 25, "cisco_asa_network_object_descript": 25, "cisco_asa_network_object_dt": 25, "cisco_asa_network_object_group": 25, "cisco_asa_network_object_id": 25, "cisco_asa_network_object_kind": 25, "cisco_asa_network_object_nam": 25, "cisco_asa_network_object_valu": 25, "cisco_asa_query_d": 25, "cisco_asa_statu": 25, "cisco_cdp_vulner": 43, "cisco_delete_domain": 26, "cisco_get_domain": 26, "cisco_meraki_adapt": 18, "cisco_top1000": 72, "cisco_top20k": 72, "citi": [15, 21, 37, 50, 60, 62, 96, 113, 127, 137, 150, 187, 188], "citrix": 43, "citrix_issu": 43, "city_countri": 187, "city_country_list": 187, "city_nam": [13, 15, 137], "citynam": 15, "civ": 137, "ck": [81, 102, 156], "ckent": 96, "clam": 122, "clamav": 156, "clamav_scan_stream": 28, "clarifi": 136, "clark": 96, "class": [13, 18, 21, 25, 27, 35, 46, 49, 64, 65, 70, 78, 79, 91, 103, 106, 107, 108, 109, 116, 117, 120, 124, 130, 131, 137, 146, 152, 164, 191, 192], "class_weight": 70, "classic": [121, 124], "classif": [10, 65, 78, 80, 92, 99, 116, 133, 155, 162], "classifi": [27, 70, 72, 152, 162, 167], "classification_hit": 92, "classification_map": 137, "classificationcom": 80, "classificationreason": 80, "classificationsourc": 116, "classifiedasthreat": 37, "classless": 191, "claus": [49, 103, 113], "clean": [4, 7, 11, 24, 107, 135, 144, 145, 188], "cleaner": 191, "cleanup": 146, "clear": [74, 103], "clear_datat": 103, "clear_table_output": 106, "cli": [25, 56, 76, 133, 148, 157], "cli_password": 56, "cli_us": 56, "click": [10, 12, 16, 18, 29, 30, 32, 33, 34, 37, 38, 42, 43, 45, 49, 52, 55, 56, 61, 64, 68, 75, 95, 99, 100, 101, 102, 107, 113, 115, 117, 120, 121, 123, 126, 128, 130, 132, 133, 137, 141, 142, 143, 145, 148, 157, 161, 162, 168, 172, 180, 184, 186, 191, 192], "clickabl": 191, "clicks_block": 99, "clie": 74, "client": [10, 12, 16, 19, 21, 24, 29, 32, 33, 42, 43, 46, 52, 53, 61, 66, 68, 76, 77, 78, 79, 80, 82, 88, 90, 95, 100, 101, 104, 106, 108, 115, 116, 117, 123, 128, 132, 137, 141, 143, 148, 152, 159, 161, 168, 172, 182, 192], "client1": 76, "client64": 182, "client_auth_cert": [46, 117, 137, 168], "client_auth_kei": [46, 117, 137, 168], "client_auth_pem": 168, "client_certif": [78, 80], "client_credenti": 111, "client_hostnam": 56, "client_id": [19, 24, 42, 66, 78, 79, 80, 88, 148, 152, 157, 192], "client_incid": 37, "client_ip": 56, "client_port": 43, "client_secret": [19, 42, 79, 88, 148, 152, 157], "client_task": 74, "clientauth": [88, 144], "clientdeleteprohibit": [144, 188], "clientdescript": 54, "clientid": 54, "clientlocal": 21, "clientnam": 54, "clienttransferprohibit": [144, 188], "clientupdateprohibit": [144, 188], "clientvers": 54, "clipboard": 192, "clkvz": 111, "clone": [97, 119, 177], "clone_url": 46, "close": [10, 12, 15, 23, 29, 35, 43, 45, 49, 52, 55, 64, 75, 78, 79, 80, 85, 90, 95, 98, 100, 101, 104, 106, 107, 111, 113, 114, 116, 118, 120, 121, 123, 128, 129, 130, 132, 141, 143, 145, 146, 152, 161, 183, 192], "close_a_remedy_incident_from_task": 110, "close_alert_result": 146, "close_cas": [35, 49, 64, 90, 107, 113, 116, 124, 130, 146], "close_case_templ": [35, 49, 64, 107, 113, 130, 131, 146, 152], "close_cod": [115, 119], "close_field": 60, "close_incident_templ": [78, 80], "close_messag": 152, "close_not": 120, "close_record": 119, "close_sentinel_incident_templ": 80, "close_soar_cas": 80, "close_tim": 104, "closed_d": [60, 127], "closed_incid": 21, "closedat": 108, "closedbi": 130, "closedcom": 124, "closedd": 113, "closeddatetim": 79, "closedrootcaus": 124, "closedsourc": 37, "closest": 85, "closing_reason": 104, "closing_reason_id": 104, "closing_reason_lookup": 104, "closing_us": 104, "closur": [21, 43, 109, 146], "closure_reason": 146, "closure_reason_map": 146, "cloud": [118, 120, 121, 135, 145, 156, 157, 183, 185, 187, 188, 190], "cloud_account": 43, "cloud_instance_id": 43, "cloud_instance_nam": 43, "cloud_instance_typ": 43, "cloud_provider_account_id": 146, "cloud_provider_resource_id": 146, "cloud_provider_tag": 146, "cloudabilityrol": 15, "cloudappst": 79, "cloudfileshashverdict": 116, "cloudflar": 167, "cloudflarenet": 167, "cloudflaressl": 91, "cloudpaksecur": 108, "cloudplatform": 152, "cloudprovid": [78, 116], "cloudproviderurl": 152, "cloudresourcemanag": 49, "cloudstoragecollabor": 131, "cloudstoragerol": 131, "cloudwatch": 90, "cluster": [49, 72, 116], "cluster25": [144, 188], "cluster_nam": 146, "cm": [60, 127, 183], "cmc": [144, 188], "cmd": [11, 38, 84, 85, 146], "cmd_oper": 38, "cmdlet": 19, "cmfuzg9t": 48, "cmr": 137, "cn": [42, 67, 144, 160, 188, 192], "cname": 83, "cnc": 100, "cnifyxxos7x0oyrxzbzoi1mrzhexfuohvrcciqany5izacrbsrno4zxtgot4bw9dcmcrxtwbhhxucshvl205gevndxibm9qkobhuaokkz2zlgd9wucwwglidhdzs0mqmtdtwj": 98, "co": [27, 39, 43, 78, 80], "co3": [10, 12, 16, 29, 52, 61, 68, 95, 100, 101, 115, 123, 128, 132, 141, 143, 161], "co3si": [67, 191], "coalesc": 114, "coalit": 72, "cobalt": 43, "cobalt_strike_c2_dn": 43, "cobalt_strike_c2_http": 43, "cobalt_strike_c2_tl": 43, "coco": 137, "cod": 137, "code": [4, 13, 18, 20, 21, 25, 28, 30, 38, 42, 43, 46, 59, 78, 79, 81, 82, 85, 86, 88, 89, 91, 93, 100, 102, 104, 106, 107, 108, 110, 113, 115, 116, 119, 120, 124, 130, 131, 140, 144, 145, 146, 151, 153, 155, 157, 163, 168, 179, 182, 188, 191], "codecommit": 16, "codegen": [26, 30, 82, 110, 142, 155, 162, 192], "codepag": 67, "cog": 137, "cog_cognsuppgrpcomp": 21, "cog_cognsuppgrpid": 21, "cog_cognsuppgrpnam": 21, "cog_cognsuppgrporg": 21, "cognit": 102, "cogno": 179, "cok": 137, "col": 137, "coldfus": 43, "collabor": [43, 46, 107, 109, 133, 148], "collaborators_url": 46, "collaps": 58, "collat": 182, "colleagu": 96, "collect": [4, 11, 13, 18, 25, 38, 46, 68, 74, 79, 82, 91, 97, 98, 104, 107, 114, 116, 129, 130, 131, 146, 156, 181, 185, 186, 190, 191], "collectforens": 78, "collectinvestigationpackag": 78, "collection_id": 104, "collection_result": 153, "collectionid": 116, "collector": [107, 184], "colombia": 137, "colon": [25, 46], "color": [25, 28, 35, 41, 43, 54, 67, 88, 91, 102, 116, 120, 144, 145], "colornam": 64, "colspan": 88, "column": [47, 56, 120, 121, 163, 166, 179, 180, 182, 186, 192], "columnnumb": 187, "com": [0, 1, 3, 7, 8, 9, 10, 11, 12, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 26, 27, 29, 30, 31, 33, 35, 36, 37, 38, 41, 42, 43, 44, 45, 46, 48, 49, 50, 51, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 67, 68, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 119, 121, 124, 125, 126, 127, 130, 131, 133, 136, 137, 139, 142, 144, 145, 146, 147, 148, 149, 150, 152, 153, 155, 157, 159, 160, 161, 162, 167, 168, 169, 177, 180, 181, 182, 183, 184, 185, 186, 187, 188, 190, 191, 192], "combin": [34, 43, 80, 91, 103, 107, 112, 115, 127, 131, 137, 143, 146, 155, 178, 180, 181, 182, 183, 184], "comcast": 96, "come": [77, 82, 85, 86, 120, 126, 148], "comma": [8, 16, 18, 22, 35, 36, 41, 42, 43, 44, 49, 55, 59, 66, 67, 69, 74, 78, 80, 82, 84, 85, 87, 88, 97, 98, 99, 100, 102, 103, 105, 106, 107, 108, 109, 111, 113, 115, 116, 124, 125, 131, 133, 137, 138, 146, 148, 168, 180, 181, 183, 184, 186], "command": [1, 4, 11, 13, 18, 19, 25, 30, 38, 42, 43, 46, 47, 56, 70, 71, 73, 76, 78, 79, 83, 84, 88, 89, 91, 102, 103, 108, 111, 112, 116, 119, 120, 121, 130, 131, 133, 143, 146, 148, 152, 156, 157, 158, 162, 165, 171, 172, 174, 175, 176, 178, 180, 181, 182, 184, 186, 189, 191], "commandid": 117, "commandid_comput": 117, "commandid_group": 117, "commandlin": [44, 85, 103, 192], "comment": [7, 10, 12, 15, 16, 24, 29, 35, 43, 45, 46, 49, 52, 57, 60, 61, 65, 66, 75, 78, 79, 81, 88, 95, 97, 100, 101, 109, 115, 119, 120, 123, 127, 128, 129, 131, 132, 141, 143, 145, 146, 149, 150, 152, 161, 162, 167, 183, 190, 191, 192], "comment_count": 46, "comment_perm": [60, 127], "comment_result": 80, "commentcount": 35, "comments_url": 46, "commentscount": 80, "commit": [3, 84, 87, 108, 112], "commit_output": 89, "commits_url": 46, "committ": 46, "common": [17, 19, 21, 30, 33, 34, 38, 72, 78, 80, 82, 85, 91, 103, 110, 111, 127, 143, 182, 191], "commonli": [15, 21, 111], "commun": [3, 4, 7, 15, 17, 20, 22, 25, 28, 31, 32, 36, 39, 43, 46, 47, 51, 53, 55, 58, 60, 63, 65, 66, 67, 72, 74, 78, 79, 81, 84, 85, 86, 87, 88, 89, 90, 92, 93, 94, 96, 97, 98, 104, 109, 113, 115, 116, 118, 121, 122, 124, 126, 127, 129, 133, 136, 140, 141, 144, 147, 148, 150, 151, 154, 155, 157, 161, 167, 168, 172, 179, 182, 187, 190], "communication_typ": 53, "communitykei": 85, "communitynicknam": 113, "comoro": 137, "comp_field": 24, "compani": [4, 7, 21, 109, 113, 117], "company_black_list": 146, "company_logo": 4, "companynam": [113, 117], "compar": [18, 35, 46, 68, 74, 106, 108, 113, 146, 191], "comparatortyp": 35, "compare_url": 46, "comparison": [98, 124, 183], "compat": [8, 13, 18, 25, 30, 46, 74, 79, 80, 81, 85, 87, 88, 91, 99, 102, 110, 111, 116, 130, 131, 142, 144, 146, 158, 173, 189], "compatibilti": 180, "compatibleversionadditionalproperti": 19, "compil": [13, 16, 18, 25, 46, 72, 79, 86, 91, 109, 116, 130, 131, 137, 146, 155, 167, 182], "compile_hits_sect": 72, "compile_section_by_dtyp": [72, 167], "compiled_sect": 72, "complaint": 188, "complet": [4, 10, 11, 12, 16, 17, 19, 21, 24, 28, 29, 38, 40, 42, 43, 49, 50, 52, 55, 56, 60, 61, 64, 65, 67, 68, 69, 74, 80, 81, 85, 94, 95, 97, 98, 100, 101, 103, 104, 105, 107, 110, 111, 115, 117, 118, 119, 120, 123, 124, 127, 128, 130, 132, 133, 135, 141, 142, 143, 144, 145, 146, 148, 155, 157, 161, 168, 178, 179, 180, 181, 182, 183, 184, 185, 186, 190, 192], "completioncom": 124, "completiondatetimeunixtimeinm": 124, "completor": 124, "complex": [41, 111, 113, 182, 191], "compli": [16, 72, 111, 167, 188], "complianc": [35, 69], "compliance_standard": 49, "compliance_statu": 146, "compliant": [19, 69, 98], "complic": [41, 179], "compon": [4, 10, 11, 12, 16, 17, 20, 24, 28, 29, 31, 35, 40, 42, 47, 52, 55, 59, 61, 64, 66, 67, 68, 73, 75, 76, 77, 78, 79, 82, 84, 87, 89, 90, 94, 98, 101, 104, 106, 107, 112, 113, 114, 115, 123, 128, 130, 131, 132, 135, 140, 141, 142, 143, 145, 146, 147, 152, 153, 156, 183, 190, 192], "component_id": 21, "component_load": 30, "componentsdir": [30, 192], "componentsvers": 108, "compos": [41, 190], "comprehens": [55, 88, 107], "compress": [127, 187], "compress_s": 127, "compress_typ": 127, "compris": 191, "compromis": [35, 61, 80, 92, 99, 102, 104, 117, 137, 153, 179, 182, 186], "compromisedent": 80, "comput": [16, 20, 38, 43, 49, 74, 78, 79, 80, 85, 116, 162], "computer_domain_nam": 117, "computer_id": [20, 117], "computer_nam": [20, 78, 117], "computerdescript": [74, 117], "computerdistinguishednam": 116, "computerdnsnam": 78, "computerid": 117, "computerip": 117, "computermemberof": 116, "computernam": [74, 116, 117], "computersandsoftwar": 144, "computertimestamp": 117, "computerusn": 117, "concaten": [100, 119, 136, 143], "concept": [53, 106, 133], "concern": 179, "concern_scor": [102, 186], "concurr": 136, "condens": [72, 167], "condit": [8, 11, 13, 15, 16, 18, 19, 23, 24, 25, 33, 38, 54, 56, 57, 59, 60, 65, 66, 67, 72, 74, 79, 80, 81, 82, 87, 89, 91, 97, 98, 102, 103, 107, 108, 110, 111, 113, 114, 116, 117, 119, 124, 127, 130, 131, 146, 150, 152, 155, 166, 167, 168, 179, 190, 191], "condition": 39, "conduct": 41, "conf": [1, 41, 133, 159], "confer": 146, "confid": [7, 10, 47, 72, 79, 80, 82, 86, 96, 102, 103, 106, 116, 130, 147, 186], "confidence_count": 72, "confidence_level": 10, "confidence_scor": [7, 56], "confidencelevel": [80, 116], "confidencescor": 72, "confidenti": 111, "config": [0, 1, 3, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 39, 41, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 55, 56, 59, 60, 61, 63, 65, 66, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 79, 80, 81, 82, 83, 84, 88, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 101, 102, 105, 106, 107, 108, 110, 111, 112, 113, 114, 115, 116, 117, 118, 121, 122, 123, 124, 125, 128, 130, 131, 132, 133, 134, 136, 137, 140, 141, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 159, 160, 161, 162, 166, 169, 172, 173, 174, 175, 176, 178, 180, 181, 182, 183], "config_command": 84, "config_data": 192, "config_fil": 157, "config_id": 55, "config_id_bas": 33, "config_id_build": 33, "config_id_platform": 33, "config_result": 84, "config_section_data": 192, "configr": [43, 116, 155], "configur": [4, 9, 10, 26, 27, 29, 34, 38, 44, 45, 48, 52, 61, 68, 70, 71, 86, 95, 100, 101, 111, 112, 115, 118, 119, 123, 127, 128, 132, 134, 138, 141, 142, 143, 145, 156, 159, 161, 163, 165, 167, 168, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182], "configurationdownloadmanag": 19, "configurationmod": 19, "configurationmodefrequencymin": 19, "configurationrepositoryweb": 19, "configurationvers": 19, "configure_connect": 182, "configured_nam": 155, "configurednam": 155, "confirm": [10, 16, 19, 43, 60, 70, 88, 99, 115, 127, 133, 137, 183], "confirmed_fraud": 137, "confirmed_legitim": 137, "conflict": [43, 72, 118, 182], "confluenc": 43, "confluent": 181, "confluentinc": 66, "confluentkafka": 181, "conform": [21, 110], "confus": [41, 85, 97, 179], "congo": 137, "conjunct": [79, 125], "conn_guid": 24, "connect": [10, 15, 24, 32, 39, 42, 43, 49, 53, 56, 64, 65, 66, 67, 70, 71, 72, 76, 79, 81, 83, 85, 87, 89, 98, 103, 106, 108, 111, 117, 121, 129, 131, 133, 134, 144, 148, 157, 169, 173, 175, 177, 178, 180, 181, 183, 184, 190, 192], "connect_data": 182, "connect_result": 116, "connect_timeout": 160, "connectend": 187, "connection_direct": 15, "connector": [24, 43, 182, 183, 192], "connector_guid": 24, "connector_id": 146, "connector_vers": 24, "connectstart": 187, "connecttimeout": [182, 183], "consecut": 183, "consent": [42, 133], "consequ": [72, 167, 185], "consid": [11, 30, 43, 78, 80, 86, 90, 102, 106, 107, 109, 113, 119, 130, 146, 152, 180, 183], "consider": [131, 191], "consist": [5, 19, 36, 43, 56, 103, 109, 160, 168, 179, 185, 189, 190, 191], "consol": [4, 15, 16, 18, 27, 33, 43, 49, 103, 130, 131, 138, 152, 160, 162, 187], "console_url": [43, 130], "consolemigrationstatu": 116, "constant": [18, 90, 182], "constraint": [111, 126, 182], "construct": [88, 107, 111, 146, 152, 164], "constructor": [137, 192], "consult": [21, 88, 111, 180], "consum": [48, 64, 66, 113, 184], "consumer_kei": 113, "consumer_key_nam": 64, "consumer_secret": 113, "contact": [21, 33, 72, 77, 85, 96, 107, 117, 139, 142, 143, 146, 150, 157, 186, 188, 191], "contact_countri": 102, "contact_email": 102, "contact_nam": 102, "contact_org": 102, "contact_result": 113, "contact_typ": 102, "contactemail": 113, "contactfax": 113, "contactid": 113, "contactinfo": 117, "contactmobil": 113, "contactphon": 113, "contain": [1, 2, 7, 8, 9, 10, 11, 12, 13, 15, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 33, 34, 35, 36, 37, 39, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 135, 136, 137, 139, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 152, 153, 154, 155, 157, 161, 167, 168, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "contained_bi": 106, "container_exit_statu": 38, "container_id": 38, "container_imag": 152, "container_nam": 1, "container_scann": 49, "container_stat": 38, "containerd": 152, "containerinfo": 116, "content": [4, 57, 119, 135, 142, 156, 159, 167, 168, 173, 178, 179, 180, 181, 182, 183, 184, 189, 191, 192], "content_as_str": 15, "content_document_link": 113, "content_typ": [60, 108, 127], "content_vers": 98, "contentremov": 37, "contents_url": 46, "contenttyp": [42, 130, 133], "contentupd": 117, "context": [39, 42, 46, 78, 79, 98, 117, 133, 146, 154, 156, 178, 186, 187], "contextu": 88, "contin": 188, "continent_cod": 13, "continent_nam": 13, "continu": [11, 15, 21, 24, 25, 30, 36, 42, 43, 64, 66, 67, 74, 78, 81, 87, 88, 89, 90, 91, 98, 99, 103, 104, 114, 117, 118, 125, 129, 133, 144, 152, 153, 157, 182, 183, 190, 191], "continueconfigur": 19, "contributor": 46, "contributors_url": 46, "control": [1, 10, 12, 13, 16, 24, 29, 43, 49, 52, 61, 68, 78, 95, 96, 101, 102, 108, 111, 115, 117, 123, 128, 132, 133, 141, 143, 152, 157, 161, 180, 184, 186, 187], "controldescript": 152, "controllerkind": 116, "controllerlabel": 116, "controllernam": 116, "controltow": 15, "conveni": [21, 30, 85, 156, 184, 186], "convent": [11, 66, 120], "convers": [13, 18, 25, 46, 79, 91, 98, 104, 106, 109, 116, 130, 131, 133, 136, 137, 146, 168, 182, 189, 190, 191], "conversationid": 42, "conversationindex": 42, "convert": [8, 11, 16, 20, 24, 28, 30, 36, 42, 43, 47, 53, 58, 59, 60, 64, 66, 67, 69, 72, 74, 78, 85, 89, 96, 98, 99, 102, 103, 106, 108, 110, 111, 112, 113, 114, 117, 124, 127, 129, 136, 137, 151, 155, 182, 184], "convert_json_to_rich_text": [13, 18, 25, 46, 79, 91, 107, 116, 130, 131, 142, 146, 189], "convert_result": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "convert_to_nw_tim": 112, "converted_json": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "convertjson": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "cook": [18, 137], "cooki": [111, 142, 187], "cool": 90, "coordin": [42, 45], "coorel": [35, 106], "coorespond": [78, 190], "coowner": 153, "copi": [1, 4, 9, 10, 12, 16, 18, 25, 28, 29, 30, 34, 35, 38, 43, 45, 49, 52, 55, 56, 61, 64, 68, 76, 78, 88, 90, 95, 97, 100, 101, 103, 106, 107, 108, 111, 113, 115, 117, 121, 123, 128, 130, 132, 140, 141, 143, 145, 146, 151, 152, 157, 161, 162, 166, 183, 184, 190, 191, 192], "copyright": [13, 18, 22, 25, 46, 56, 79, 91, 116, 130, 131, 137, 146], "core": [19, 43, 116, 157], "corecount": 116, "corel": 108, "corner": [18, 113, 120, 130, 133], "corp": [13, 18, 25, 46, 56, 79, 91, 116, 130, 131, 137, 146, 150], "corpor": [15, 21, 69, 99, 146, 149, 150], "correct": [11, 30, 36, 42, 53, 64, 66, 67, 80, 88, 103, 104, 113, 117, 131, 137, 157, 168, 183, 184, 191, 192], "correctli": [1, 4, 10, 16, 46, 49, 64, 67, 77, 87, 89, 103, 104, 129, 131, 155, 183], "correl": [91, 99, 107, 108, 113, 146], "correspond": [11, 15, 16, 24, 25, 36, 42, 43, 59, 64, 66, 67, 72, 74, 75, 78, 79, 81, 86, 88, 89, 90, 91, 97, 99, 100, 102, 103, 104, 106, 107, 108, 111, 113, 114, 115, 116, 117, 118, 119, 125, 129, 130, 131, 133, 144, 146, 152, 153, 161, 163, 166, 190], "corrupt": 184, "costa": 137, "couchdb": 43, "could": [21, 41, 43, 49, 56, 70, 72, 78, 81, 87, 99, 102, 106, 117, 133, 152, 179, 183, 191, 192], "count": [15, 35, 37, 60, 69, 70, 77, 89, 91, 98, 103, 106, 107, 108, 111, 113, 116, 117, 127, 130, 146, 155, 167, 179, 187], "count_items_in_tuple_list": 98, "count_unique_devic": 146, "counted_object": 98, "counted_wf": 98, "counter": [19, 34, 96, 103, 115], "counter_act_adapt": 18, "counterproperti": 19, "countervalu": 19, "countri": [7, 13, 15, 18, 21, 37, 50, 60, 62, 96, 103, 104, 113, 127, 131, 137, 150, 186, 187, 188], "country_cod": [13, 96], "country_nam": [7, 13, 15, 62, 137, 187], "country_pref": 18, "countrycod": [7, 67], "countrynam": [7, 15], "cours": 153, "cousin": 96, "cover": [21, 35, 78], "covid": 72, "cp": 66, "cp4": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167, 168, 179, 180, 183, 184, 185, 187, 188, 190], "cp4s_cases_prefix": 119, "cp4s_host_url": 121, "cpan": 91, "cpe": 106, "cpe_vers": 106, "cpreus": 182, "cptimeout": 182, "cpu": 108, "cpu_stat": 38, "cpu_usag": 38, "cpucount": 116, "cpudescr": 108, "cpuid": 116, "cpuserialnumb": 74, "cpuspe": 74, "cputyp": 74, "cpuvendor": 108, "cpv": 137, "cpython": 15, "cq": 122, "cqaaabyaaadi5xky9khuq48uewaxv": 42, "craft": [78, 119], "crawl": 38, "crc": 127, "crdf": [13, 144, 188], "cre_rul": 104, "creat": [2, 3, 4, 7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 20, 22, 23, 24, 28, 29, 30, 33, 35, 37, 38, 39, 40, 44, 47, 49, 51, 52, 53, 55, 56, 59, 61, 63, 66, 68, 70, 71, 72, 73, 75, 76, 77, 79, 80, 82, 85, 88, 91, 92, 95, 97, 98, 100, 101, 106, 107, 109, 111, 115, 116, 117, 118, 122, 123, 124, 125, 128, 130, 131, 132, 134, 135, 136, 138, 140, 141, 142, 143, 144, 146, 150, 152, 153, 154, 155, 161, 163, 164, 166, 167, 168, 178, 180, 181, 182, 183, 184, 186, 188, 189, 190, 191], "create_a_remedy_incident_from_task": [98, 110], "create_a_scheduled_rul": 114, "create_address_result": 89, "create_alerts_and_incid": 90, "create_artifact": [60, 127], "create_artifact_result": 108, "create_attach_result": 108, "create_cas": [35, 49, 64, 107, 113, 116, 130, 146], "create_case_templ": 131, "create_channel_result": 133, "create_d": [60, 64, 66, 88, 98, 103, 127, 129, 133], "create_extra_artifact": 103, "create_field": 60, "create_group_result": 133, "create_hit": 167, "create_incid": [90, 162], "create_incident_templ": [78, 80], "create_incidents_action_plan": 162, "create_incidents_risk_model": 162, "create_issu": 74, "create_mileston": [60, 127], "create_note_from_data_t": 30, "create_note_result": 104, "create_record": 119, "create_result": [19, 64], "create_salesforce_case_result": 113, "create_servic": 90, "create_system": 127, "create_tag_result": 43, "create_task_result": 113, "create_team": 133, "create_tim": [49, 103, 104, 146], "create_timestamp": 146, "create_tmp_fil": 112, "create_vers": 127, "createassociatedincid": 137, "createbucket": 15, "created": [16, 77], "created_at": [15, 46, 90, 106, 107], "created_bi": [21, 146], "created_d": 102, "created_incid": 21, "created_tim": 107, "createdat": [15, 19, 35, 116, 152], "createdbi": [78, 117], "createdbydisplaynam": 78, "createdbyid": 113, "createdbysourc": 78, "createdd": [74, 113, 116], "createddatetim": [42, 79, 133], "createdtim": [78, 117, 133], "createdtimeutc": [66, 80], "createimag": 15, "createorg": 192, "createplaintext": [11, 17, 25, 54, 63, 78, 80, 84, 85, 91, 98, 108, 124, 192], "createrichtext": [9, 13, 15, 16, 18, 20, 21, 22, 24, 25, 28, 31, 32, 33, 34, 36, 38, 39, 41, 43, 46, 47, 50, 53, 54, 59, 60, 62, 67, 72, 76, 78, 79, 80, 82, 85, 88, 91, 93, 94, 97, 98, 99, 102, 106, 108, 110, 113, 114, 116, 117, 119, 124, 125, 127, 129, 130, 131, 133, 137, 138, 139, 144, 145, 146, 148, 149, 150, 153, 155, 186, 192], "createsnapshot": 15, "createtag": 15, "createtim": [49, 78], "createwindowfromurl": 117, "creation": [20, 35, 38, 43, 49, 55, 60, 64, 72, 74, 81, 90, 97, 103, 104, 106, 107, 110, 111, 113, 114, 119, 124, 127, 130, 131, 133, 144, 146, 155, 167, 183, 191], "creation_d": [144, 149], "creation_tim": 104, "creationd": [103, 131], "creationdatetimeutc": 78, "creationopt": 133, "creationtim": [19, 35, 78, 117, 124], "creationtimedatetimeutc": 78, "creationtimedatetimeutc_t": 78, "creationtimestamp": 49, "creationtimeunixtimeinm": 124, "creator": [8, 60, 64, 107, 125, 127, 156], "creator_id": [60, 108, 127], "creator_princip": [60, 98, 108, 109, 127], "creatorid": 148, "creatornam": 74, "creatoruserid": 124, "cred": 19, "credenti": [12, 25, 33, 35, 43, 49, 55, 80, 99, 103, 104, 111, 114, 121, 155, 186], "credential_delet": 19, "credential_descript": 19, "credential_nam": 19, "credential_query_d": 19, "credential_upd": 19, "credential_usernam": 19, "credibl": [103, 104], "credit_card_field_pres": 13, "credits_remain": 13, "creeventlist": 104, "cri": [137, 152], "crimestatus_id": [60, 127], "crimin": [137, 144, 168, 188], "criminal_ip_ip_threat_servic": 168, "criminal_ip_url_threat_servic": 168, "criminalio": 168, "criminalip_api_kei": 168, "criminalip_ip_address": 168, "criminalip_playbook": 168, "crit_server_suspicious_download": 43, "criteria": [34, 36, 42, 43, 60, 78, 80, 98, 106, 108, 113, 114, 127, 183, 191], "criterion": 15, "critic": [35, 43, 49, 59, 66, 82, 90, 102, 106, 107, 118, 124, 130, 152, 179, 183], "criticaleventsinfolist": 117, "criticalexpirationtim": 124, "crl": [144, 188], "crl3": 144, "crl4": 144, "crl_distribution_point": [144, 188], "croatia": 137, "croatian": 147, "cron": 114, "cross": [43, 187], "crosspremisesheadersfilt": 91, "crosspremisesheaderspromot": 91, "crossten": 91, "crosstenantheadersstamp": 91, "crowd": 43, "crowd_strike_adapt": 18, "crowdsec": [144, 188], "crowdsourc": 72, "crowdstrik": 116, "crr": 188, "crt": [77, 88, 108, 144], "crucial": [111, 133], "cryptoapi": 43, "cryptocurr": 43, "cryptocurrency_min": 43, "cryptograph": 111, "cryptographi": [64, 85, 88, 91, 143, 157], "cryptographickei": 81, "cryptographydeprecationwarn": 157, "cryptolaemu": 72, "cryptomin": 43, "cryptomining_pool_dns_request": 43, "cryptomining_pool_ssl_connect": 43, "cs_action": 33, "cs_action_nam": 33, "cs_device_id": 33, "cs_falcon_bauth_api_kei": 33, "cs_falcon_bauth_api_uuid": 33, "cs_falcon_bauth_base_url": 33, "cs_falcon_devices_dt": 33, "cs_falcon_devices_ioc_ran_on_results_dt": 33, "cs_falcon_oauth2_base_url": 33, "cs_falcon_oauth2_cid": 33, "cs_falcon_oauth2_kei": 33, "cs_falcon_ping_delai": 33, "cs_falcon_ping_timeout": 33, "cs_filter_str": 33, "cs_ioc_typ": 33, "cs_ioc_valu": 33, "cs_queri": 33, "cs_return_limit": 33, "csc": 149, "csc_id": 24, "csesign": 130, "csr": [88, 111], "csrss": 108, "css": [41, 58, 142], "csv": [47, 59, 70, 121, 138, 143, 182], "csv_data": 36, "csv_hdr1": 36, "csv_header": 36, "ct": [169, 170, 171, 172, 173, 174, 175, 176, 177], "cti": 102, "ctive": 66, "ctp": 156, "ctrl": 192, "ctry": 91, "cub": 137, "cuba": 137, "cubi4pm6d": 85, "cunha": 137, "cura\u00e7ao": 137, "curl": 89, "curli": 111, "current": [1, 4, 15, 24, 25, 33, 36, 38, 39, 41, 42, 43, 53, 69, 72, 78, 79, 80, 103, 106, 108, 109, 111, 114, 116, 117, 119, 120, 127, 130, 131, 133, 136, 137, 145, 146, 148, 162, 179], "current_d": 182, "current_dt": [80, 98, 124], "current_item_count": 24, "current_rol": 182, "current_sensor_policy_nam": 146, "current_tim": [103, 104, 136, 182], "current_timestamp": 182, "current_us": 182, "currentclientid": 117, "currentgroup": 35, "currentloginusernam": 117, "currentlyclassifiedasthreat": 37, "curtrackingid": 159, "custom": [1, 3, 4, 9, 10, 11, 13, 14, 23, 26, 29, 33, 34, 37, 38, 39, 40, 45, 46, 52, 57, 60, 61, 68, 72, 76, 83, 86, 89, 90, 91, 95, 97, 101, 105, 111, 112, 123, 125, 127, 128, 132, 134, 135, 136, 138, 141, 142, 143, 144, 145, 147, 148, 159, 161, 162, 163, 165, 166, 168, 169, 170, 171, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182, 183, 185, 186, 187, 189, 190], "custom_": 120, "custom_attribute_group": 131, "custom_bool": 183, "custom_crit": 43, "custom_data": 107, "custom_field": [60, 127, 183], "custom_field_int": 184, "custom_int": 66, "custom_mak": 43, "custom_model": 43, "custom_nam": 43, "custom_res_wf_addcom": 120, "custom_sever": 161, "custom_template_dir": 76, "custom_typ": 43, "customact": 103, "customassetnumb": 69, "customattribut": 131, "customattributegroup": 131, "customcategori": 155, "customer_detection_templ": 43, "customer_nam": 137, "customerpriority__c": 113, "customfield_10001": 64, "customfield_10002": 64, "customfield_10003": 64, "customfield_10004": 64, "customfield_10005": 64, "customfield_10006": 64, "customfield_10007": 64, "customfield_10008": 64, "customfield_10009": 64, "customfield_10010": 64, "customfield_10014": 64, "customfield_10015": 64, "customfield_10016": 64, "customfield_10017": 64, "customfield_10018": 64, "customfield_10019": 64, "customfield_10020": 64, "customfield_10021": 64, "customfield_10022": 64, "customfield_10023": 64, "customfield_10024": 64, "customfield_10025": 64, "customfield_10026": 64, "customfield_10027": 64, "customfield_10028": 64, "customfield_10029": 64, "customfield_10030": 64, "customfield_10031": 64, "customfield_10035": 64, "customfield_10041": 64, "customipsnumb": 117, "customis": 138, "customiz": [21, 111, 113], "customlist": 155, "customlist_url": 155, "customproperti": 79, "customurlscount": 155, "cuw": 137, "cv": [36, 147], "cve": [9, 37, 43, 49, 78, 81, 106, 152, 153, 156, 173], "cve_2017_12635": 43, "cve_2018_1111": 43, "cve_2018_13379": 43, "cve_2018_15961": 43, "cve_2018_7600": 43, "cve_2019_0193": 43, "cve_2019_0604": 43, "cve_2019_0708": 43, "cve_2019_10149": 43, "cve_2019_11510": 43, "cve_2019_11580": 43, "cve_2019_15846": 43, "cve_2019_17558": 43, "cve_2019_19781_exploit": 43, "cve_2019_19781_scan": 43, "cve_2019_2725": 43, "cve_2019_8394": 43, "cve_2019_9670": 43, "cve_2020_0601": 43, "cve_2020_0796": 43, "cve_2020_10189": 43, "cve_2020_11651": 43, "cve_2020_12695": 43, "cve_2020_1301": 43, "cve_2020_1350": 43, "cve_2020_1472": 43, "cve_2020_1472_exploit": 43, "cve_2020_15505": 43, "cve_2020_16898": 43, "cve_2020_16899": 43, "cve_2020_17051": 43, "cve_2020_1938": 43, "cve_2020_25577": 43, "cve_2020_25583": 43, "cve_2020_3952": 43, "cve_2020_5902": 43, "cve_2020_6207": 43, "cve_2020_6287": 43, "cve_2020_7247": 43, "cve_2021_1497": 43, "cve_2021_1498": 43, "cve_2021_21972_exploit": 43, "cve_2021_21972_scan": 43, "cve_2021_21974": 43, "cve_2021_21985": 43, "cve_2021_22005": 43, "cve_2021_22006": 43, "cve_2021_22205": 43, "cve_2021_22893": 43, "cve_2021_22986": 43, "cve_2021_22991": 43, "cve_2021_26084": 43, "cve_2021_26432": 43, "cve_2021_26877": 43, "cve_2021_26897": 43, "cve_2021_28324": 43, "cve_2021_31166": 43, "cve_2021_31181": 43, "cve_2021_34467": 43, "cve_2021_34473": 43, "cve_2021_34527": 43, "cve_2021_35394": 43, "cve_2021_35395": 43, "cve_2021_38647": 43, "cve_2021_42321": 43, "cve_2021_43798": 43, "cve_2021_44228_jndi_injection_attempt": 43, "cve_2021_44228_outbound_act": 43, "cve_2022_0543": 43, "cve_2022_1388": 43, "cve_2022_21907": 43, "cve_2022_22947": 43, "cve_2022_22963": 43, "cve_base_url": 34, "cve_browse_criteria": 34, "cve_data": 34, "cve_id": 34, "cve_product": 34, "cve_published_date_from": 34, "cve_published_date_to": 34, "cve_vendor": 34, "cvedescript": 152, "cvesearch": 9, "cvss": 103, "cvsssever": 152, "cvssv3": 78, "cwe": 152, "cxc9c21vzm9i5fmhse01": 35, "cxgrz1lhmckuhjt1bwtnlqlptloqw23vpmbfoiyx5vd0krolxavm9svt0hqskjrm": 98, "cxr": 137, "cy": 147, "cyan": [144, 188], "cyber": [59, 72, 82, 102, 119], "cyber_threat": 37, "cybercrimetrack": 72, "cybersecur": [18, 43, 115], "cybersecuritynord": 126, "cybl": [144, 188], "cycl": [102, 152], "cym": 137, "cymru": 150, "cyp": 137, "cypru": 137, "cyradar": [144, 188], "cze": 137, "czech": [137, 147], "c\u00f4te": 137, "d": [4, 24, 35, 36, 37, 39, 41, 43, 46, 47, 53, 59, 64, 84, 91, 96, 98, 104, 109, 113, 114, 117, 119, 136, 137, 143, 144, 152, 168, 179, 183, 192], "d0778d158e1c": 103, "d07bd1d1c542": 78, "d0b6ed57092e5bb92ad7e416cec5b38": 117, "d0fae7aa5267": 24, "d1": 35, "d130c96d092e5bb9462d73538f0e81d": 117, "d1419415": 98, "d15766ead5d8ffe68fd96d4bda75c07378fc74f76e251ae6631f4ec8226d2bcb": 24, "d1ce3546": 78, "d23f6954092e5bb936229e50aa2cb93f": 117, "d246430aba02": 24, "d24c": 106, "d290d93c7e38": 78, "d2a71e10092e5bb9148778de794e7d5b": 117, "d2b788a6": 187, "d2f71e8c": 85, "d3": 116, "d34404c5092e5bb9462d73534707f282": 117, "d34bae779faf": 19, "d373": 98, "d3e01d28a716": 146, "d3e927678ab6e0f6f00eba36f137565ba945d311f694a40fd8d1998296d41391e7ff9b07269499346ad65bc8f9f27d79b46680b1dc5656ad9e213491c2e1523a": 127, "d4": 117, "d42a": 98, "d4cbb29": 33, "d5": 24, "d5dd920be5bcfeb904e95da4b6d0ccca0727d692": 77, "d5e6b5c5eb01": 24, "d67dc4211cb83f014c33af976208cc601e35abf251e405e8841e1cb449a48b0": 108, "d6815ac62179797d87d21b942ed7c96f": 127, "d6ac50bb": 152, "d6c2bb7e092e5bb9439171f2482999ef": 117, "d7": 108, "d716bb4b": 10, "d717": 98, "d7631510d34e": 24, "d770feb6": 74, "d859465ac0ccfadba558b6a4856f9517f3ab15ac3b338a96a815af7": 127, "d8d395f8744335fba53b0a4308e7b380a0aca86bfc8939ded9f4c8c5cb1e838a": 122, "d900b5f0": 59, "d992": 130, "d9b13f24303c": 133, "d_gt": 19, "da": [137, 147], "da042c57": 35, "da39a3e": 35, "da637701781744658799_2045659800": 78, "da637727919412649530_": 79, "da637792709228082931_312545642": 78, "daemon": [11, 38, 78, 133], "daf0": 157, "dai": [7, 11, 19, 36, 43, 55, 78, 88, 98, 103, 104, 117, 130, 131, 136, 138, 143, 148, 159, 168], "daili": [43, 96, 114, 153], "dalesandro": 88, "danc": 64, "dandbcompanyid": 113, "danish": 147, "dao": [144, 188], "daonoff": 117, "dark": [102, 185, 186, 192], "darkgoldenrod": 41, "darktrac": 156, "darktrace_aianalyst_incident_group_id": 35, "darktrace_associated_device_id": 35, "darktrace_associated_devices_dt": 35, "darktrace_base_url": 35, "darktrace_breach_link": 35, "darktrace_data_table_nam": 35, "darktrace_device_count": 35, "darktrace_device_dt_credenti": 35, "darktrace_device_dt_first_seen": 35, "darktrace_device_dt_hostnam": 35, "darktrace_device_dt_id": 35, "darktrace_device_dt_ip": 35, "darktrace_device_dt_label": 35, "darktrace_device_dt_last_seen": 35, "darktrace_device_dt_mac_address": 35, "darktrace_device_dt_o": 35, "darktrace_device_dt_tag": 35, "darktrace_device_dt_typ": 35, "darktrace_device_id": 35, "darktrace_device_tag": 35, "darktrace_group_categori": 35, "darktrace_group_scor": 35, "darktrace_incident_event_id": 35, "darktrace_incident_events_dt": 35, "darktrace_incident_events_dt_acknowledg": 35, "darktrace_incident_events_dt_ai_analyst_scor": 35, "darktrace_incident_events_dt_categori": 35, "darktrace_incident_events_dt_created_at": 35, "darktrace_incident_events_dt_event_id": 35, "darktrace_incident_events_dt_initiating_device_id": 35, "darktrace_incident_events_dt_summari": 35, "darktrace_incident_events_dt_titl": 35, "darktrace_incident_group_acknowledg": 35, "darktrace_incident_group_id": 35, "darktrace_incident_group_link": 35, "darktrace_incident_group_start_tim": 35, "darktrace_incident_last_modifi": 35, "darktrace_include_model_breach_data": 35, "darktrace_initiating_device_id": 35, "darktrace_model_breach_pbid": 35, "darktrace_model_breaches_dt": 35, "darktrace_model_breaches_dt_acknowledg": 35, "darktrace_model_breaches_dt_associated_ev": 35, "darktrace_model_breaches_dt_breach_id": 35, "darktrace_model_breaches_dt_nam": 35, "darktrace_model_breaches_dt_threat_scor": 35, "darktrace_model_breaches_dt_time_occur": 35, "darktrace_number_of_events_in_group": 35, "darktrace_soar_case_id": 35, "dartkrac": 35, "darussalam": 137, "dash": [85, 97, 114], "dashboard": [107, 161], "dat": [35, 154], "data": [7, 9, 10, 11, 12, 13, 17, 22, 28, 29, 30, 31, 32, 37, 39, 40, 46, 47, 48, 51, 53, 57, 58, 63, 65, 66, 70, 71, 72, 73, 75, 76, 79, 81, 84, 85, 86, 89, 90, 91, 92, 93, 94, 97, 100, 101, 105, 112, 113, 115, 120, 121, 122, 123, 126, 128, 131, 133, 134, 135, 136, 140, 141, 143, 144, 147, 148, 149, 150, 151, 153, 154, 156, 159, 162, 164, 166, 167, 168, 169, 174, 176, 185, 186, 187, 188, 189, 190, 191, 192], "data_compromis": [60, 127], "data_contain": [60, 127], "data_encrypt": [60, 127], "data_exfil_by_vpn": 43, "data_exfiltr": 43, "data_fe": 184, "data_feed": 184, "data_feeder_retri": 183, "data_feeder_sync": 183, "data_field": [24, 105], "data_flg": 98, "data_format": [60, 127], "data_list": 117, "data_set": 117, "data_sourc": [36, 102, 186], "data_source_id": [60, 127], "data_str": 107, "data_stream": 39, "data_t": [15, 36, 43], "data_table_api1": 109, "data_table_api2": 109, "data_table_api3": 109, "data_table_api_nam": [180, 181, 183, 184], "data_table_field": 15, "data_tbl_field": [16, 24, 43, 117, 155], "data_tbl_fields_comput": 24, "data_tbl_fields_evnt": 24, "data_tbl_fields_fil": 24, "data_tbl_fields_luak": 16, "data_tbl_fields_ni": 24, "data_tbl_fields_top": 24, "data_transfer_issu": 43, "databas": [7, 13, 34, 38, 39, 41, 43, 56, 62, 69, 72, 80, 89, 95, 103, 114, 122, 134, 144, 150, 152, 156, 165, 167, 184, 188, 192], "database_brute_forc": 43, "database_enumer": 43, "database_issu": 43, "database_label1": 87, "database_nam": 55, "database_takeov": 43, "database_transaction_failur": 43, "database_typ": 56, "database_us": 55, "databl": 98, "datacenter_nam": 146, "dataclass": [57, 185], "datadog": 90, "datafil": 114, "dataflow": 186, "datalength": 187, "datalist": 191, "dataset": [39, 128], "datasourc": [55, 56], "datasourcenam": 152, "datastor": [39, 182, 192], "datastore_dir": 114, "datat": [15, 16, 20, 21, 24, 26, 27, 34, 41, 49, 55, 59, 64, 74, 77, 78, 80, 82, 88, 96, 97, 99, 104, 108, 110, 117, 119, 120, 125, 129, 138, 156, 160, 180, 181, 182, 183, 184, 186, 190, 191, 192], "datatable_api_nam": 36, "datatable_column_nam": 36, "datatable_column_names_list": 87, "datatable_id": 55, "datatable_nam": 74, "datatyp": [72, 167, 181], "datavolum": 35, "date": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 30, 31, 32, 33, 34, 35, 36, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 55, 56, 57, 58, 59, 60, 64, 65, 66, 67, 68, 69, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 122, 124, 126, 127, 129, 130, 131, 133, 136, 137, 138, 141, 143, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 167, 168, 178, 179, 180, 181, 182, 183, 184, 185, 187, 188, 189, 190, 191, 192], "date_ad": [117, 152], "date_cr": [32, 103, 138], "date_created_t": 138, "date_format": [90, 106, 137], "date_last": 10, "date_rang": 96, "date_s": [88, 137], "date_sight": 81, "date_start": 183, "date_str": 102, "date_tim": [68, 127], "date_utc": 91, "dateformat": 104, "datepick": [36, 46, 60, 78, 127, 182], "datetim": [17, 18, 19, 21, 25, 33, 36, 38, 41, 42, 43, 79, 80, 96, 99, 102, 103, 104, 106, 107, 108, 114, 116, 119, 124, 125, 129, 130, 136, 137, 144, 146, 152, 183], "datetimepick": [18, 19, 21, 22, 24, 25, 31, 35, 36, 41, 42, 43, 55, 59, 60, 64, 69, 74, 78, 80, 87, 88, 96, 98, 99, 103, 106, 107, 108, 110, 116, 117, 119, 124, 125, 127, 129, 136, 137, 146, 148, 168, 182], "dateutil": 114, "davi": [57, 185], "davidonzo": 72, "davidonzo_hash": 72, "dax30": 72, "days_of_week": 90, "days_to_search": 166, "days_to_search_back": 104, "db": [34, 114, 121, 150, 182, 192], "db1aec5222075800eda75d7205267569679b424e5c58a28102417f46d3b5790d": 77, "db222226gq11111": 19, "db5f6228a066": 98, "db7350fc": 133, "db847b29092e5bb97e3f195b18644c0": 117, "db_artifact_valu": 96, "db_infer": 96, "db_label": 87, "db_match": 96, "db_match_no": 96, "db_processing_spik": 43, "db_properti": 96, "db_sync_postgr": 183, "db_timestamp": 96, "db_url": 114, "db_user": [55, 56], "db_valu": 96, "dbeaver": 183, "dbq": 87, "dbt": 116, "dc": [35, 67, 98, 108, 118, 160, 192], "dc3c8a0ce1f2464897d8c1995d66e1e4": 129, "dc3d": 80, "dc765d0e5e68": 124, "dc968f62938179dc007bced955b9a27c1a9949e00f168868c5e68fbff5742f93": 108, "dc_impact_lik": [60, 127], "dca551c7dxxxx930aexxxxddxxxx930ae68d54b971xxxxxxxxx": 148, "dcec": 103, "dch": 72, "dcom": 43, "dcom_lateral_mov": 43, "dcshadow": 43, "dcsync": 43, "dd": [33, 36, 70, 98, 104, 114], "dd20": 98, "dd8aaae30c54": 33, "dd9e9": 91, "ddc30808cf5d06d3": 54, "ddc5": 24, "ddd": 80, "dddc": 107, "dddd": 19, "ddo": 7, "ddt": 69, "de": [7, 16, 24, 38, 57, 72, 74, 82, 89, 108, 147, 159, 167, 187], "de96a6e69944335375dc1ac238336066889d9ffc7d73628ef4fe1b1b160ab32c": 108, "de_identified_text": 47, "deactivated_mfa": 16, "deactivationreason": 49, "deal": 38, "deatch": 135, "death": 7, "debian": 117, "debounc": 183, "debug": [9, 11, 28, 30, 34, 68, 78, 82, 100, 110, 121, 127, 140, 151, 155, 157, 183], "debug_script": 16, "debugg": 192, "dec": 13, "dec4dad8": 152, "decemb": [41, 107], "decid": [41, 121], "decis": [70, 102, 112, 115, 143], "declar": 192, "declin": 43, "decod": [16, 44, 46], "decreas": [35, 43], "decript": 21, "decrypt": [0, 111], "dedic": [16, 59, 107, 182, 190], "dedup": [7, 98], "dedup_sect": [72, 167], "dedup_verdict_sect": 72, "dedupl": 72, "deem": [92, 188], "deep": 103, "deep_security_adapt": 18, "def": [13, 15, 16, 18, 19, 24, 25, 33, 36, 43, 46, 53, 59, 64, 69, 72, 78, 79, 91, 96, 98, 99, 106, 108, 110, 116, 117, 124, 130, 131, 137, 145, 146, 149, 150, 152, 155, 167, 182, 187, 191, 192], "defang": 191, "defang_pattern": 137, "default": [4, 7, 9, 10, 11, 12, 13, 15, 16, 18, 19, 23, 24, 25, 29, 33, 35, 36, 39, 41, 42, 43, 44, 46, 49, 52, 55, 56, 59, 61, 64, 65, 66, 67, 68, 69, 73, 74, 76, 78, 79, 80, 85, 86, 88, 89, 90, 91, 95, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 111, 113, 114, 115, 116, 117, 118, 119, 120, 121, 123, 124, 125, 126, 127, 128, 130, 131, 132, 133, 138, 141, 142, 143, 146, 152, 153, 157, 159, 161, 167, 173, 178, 180, 181, 182, 183, 184, 189, 190, 191, 192], "default_branch": 46, "default_data_table_limit": 18, "default_environ": 124, "default_folder_path": 41, "default_from": 90, "default_nam": 43, "default_query_nam": 18, "default_query_str": 18, "default_token_typ": 111, "default_us": [43, 78, 80, 90, 107, 130, 146], "defaultgroupnotificationfrequ": 113, "defaultkei": 16, "defaultlangid": 74, "defaultlocationid": 117, "defaultnetworkti": 49, "defaultpag": 106, "defaultprofil": 19, "defaultserviceaccount": 49, "defaultus": 16, "defend": [79, 108, 156], "defender_action_com": 78, "defender_alert": 78, "defender_alert_assigned_to": 78, "defender_alert_classif": 78, "defender_alert_determin": 78, "defender_alert_id": 78, "defender_alert_info": 78, "defender_alert_lastseen": 78, "defender_alert_lastupdatetim": 78, "defender_alert_result_max": 78, "defender_alert_sever": 78, "defender_alert_statu": 78, "defender_app_execution_act": 78, "defender_atp_machin": 78, "defender_classif": 78, "defender_com": 78, "defender_descript": 78, "defender_determin": 78, "defender_expiration_tim": 78, "defender_file_hash": 78, "defender_filter_nam": 78, "defender_filter_valu": 78, "defender_find_machines_by_fil": 78, "defender_get_related_alert_inform": 78, "defender_incident_createtim": 78, "defender_incident_id": 78, "defender_incident_lastupdatetim": 78, "defender_incident_statu": 78, "defender_incident_url": 78, "defender_ind": 78, "defender_indicator_act": 78, "defender_indicator_field": 78, "defender_indicator_filt": 78, "defender_indicator_id": 78, "defender_indicator_typ": 78, "defender_indicator_valu": 78, "defender_isolation_act": 78, "defender_isolation_typ": 78, "defender_lookback_timefram": 78, "defender_machin": 78, "defender_machine_id": 78, "defender_machine_scantyp": 78, "defender_restriction_typ": 78, "defender_sever": 78, "defender_tag": 78, "defender_titl": 78, "defender_update_alert_templ": 78, "defender_update_incid": 78, "defender_update_incident_templ": 78, "defender_user2": [43, 78], "defenderavstatu": 78, "defens": [59, 72, 99], "defer": 190, "defin": [5, 11, 13, 15, 16, 18, 21, 25, 30, 33, 36, 44, 46, 49, 53, 56, 59, 64, 66, 67, 70, 76, 78, 79, 80, 87, 88, 89, 91, 102, 103, 104, 106, 107, 108, 111, 113, 114, 116, 119, 125, 129, 130, 131, 137, 138, 146, 148, 152, 157, 161, 164, 178, 180, 181, 182, 183, 184, 189, 192], "definit": [19, 44, 53, 70, 71, 88, 92, 96, 97, 98, 103, 108, 117, 119, 134, 155, 159, 163, 164, 166, 182, 183], "deflat": 111, "defusedxml": [47, 91, 117], "degre": 96, "dehash": 185, "delai": [35, 36, 43, 91, 98, 136, 146, 167], "delayed_citrix_data_transf": 43, "delayed_data_transf": 43, "delayed_database_data_transf": 43, "delayed_email_data_transf": 43, "delayed_ftp_data_transf": 43, "delayed_http_data_transf": 43, "delayed_ip_address_configur": 43, "delayed_kerberos_auth": 43, "delayed_kerberos_data_transf": 43, "delayed_ldap_auth": 43, "delayed_ldap_data_transf": 43, "delayed_memcache_data_transf": 43, "delayed_redis_data_transf": 43, "delayed_web_servic": 43, "delayed_wifi_auth": 43, "deleg": [42, 157], "delegatedapproverid": 113, "delet": [11, 21, 23, 26, 29, 30, 43, 49, 60, 61, 81, 85, 87, 98, 100, 101, 103, 106, 108, 109, 110, 111, 114, 115, 123, 124, 127, 128, 143, 146, 153, 167, 168, 169, 173, 177, 180, 181, 182, 183, 184, 185, 186, 187, 188], "delete_attach": [60, 127], "delete_channel": 133, "delete_cr": 19, "delete_domain": 26, "delete_execution_tim": 24, "delete_fingerprintlist_result": 117, "delete_group": 133, "delete_incid": 183, "delete_intel_item": 129, "delete_issu": 74, "delete_result": 42, "delete_runbook": 19, "delete_schedul": 19, "delete_system": 74, "deletealarm": 15, "deleted_cert": 16, "deleted_cr": 16, "deleted_kei": 16, "deleted_list": 42, "deleted_mfa": 16, "deleteddatetim": 133, "delimit": [120, 138], "deliv": 99, "deliver_exploit": 146, "deliveri": [91, 100], "delta": [11, 114, 136], "demand": 126, "demo": [18, 24, 106, 114, 124, 152, 192], "demo_amp": 24, "demo_app": 137, "demo_low_prev_retro": 24, "demo_stabuniq": 24, "demo_tinba": 24, "demo_upatr": 24, "demo_wannacry_ransomwar": 24, "demo_zbot": 24, "demoasset": [19, 78, 79, 80], "democrat": 137, "demograph": 96, "demonstr": [63, 102, 104, 124, 134, 145], "demostr": 44, "deni": [16, 19, 23, 25, 43, 188, 190], "denial": [43, 113], "denmark": 137, "denot": [25, 113, 146], "deny_list": 190, "denyall_group": 16, "depart": [21, 113, 117], "depend": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 24, 25, 28, 32, 33, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 64, 65, 66, 67, 72, 74, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 120, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 142, 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 157, 167, 183, 184, 192], "deploi": [4, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167, 168], "deploy": [4, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 158, 167, 182], "deployment_id": 98, "deployment_typ": 146, "deploymentmessag": 117, "deploymentprevers": 117, "deploymentrunningvers": 117, "deployments_url": 46, "deploymentstatu": 117, "deploymenttargetvers": 117, "deprec": [57, 64, 102, 103, 111, 119, 156, 157], "dept": 18, "depth": [11, 153], "der": 188, "deregistered_tim": 146, "deregistr": 108, "deriv": [24, 43, 53, 117, 191], "dermotgroup": 67, "dermotgroup2": 67, "desc": [24, 43, 80, 98, 116, 117], "descend": [74, 98, 117], "descr": 88, "describ": [25, 42, 61, 63, 64, 69, 75, 76, 101, 104, 106, 111, 115, 121, 123, 128, 136, 143, 153, 162, 182], "describeconfigurationrecorderstatu": 15, "describedbclust": 15, "describedbinst": 15, "describeinst": 15, "describemetricfilt": 15, "describeregion": 15, "describetrail": 15, "describevolum": 15, "descript": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 35, 36, 37, 38, 39, 41, 42, 43, 45, 46, 47, 49, 51, 52, 53, 55, 57, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 141, 142, 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 157, 159, 161, 162, 178, 180, 182, 183, 184, 189, 190, 191, 192], "descriptor": [144, 188], "desenmascara": [144, 188], "deseri": 43, "design": [11, 21, 38, 49, 72, 76, 81, 88, 91, 97, 98, 114, 119, 121, 130, 151, 183, 191], "desir": [16, 29, 49, 70, 87, 107, 119, 121, 125, 146, 152], "desk": 21, "desktop": [18, 35, 43, 85, 117, 124, 133, 157, 159, 192], "desouza": 99, "dest": 91, "dest_dir": 38, "destin": [4, 8, 35, 38, 40, 41, 42, 44, 45, 50, 56, 60, 73, 79, 98, 104, 108, 109, 121, 123, 124, 127, 135, 138, 161, 162, 165, 166, 180, 181, 183, 184], "destination_byt": 103, "destination_ip": 103, "destination_network": 104, "destination_packet": 103, "destination_port": 103, "destinationaddress": 79, "destinationbyt": 103, "destinationdomain": [79, 124], "destinationip": 103, "destinationip_count": 103, "destinationloc": 79, "destinationpacket": 103, "destinationport": [79, 103], "destinationurl": [79, 124], "destinationzon": 8, "destruct": 163, "desync": 43, "det": [43, 82], "det_descript": 43, "det_id": 43, "det_typ": 43, "detach": [4, 38], "detached_polici": 16, "detail": [6, 10, 11, 16, 19, 20, 21, 24, 26, 30, 33, 37, 42, 43, 48, 49, 50, 58, 59, 64, 65, 74, 75, 76, 78, 87, 88, 90, 91, 98, 100, 102, 103, 105, 106, 107, 108, 111, 113, 118, 119, 121, 122, 124, 125, 127, 129, 130, 133, 136, 139, 142, 145, 148, 152, 155, 156, 162, 164, 165, 179, 183, 187, 190, 191, 192], "detail_msg": 98, "detailblad": 79, "detailbladeinput": 79, "detailed_decript": 21, "detailednam": 152, "details_data": 8, "detecion": 43, "detect": [4, 13, 15, 20, 28, 56, 63, 65, 72, 78, 79, 82, 86, 99, 103, 104, 107, 108, 115, 116, 117, 124, 130, 131, 146, 155, 156, 167, 186, 188], "detected_at": 137, "detected_malware_app": 146, "detected_url": 188, "detectedmalwar": 155, "detectedremediationstatu": 131, "detection_criteria": 106, "detection_data": 106, "detection_id": [24, 43], "detection_list": [43, 106], "detection_not": 43, "detection_relev": 106, "detection_row": 106, "detection_rule_rrn": 107, "detection_sha256": 24, "detection_timestamp": 146, "detection_typ": 43, "detection_url": 43, "detection_url_html": 43, "detectiond": 131, "detectionengin": 116, "detectionid": 79, "detectionmethod": 152, "detectionserverid": 131, "detectionservernam": 131, "detectionsourc": 78, "detectionst": 116, "detectionstatu": 78, "detectiontim": 124, "detectiontyp": 116, "detector": [15, 117], "detectorid": [15, 78], "determin": [1, 16, 30, 35, 36, 42, 43, 46, 67, 72, 78, 79, 86, 95, 99, 103, 105, 111, 119, 127, 130, 136, 138, 146, 148, 167, 168, 183, 187, 190], "determination_valu": 146, "determinationtyp": 78, "determinationvalu": 78, "determined_d": [60, 127], "deu": [86, 137], "dev": [43, 67, 72, 90, 108, 113, 152, 192], "dev2": 161, "dev_id": 43, "develop": [0, 1, 6, 11, 14, 26, 27, 30, 44, 45, 73, 78, 83, 90, 105, 111, 112, 120, 123, 136, 143, 148, 154, 159, 162], "devic": [8, 24, 25, 59, 78, 79, 84, 88, 89, 97, 98, 107, 111, 113, 116, 117, 133, 137, 192], "device_class": 43, "device_count": [18, 104], "device_descript": 35, "device_dis": 18, "device_dt": 69, "device_dt_nam": 35, "device_external_ip": 146, "device_group_id": 146, "device_hostnam": 130, "device_hostname_raw": 130, "device_id": [33, 35, 43, 69, 84, 137, 146], "device_installed_bi": 146, "device_internal_ip": 146, "device_ip": 59, "device_link": 137, "device_loc": 146, "device_meta_data_item_list": 146, "device_nam": [59, 146], "device_o": 146, "device_os_bit": 59, "device_os_nam": 59, "device_os_v": 59, "device_os_vers": 146, "device_owner_id": 146, "device_polici": [33, 146], "device_policy_id": 146, "device_row": 146, "device_search_result": 43, "device_sensor_vers": 146, "device_statu": [33, 146], "device_target_prior": 146, "device_target_valu": 146, "device_tim": 59, "device_timestamp": 146, "device_trajectori": 24, "device_typ": 84, "device_uem_id": 146, "device_url": [18, 43], "device_url_html": 43, "device_usernam": 146, "devicedefinit": 104, "devicednsnam": 78, "deviceeventclassid": 124, "devicegroupid": 69, "deviceid": [69, 78], "devicelabel": 35, "devicenam": 69, "deviceown": 69, "devices_id": 43, "devices_list": 69, "devices_output": 35, "devicesearch": 33, "devicesinpath": 8, "devicestatu": 69, "devicesw": 69, "devicetyp": 69, "devicevalu": 78, "devs_descript": 43, "devs_id": 43, "df": 187, "df0f": 10, "df25f540092e5bb962a1555998460f41": 117, "df3ory5lrvf": 187, "df_create_d": 183, "df_host": 183, "df_inc_id": 183, "df_org_id": 183, "dfe1832e02888422f48d6896dc8e8f73": 122, "dff2": 98, "dfsr": 108, "dfssvc": 108, "dga": 43, "dgzsfhcjv": 36, "dh5439": 150, "dhcp": [43, 104], "dhcp_decline_error": 43, "dhcp_error": 43, "dhcp_issu": 43, "dhcp_name": 43, "dhcp_restart_error": 43, "dhcpserver": 117, "di": 98, "diagnost": [51, 183], "diagram": 179, "dialinipaddress": 148, "dialog": [34, 106], "dict": [13, 18, 22, 25, 34, 36, 37, 43, 46, 53, 64, 72, 74, 77, 79, 91, 98, 102, 111, 116, 117, 129, 130, 131, 146, 150, 152, 155, 167, 182], "dict_el": 34, "dict_to_json_str": [36, 53, 59, 64, 119], "dictionari": [7, 8, 11, 13, 15, 18, 19, 20, 21, 24, 25, 32, 35, 36, 39, 41, 42, 43, 46, 48, 49, 51, 53, 59, 64, 65, 66, 67, 72, 74, 79, 80, 81, 82, 85, 86, 87, 88, 89, 90, 91, 92, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 148, 150, 152, 153, 154, 155, 167, 185, 186, 187, 188, 192], "did": [16, 18, 33, 35, 59, 87, 107, 116, 130, 146], "didier": 91, "didiersteven": 91, "didn": [57, 102, 179], "diego": 118, "differ": [4, 9, 11, 24, 27, 29, 33, 34, 36, 38, 43, 48, 49, 59, 64, 66, 67, 69, 77, 78, 80, 81, 83, 85, 86, 87, 88, 89, 90, 97, 99, 103, 106, 107, 109, 111, 113, 117, 119, 130, 133, 146, 159, 179, 180, 182, 183, 184, 190, 191], "differenti": 137, "dig": [85, 165], "digestfrequ": 113, "digicert": 144, "digicerttlsrsasha2562020ca1": 144, "digit": [38, 88, 111, 113, 120, 137, 155], "digitalcerif": 155, "digitalshadow": 37, "digitalsid": 72, "digitalside_it_hash": 72, "digitalside_it_url": 72, "digitalsignatur": [144, 188], "dioeav": 185, "dir": [41, 50, 85, 91], "direct": [15, 21, 24, 35, 36, 49, 50, 79, 80, 81, 88, 90, 102, 107, 113, 116, 117, 118, 124, 130, 131, 137, 138, 157, 168, 179, 183], "directconnect": 9, "direction_id": 117, "directions_link": 50, "directli": [21, 33, 36, 49, 76, 79, 86, 111, 120, 121, 130, 133, 148, 150, 152, 167, 184], "directori": [0, 3, 4, 11, 29, 30, 38, 43, 53, 66, 67, 68, 70, 76, 81, 84, 85, 90, 91, 95, 101, 115, 117, 128, 133, 135, 141, 143, 145, 146, 157, 160, 161, 162, 163, 166, 168, 178, 179, 192], "directory_id": 133, "dirti": [24, 74], "dirty_url": 24, "dirtyid": 89, "disabl": [11, 15, 18, 19, 23, 35, 36, 39, 46, 49, 55, 56, 64, 66, 67, 72, 74, 78, 80, 89, 90, 98, 99, 103, 106, 107, 108, 113, 114, 116, 117, 118, 119, 124, 125, 129, 130, 131, 133, 146, 152, 153, 162, 168, 182, 184, 188, 190, 191, 192], "disable_abac": 49, "disable_correl": 81, "disable_local_auth": 19, "disable_not": 114, "disable_onc": 117, "disablelocalauth": 19, "disablelocalauth_account": 19, "disapprov": 190, "discard": 111, "disclaim": 188, "disclosur": [57, 127, 185], "disconnect": 108, "disconnect_result": 116, "disconnection_lookup": 108, "disconnectionreason": 108, "discov": [15, 37, 43, 56, 117, 131, 133, 191], "discover_tim": 43, "discovercontentrootpath": 131, "discovered_d": [15, 35, 43, 49, 60, 64, 66, 78, 80, 90, 106, 107, 113, 127, 130, 131, 133, 137, 146, 152, 183], "discoveri": [15, 43, 78, 79, 103, 117], "discovermillissincefirstseen": 131, "discovernam": 131, "discoverrepositoryloc": 131, "discoverscanid": 131, "discoverscanstartd": 131, "discoverserv": 131, "discovertargetid": 131, "discovertargetnam": 131, "discoverurl": 131, "discovery_id": 43, "discrep": 21, "discret": 157, "discuss": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 43, 46, 47, 49, 51, 53, 59, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 84, 85, 87, 88, 89, 90, 91, 92, 93, 94, 96, 98, 99, 102, 103, 104, 106, 107, 108, 110, 113, 114, 116, 117, 122, 124, 125, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155], "disk": [78, 146], "diskdriv": 117, "dismiss": [131, 146], "dispatch": 136, "displai": [3, 4, 8, 10, 12, 13, 15, 16, 18, 25, 29, 30, 35, 41, 42, 43, 46, 49, 52, 61, 68, 69, 72, 79, 88, 91, 95, 96, 99, 100, 101, 103, 104, 106, 107, 109, 113, 114, 115, 116, 117, 121, 123, 125, 126, 128, 130, 131, 132, 133, 137, 141, 143, 146, 157, 161, 168, 183, 189, 192], "display_color": 116, "display_cont": 150, "display_intern": 96, "display_nam": [43, 49, 60, 98, 108, 109, 119, 125, 127, 130], "display_str": [82, 186], "displaynam": [42, 64, 67, 130, 133, 173], "displayord": 131, "displayvalu": 79, "dispos": [14, 96, 113], "disposit": [24, 107, 111], "disposition_map": 107, "disregard": 111, "dist": [4, 73, 112, 177, 192], "distinct": [72, 119, 167], "distinct_search": 166, "distinguish": [67, 102, 119], "distinguishednam": 67, "distribut": [4, 11, 14, 18, 26, 44, 57, 73, 81, 83, 97, 100, 105, 112, 134, 150, 162], "div": [13, 18, 21, 25, 41, 43, 46, 64, 79, 85, 91, 106, 107, 108, 109, 116, 120, 124, 127, 130, 131, 144, 146, 150, 152, 189], "div_ld2": 27, "div_ld2_1": 27, "div_ld2_2": 27, "div_ld3": 27, "diverse_behavior": 56, "divid": [111, 191], "divis": 113, "divtagdefaultwrapp": 41, "divya": 150, "djee5vzfsos1xar6gn_s1a": 146, "dji": 137, "djibouti": 137, "djl": 124, "djxekiebhfwfcofngy18": 39, "dk0o3rwejtcxhletfg2f": 98, "dk0tzjrwtmzlapw4": 77, "dkim": [40, 91], "dkr": 1, "dll": 108, "dllhost": 108, "dlllist": 85, "dlp": [117, 127, 156], "dlp_create_case_templ": 131, "dm6pr08mb6060": 42, "dma": 137, "dmarc": 91, "dn": [8, 9, 13, 15, 18, 24, 25, 27, 33, 35, 38, 41, 43, 49, 55, 56, 62, 65, 67, 72, 74, 78, 81, 83, 85, 89, 92, 98, 102, 104, 105, 106, 108, 117, 124, 129, 130, 134, 144, 149, 150, 155, 156, 159, 160, 168, 173, 187, 188, 192], "dnk": 137, "dns64": 188, "dns8": [144, 188], "dns_and_host_appl": 117, "dns_and_host_blacklistrul": 117, "dns_block": 15, "dns_brute_forc": 43, "dns_domain_nam": 15, "dns_error": 43, "dns_internal_reverse_lookup_scan": 43, "dns_issu": 43, "dns_lookup_failur": 43, "dns_name": [43, 140], "dns_rebind": 43, "dns_record": 13, "dns_request_timeout": 43, "dns_rr_histori": 27, "dns_timeout": 43, "dns_tunnel": 43, "dns_zone": 150, "dns_zone_transf": 43, "dnsend": 187, "dnshostfil": 117, "dnsserver": [35, 117], "dnsstart": 187, "do": [4, 9, 33, 34, 38, 43, 47, 48, 56, 64, 67, 80, 81, 85, 88, 98, 111, 117, 119, 121, 125, 131, 133, 137, 142, 148, 176, 178, 179, 180, 181, 182, 183, 184, 186, 187, 192], "do7lscfih4jh5ttv74mo4xm99awxoxdl8": 98, "dob": 96, "doc": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 31, 32, 35, 36, 39, 41, 42, 43, 44, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167, 168, 179, 181, 183, 185, 187, 188, 192], "doc_typ": 39, "docgen": [82, 110, 155, 168], "docker": [1, 4, 30, 135], "docker_approved_imag": 38, "docker_artifact_typ": 38, "docker_artifact_valu": 38, "docker_attachment_nam": 38, "docker_container_id": 38, "docker_extra_": 38, "docker_imag": 38, "docker_input": 38, "docker_integration_invoc": 38, "docker_link": 38, "docker_oper": 38, "docker_remote_url": 38, "docker_timestamp": 38, "docker_use_remote_conn": 38, "dockerfil": [3, 11, 30, 86], "dockerhub": 38, "dockeris": 38, "document": [1, 2, 4, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 33, 35, 36, 38, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 55, 58, 59, 60, 64, 65, 66, 67, 72, 73, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 135, 136, 137, 139, 144, 146, 147, 148, 150, 152, 153, 154, 155, 156, 157, 162, 165, 167, 178, 179, 180, 181, 182, 183, 185, 187, 188, 192], "document_guid": 146, "document_id": [39, 180], "documentformat": 131, "documenturl": 187, "docx": 47, "doe": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 24, 25, 28, 30, 31, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 48, 51, 53, 55, 59, 60, 61, 64, 65, 66, 67, 72, 74, 76, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 143, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167, 176, 181, 182, 192], "doesn": [79, 80, 111, 113, 117, 164, 179], "doh": 43, "dom": [137, 142, 144, 187], "domain": [7, 8, 9, 13, 14, 15, 21, 24, 26, 27, 29, 33, 37, 41, 42, 43, 49, 55, 57, 67, 72, 74, 78, 81, 82, 83, 88, 89, 94, 96, 102, 103, 108, 110, 113, 116, 128, 129, 133, 134, 142, 144, 149, 155, 160, 167, 173, 174, 185, 187, 188], "domain1": 67, "domain2": 67, "domain_blacklist": 13, "domain_cont": 117, "domain_control": 130, "domain_detail": 149, "domain_details_kei": 149, "domain_details_valu": 149, "domain_front": 43, "domain_generation_algorithm": 43, "domain_generation_algorithm_resolv": 43, "domain_generation_algorithm_unresolv": 43, "domain_id": [104, 117], "domain_nam": [85, 117], "domain_trust_enumer": 43, "domain_trusts_enumer": 43, "domainallowlist": 191, "domainid": 117, "domainnam": [74, 78, 79, 102, 117], "domainorworkgroup": 117, "domainregistereddatetim": 79, "domainstat": 187, "domcontenteventfir": 187, "domid_exist": 117, "dominica": 137, "dominican": 137, "domurl": 187, "don": [82, 102, 107, 111, 117, 119, 186], "done": [38, 55, 56, 64, 72, 77, 85, 111, 179, 182, 191], "dont": 59, "dot_param": 43, "doubl": [60, 80, 85, 104, 120, 125, 127, 182], "doublepulsar": 43, "doublepulsar_rdp_impl": 43, "doublepulsar_rdp_scan": 43, "doublepulsar_smb_impl": 43, "doublepulsar_smb_scan": 43, "dovecot": 7, "down": [1, 16, 24, 32, 56, 76, 109, 117, 121, 179, 183], "download": [9, 10, 11, 12, 16, 24, 29, 30, 34, 37, 38, 43, 45, 46, 52, 55, 56, 61, 68, 71, 78, 85, 86, 95, 100, 101, 103, 108, 115, 117, 118, 123, 126, 128, 132, 138, 141, 142, 143, 145, 146, 157, 159, 161, 167, 170, 180, 185, 186, 187, 188, 192], "downloads_url": 46, "downstream": [11, 152, 181], "dpendin": 167, "dpi": [102, 186], "dpuc8zkgcpgf4": 98, "dpznzwvss5jkox57cjlzx0xb7rn4mkifoni9": 98, "dqdrvmtxco55u49ac1w0tauas9y1g0nsox7iwx5qpxz2vy21sdz4s47t0i0dsbwl2zvo1roa31lv7manpgfjh": 98, "dr": [144, 188], "draft": [19, 41, 46, 60, 97, 98, 120, 127, 153], "drag": [25, 33, 34, 36, 37, 38, 43, 56, 75, 99, 113, 114, 115, 117, 121, 192], "dridex": 154, "drive": [18, 85], "driver": [43, 108, 182, 183, 192], "drop": [8, 16, 24, 32, 43, 56, 58, 59, 103], "dropdown": [21, 24, 43, 117, 192], "dropper": 122, "drtpval4ipn5p56hqgl": 98, "drupal": 43, "drweb": 122, "ds_api_kei": 37, "ds_api_secret": 37, "ds_base_url": 37, "ds_datatable_api_nam": 37, "ds_link": 37, "ds_search_result": 37, "ds_search_valu": 37, "dsc": [19, 69], "dscmetaconfigur": 19, "dscorepropagationdata": 67, "dsl": 130, "dst": [43, 81, 106, 117, 173], "dst_folder": 41, "dstatzpy9ia": 42, "dstdevice_hostnam": 130, "dstdevice_hostname_raw": 130, "dt": [33, 43, 90, 106, 107, 146, 187], "dt_boolean_field": 36, "dt_col_nam": 36, "dt_col_name1": 36, "dt_col_name2": 36, "dt_col_name4": 36, "dt_col_namea": 36, "dt_col_nameb": 36, "dt_col_namec": 36, "dt_column_nam": 36, "dt_csv_data": 36, "dt_datable_nam": 36, "dt_date_time_format": 36, "dt_datetime_field": 36, "dt_has_head": 36, "dt_mapping_t": 36, "dt_max_row": 36, "dt_multi_select_field": 36, "dt_name_field": 36, "dt_now": [33, 80, 108, 116, 131], "dt_number_field": 36, "dt_relations_child_incid": 109, "dt_select_field": 36, "dt_start_row": 36, "dt_text_field": 36, "dt_utils_add_row": 36, "dt_utils_cells_to_upd": 36, "dt_utils_clear_datat": 36, "dt_utils_create_csv_t": 36, "dt_utils_datatable_api_nam": 36, "dt_utils_delete_all_row": 36, "dt_utils_delete_row": 36, "dt_utils_get_all_data_table_row": 36, "dt_utils_get_row": 36, "dt_utils_max_row": 36, "dt_utils_row_id": 36, "dt_utils_rows_id": 36, "dt_utils_search_column": 36, "dt_utils_search_valu": 36, "dt_utils_sort_bi": 36, "dt_utils_sort_direct": 36, "dt_utils_test_data_t": 36, "dtm": [60, 127], "dto": 76, "dtype": 111, "du": 187, "dublin": 41, "due": [38, 71, 74, 88, 97, 114, 126, 131, 182, 183], "due_dat": [60, 109, 113, 127], "dueat": 152, "duedat": [64, 74], "duedateunixtimeinm": 124, "dummi": [70, 90], "dummy_devic": 69, "dummy_fil": 35, "dummytestservic": 90, "dummytestservice2": 90, "dummytestservice3": 90, "dump": [8, 18, 19, 89, 90, 93, 103, 104, 107, 111, 113, 117, 119, 144, 146], "dunsnumb": 113, "dupe": 7, "duplic": [43, 72, 74, 78, 80, 102, 104, 108, 114, 115, 124, 130, 131, 146, 167, 168, 180, 182, 183, 184, 192], "duplicate_cleanup": 146, "durat": [24, 148], "durationsecond": 37, "dure": [38, 73, 78, 90, 111, 117, 118, 146, 168, 180, 181, 183, 184], "during_support_hour": 90, "dutch": [137, 147], "dwm": 108, "dwmwdqyjkozihvcnaqelbqadggebaksulwf6bi": 85, "dwp_srid": 21, "dwp_srinstanceid": 21, "dx": 59, "dxl": [77, 172], "dxlclient": [76, 77], "dxlclient_config": [76, 77], "dylan": 91, "dynam": [72, 85, 112, 116, 143], "dyndn": 72, "dyndns_ponmocup": 72, "dyrmqrnmbtigrbxdgrju98r936mbk98vwikvlj1": 98, "dza": 137, "e": [0, 1, 4, 14, 21, 23, 24, 26, 32, 34, 35, 36, 38, 40, 43, 44, 53, 57, 60, 64, 65, 66, 72, 73, 80, 81, 83, 86, 88, 96, 102, 105, 111, 113, 117, 120, 127, 129, 130, 133, 135, 138, 147, 152, 155, 159, 162, 168, 179, 182, 184, 192], "e026": 19, "e053": 59, "e0c553a8": 106, "e0f67b258a2c9d926fc8282f5c2a8c39": 187, "e1234567890": 99, "e1abb618": 74, "e232f5ca092e5bb9101039267c0e0589": 117, "e2b3b5adbdbc": 109, "e2e5": 127, "e2fa5296f88a0c4ad37e4f4652c221db": 153, "e30f6208092e5bb96c448a07ba9c4a95": 117, "e345e07a": 78, "e35c5a28": 152, "e3cd": 116, "e3f78964092e5bb92fe6b57ec76e8c07": 117, "e4": 69, "e4463fba": 107, "e4767f763c59": 126, "e4ac4548eeebdba19817b5c47322f0c95a17a9ef6af4099088d6e552f34038d9": 117, "e4f8e6f8469": 133, "e530": 80, "e5868c93": 127, "e5b1": 98, "e5e6": 117, "e5e684a6092e5bb90f46e84bb6f35bbc": 117, "e644fdd8": 152, "e65d": 78, "e65e112aa417": 137, "e6aozt2vmh3fd": 98, "e6ca81c7a869": 124, "e6e0b5e2170a": 78, "e6gah": 153, "e715": [102, 186], "e764f25c092e5bb90ff2a93e70d04a8c": 117, "e773a9eb": 24, "e7e47214092e5bb92ab2b3a0e2776740": 117, "e7h0m9zbc3op": 98, "e819": 19, "e8a1e8478c717a9cb724c8f1d05424976bab35af": 0, "e8aaa0qx": 42, "e8aaa0ucmsaaa": 42, "e8aaa0ucmtaaa": 42, "e8aaa0uetzaaa": 42, "e8aaa0ugb5aaa": 42, "e8aaaaaaejaadi5xky9khuq48uewaxv": 42, "e8aaaaaaekaadi5xky9khuq48uewaxv": 42, "e8aaaaaaemaadi5xky9khuq48uewaxv": 42, "e8aaaaaaenaadi5xky9khuq48uewaxv": 42, "e8aaaaaaetaadi5xky9khuq48uewaxv": 42, "e8aaab4l2o": 42, "e8aaab6qy8aaa": 42, "e8aaapet0k": 42, "e8aaapet0u": 42, "e8aaapett4": 42, "e8aaapett8": 42, "e8aaapetu": 42, "e8aaapetua": 42, "e8aaapetui": 42, "e8aaapetum": 42, "e8aaapetvn": 42, "e8aaapetyz": 42, "e8aaapetzf": 42, "e8aaapetzi": 42, "e8aaapggugaaa": 42, "e8aaapgguhaaa": 42, "e8aaapgk_jaaa": 42, "e8aaapgk_kaaa": 42, "e8aaapgk_laaa": 42, "e8aaapgk_maaa": 42, "e8aaapgk_naaa": 42, "e8aaapgk_oaaa": 42, "e8aaapgmcoaaa": 42, "e8aaapgmcpaaa": 42, "e8aaapgmcqaaa": 42, "e8aaapgmcraaa": 42, "e8aaapgtroaaa": 42, "e8aaavkuf9": 42, "e8aaavkuff": 42, "e8aaavkufh": 42, "e8aaavkugd": 42, "e8aaavkugu": 42, "e8aaavkuh7": 42, "e8aaavkuhc": 42, "e8aaavkuhn": 42, "e8aaavkuia": 42, "e8aaavnld2aaa": 42, "e8aaavnld3aaa": 42, "e8aaavnld4aaa": 42, "e8aaavnld5aaa": 42, "e8aaavnld6aaa": 42, "e8aaavnlomaaa": 42, "e8aaavnlonaaa": 42, "e8aaavnlooaaa": 42, "e8aaavnlopaaa": 42, "e8aaavnloqaaa": 42, "e8ecf": 98, "e9120574be8c45e1a92d1a0d34199b56": 90, "e9a5b16c2c36044270784bef3bf89a13": 187, "e9feb9c7092e5bb97e3f195bf7613f08": 117, "e_result": 88, "ea": 96, "ea24520ef3d7": 24, "ea97227d34b8526055a543ade7d18587a927f6a3": 24, "eaa3aef168e8aeadfb606bf2637c21f": 137, "each": [1, 3, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29, 30, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 44, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 64, 65, 66, 67, 68, 69, 72, 73, 74, 76, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 95, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 122, 123, 124, 125, 126, 128, 129, 130, 131, 132, 133, 136, 137, 138, 139, 141, 143, 144, 147, 148, 150, 152, 153, 154, 155, 156, 157, 160, 161, 167, 168, 178, 179, 180, 181, 182, 183, 184, 185, 189, 190, 191], "each_attribut": 96, "each_ent": 72, "each_item": [72, 167], "each_kei": 72, "each_sect": 72, "each_tag": 167, "ead641b3092e5bb932821f06f1df3bc0": 117, "ead9": 106, "eapol": 117, "earli": [117, 153], "earlier": 78, "eas": [142, 179], "easeu": 78, "easi": [4, 64, 68, 81, 111, 137], "easier": [111, 192], "easiest": [38, 113, 126], "easili": [4, 85, 111, 112, 114, 143, 182, 186], "east": [1, 15, 17, 19, 152], "eastern": 42, "eastu": 19, "eb3e11de3c9cefc2d9d70972350e2b28": 96, "eb55": 102, "eb82": 59, "eb976a7f": 76, "ebb4bywjrhwrpig2suj6z1xssirlvtuapraukv1ovtd5xnw7rw0t0yncjjkklx": 98, "ebc3a5ead531": 152, "ebt": 187, "ec": [39, 103, 104, 186], "ec2": [15, 103, 152], "ec7cf59f092e5bb954b29f87d815c7ac": 117, "ec_file_hash": 103, "ec_file_path": 103, "ec_filenam": 103, "ec_imp_hash": 103, "ec_md5_hash": 103, "ec_parentcommandlin": 103, "ec_process_commandlin": 103, "ec_sha1_hash": 103, "ec_sha256_hash": 103, "ecb2": 124, "ecbe47f05d3b47788529c89050c1bf56": 129, "ecc": [43, 91], "ecc0": 72, "ecd7cdcd092e5bb93de49de84e475bfa": 117, "echo": [11, 111], "ecr": 1, "ecu": 137, "ecuador": 137, "ed": 113, "eda45dbc": 80, "edar": 131, "edc6aa8fa3f211cfad7c12a0ba5b32f4": 96, "edg": [8, 11, 13, 15, 16, 18, 19, 21, 24, 25, 32, 35, 41, 42, 46, 64, 65, 66, 67, 72, 74, 78, 79, 80, 81, 82, 85, 88, 89, 91, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 116, 117, 124, 130, 131, 137, 144, 146, 150, 152, 153, 155, 167], "edgarjohnson": 78, "edit": [1, 4, 10, 11, 12, 14, 16, 18, 19, 20, 25, 29, 30, 34, 35, 36, 42, 43, 44, 45, 49, 52, 55, 56, 60, 63, 64, 66, 67, 71, 73, 74, 75, 78, 79, 80, 81, 83, 85, 87, 88, 90, 91, 95, 97, 98, 100, 101, 103, 104, 106, 107, 109, 112, 113, 115, 116, 117, 120, 121, 123, 126, 128, 129, 130, 131, 132, 135, 137, 138, 140, 141, 142, 143, 144, 145, 146, 152, 155, 161, 168, 172, 174, 175, 176, 178, 180, 181, 182, 183, 184, 190, 191, 192], "edit_address": 89, "edit_addresses_result": 89, "edit_groups_result": 89, "edit_users_result": 89, "editableincidentdetail": 131, "editmeta": 64, "editor": [120, 168, 192], "editortyp": 153, "editparamet": 103, "edm": 103, "edm_global_set": 103, "ednpoint": 117, "edr": 156, "edrstatu": 117, "edu": [72, 144, 167], "educ": [72, 96], "educateurl": 78, "ee": [43, 108], "ee616124": 19, "ee70ea8c": 98, "eee": 80, "eeeee222": 107, "eeeeeeee": 107, "eeeeeeeee": 107, "eeeeeeeeee": 107, "eeeeeeeeeeee": 107, "ef": 16, "ef1dsgb6d": 98, "ef3159b9092e5bb94cdfce3db8806921": 117, "ef333f34092e5bb96fbac8682039fa34": 117, "ef44473e1b4d09103351ca2b234bcbc6": 119, "ef8a52755cab287bdc95ade169daffb3": 187, "efe4db52": 19, "effect": [15, 102, 148, 152, 182, 183, 191], "effective_permiss": 15, "effectivesubscriptionid": 80, "effici": 53, "effort": [11, 49, 111], "egi": 137, "egypt": 137, "eh": 20, "ei": 187, "eicar": 28, "either": [8, 13, 15, 18, 19, 21, 25, 30, 36, 38, 41, 43, 46, 47, 49, 53, 57, 58, 64, 67, 72, 73, 77, 78, 79, 80, 86, 88, 91, 97, 98, 103, 104, 106, 108, 111, 116, 117, 118, 119, 120, 121, 126, 129, 130, 131, 132, 133, 137, 146, 148, 150, 153, 157, 167, 168, 178, 182, 183, 184, 185, 189, 191], "ek": 152, "el": [96, 137, 147, 187], "el7": [54, 85, 116], "elamonoff": 117, "elaps": [85, 88, 111, 167, 168], "elapsed_tim": [13, 98], "elast": [39, 180], "elastic_fe": 180, "elasticsearch": [156, 179, 181, 183, 184], "elasticsearch_password": 39, "elasticsearch_url": 39, "elasticsearch_usernam": 39, "element": [13, 18, 25, 30, 46, 56, 72, 79, 91, 98, 104, 116, 125, 130, 131, 146, 152, 183, 187, 189], "element_id": 98, "element_nam": 98, "element_typ": [98, 104], "element_valu": 98, "elementtre": 167, "elementtyp": 124, "eliast": 180, "elif": [13, 15, 16, 18, 19, 20, 21, 24, 25, 28, 34, 35, 36, 43, 46, 53, 59, 64, 72, 76, 77, 78, 79, 82, 88, 89, 90, 91, 99, 102, 106, 107, 108, 110, 116, 117, 130, 131, 133, 137, 145, 146, 153, 155, 167, 186, 188], "elimin": 72, "els": [7, 8, 10, 11, 13, 15, 16, 18, 19, 20, 21, 24, 25, 28, 31, 32, 33, 34, 35, 36, 37, 38, 41, 43, 46, 47, 49, 51, 53, 54, 55, 57, 59, 60, 63, 64, 66, 67, 69, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 88, 89, 90, 91, 92, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 137, 138, 139, 140, 144, 145, 146, 148, 149, 150, 151, 152, 154, 155, 159, 163, 167, 179, 182, 185, 186, 187, 188, 192], "em": [37, 57, 185, 187], "email": [7, 12, 13, 14, 18, 22, 25, 31, 32, 37, 42, 43, 46, 57, 60, 64, 67, 69, 70, 72, 74, 78, 80, 81, 85, 90, 96, 98, 99, 100, 102, 103, 104, 107, 113, 115, 117, 119, 121, 125, 127, 129, 131, 133, 134, 144, 146, 148, 150, 153, 156, 157, 161, 163, 173, 183, 185, 188, 192], "email2": 88, "email_address": [41, 42, 46, 57, 67, 185], "email_alert": 117, "email_approv": 190, "email_approval_cc": 190, "email_approval_detail": 190, "email_approval_expir": 190, "email_approval_import": 190, "email_approval_to": 190, "email_cont": 137, "email_contents_json": 137, "email_convers": [88, 137, 191], "email_error": 43, "email_field_pres": 13, "email_header_validation_target_email": 40, "email_header_validation_using_dkimarc": 40, "email_host": 22, "email_id": 41, "email_intel": 129, "email_issu": 43, "email_list": 42, "email_mailbox_unavailable_error": 43, "email_message_id": [88, 137, 191], "email_nicknam": 22, "email_pars": 91, "email_password": 22, "email_port": 22, "email_provid": 96, "email_recipient__c": 113, "email_result": 42, "email_sender__c": 113, "email_service_unavailable_error": 43, "email_statu": 41, "email_usernam": 22, "emailaddress": [42, 64, 69], "emailapprovalcontactpack": 190, "emailapprovalcontentpack": 190, "emailbouncedd": 113, "emailbouncedreason": 113, "emailcont": [102, 191], "emailcount": [57, 185], "emailencodingkei": 113, "emailmessag": [117, 137, 191], "emailpreferencesautobcc": 113, "emailpreferencesautobccstayintouch": 113, "emailpreferencesstayintouchremind": 113, "emailprocessor": 137, "emailprotect": 88, "emailrol": 79, "eman": 150, "embed": [13, 16, 18, 25, 36, 46, 79, 85, 91, 116, 125, 130, 131, 146, 190], "embeddedfil": 91, "emergingthreat": [144, 188], "emir": 137, "eml": [42, 91], "eml_addr": 91, "eml_body_cont": 91, "eml_head": 91, "eml_subject": 91, "empir": 43, "empire_c2_http": 43, "empire_c2_tl": 43, "emploi": [72, 111, 167, 191], "employe": [21, 57, 131, 185], "employee_involv": [60, 127], "employeenumb": [113, 117], "employeestatu": 117, "empti": [8, 16, 24, 34, 41, 43, 46, 49, 60, 64, 66, 69, 72, 91, 97, 103, 111, 117, 124, 125, 127, 129, 138, 180, 183, 184, 186], "empty_query_max": 103, "empty_query_skip_typ": 103, "empty_query_wait_sec": 103, "emsisoft": [144, 188], "emsp": 43, "en": [39, 64, 66, 80, 91, 96, 117, 133, 135, 147, 159, 182, 185], "en9h4xveq678opf": 98, "en_u": [35, 96, 113], "enabl": [4, 8, 11, 15, 16, 18, 19, 21, 24, 25, 30, 35, 36, 38, 39, 41, 42, 43, 46, 55, 56, 59, 60, 64, 65, 66, 67, 69, 72, 74, 78, 80, 81, 82, 85, 88, 89, 90, 91, 97, 98, 99, 100, 102, 103, 104, 106, 107, 108, 111, 113, 114, 116, 117, 118, 119, 120, 121, 125, 126, 127, 130, 131, 144, 146, 148, 152, 153, 155, 157, 159, 167, 168, 183, 184, 186, 188, 190, 191, 192], "enable_add_attachment_valu": 41, "enable_email_convers": 88, "enable_firewall_auth": [55, 56], "enable_team": 133, "enable_write_to_datat": 41, "enablealarmact": 15, "enabled": 16, "enabled_filt": 16, "enabledchat": 148, "enabledt": 43, "enclos": [30, 106, 111, 113, 146], "encod": [36, 41, 46, 58, 60, 85, 88, 91, 98, 108, 111, 127, 133, 142, 146, 151, 167, 180, 181, 187], "encodeddatalength": 187, "encodeds": 187, "encount": [72, 87, 190], "encrypt": [0, 15, 18, 19, 43, 69, 91, 111, 168], "encryptedappl": 116, "encrypteddevicepassword": 117, "encryption_statu": 18, "encryption_typ": 15, "encryptionstatu": 69, "end": [4, 11, 15, 16, 25, 30, 31, 33, 34, 35, 36, 41, 42, 43, 46, 56, 66, 67, 68, 74, 78, 79, 81, 85, 87, 88, 89, 90, 91, 96, 98, 99, 103, 104, 108, 111, 114, 117, 118, 124, 125, 129, 133, 136, 137, 144, 148, 153, 168, 183, 190, 192], "end_address": 150, "end_dat": [43, 60, 98, 127, 136], "end_filt": 79, "end_po": [82, 186], "end_t": 79, "end_tim": [41, 43, 90], "endev": 98, "endfor": [49, 64, 78, 80, 88, 131], "endif": [35, 43, 49, 64, 78, 80, 88, 90, 106, 107, 113, 130, 131, 146], "endmacro": 88, "endobj": 91, "endpoint": [0, 13, 19, 20, 21, 33, 35, 42, 63, 64, 65, 78, 79, 88, 90, 98, 106, 107, 113, 115, 116, 119, 121, 124, 127, 128, 130, 136, 137, 146, 148, 152, 154, 156, 162, 167, 168], "endpoint_3": 98, "endpoint_3_di": 98, "endpoint_hit": 20, "endpoint_nam": 108, "endpoint_notif": 117, "endpoint_notification_ask_messag": 117, "endpoint_notification_messag": 117, "endpoint_quarantine_statu": 117, "endpoint_url": [18, 106, 152], "endpointconnectionstatu": 131, "endpointid": 108, "endpointmachineipaddress": 131, "endpoints_matching_id": 117, "endpointst": 108, "endpointvers": 108, "ends_with": 106, "endstream": 91, "endswith": [59, 155], "endtim": [19, 35, 124], "endtimeutc": 80, "endtoendlat": 91, "enforc": [79, 117, 131, 150, 156, 191], "enforced_rul": 117, "enforcement_id": 18, "enforcement_level": 46, "enforcement_nam": 18, "eng": [64, 86, 91], "engag": 188, "engin": [11, 13, 18, 49, 104, 116, 117, 133, 137, 187, 192], "engine_id": 39, "engine_nam": [144, 188], "engineering2": 133, "engineeringreqnumber__c": 113, "engineeringteam": 133, "enginestot": 187, "english": [86, 147], "enhanc": [11, 15, 25, 35, 36, 42, 43, 46, 66, 67, 74, 78, 80, 81, 89, 90, 91, 99, 104, 109, 111, 114, 117, 118, 125, 129, 133, 144, 153, 156, 183], "enough": [86, 119, 191], "enqueu": 89, "enrich": [13, 18, 43, 55, 56, 59, 62, 72, 75, 78, 92, 96, 99, 102, 103, 117, 128, 130, 141, 146, 149, 150, 152, 153, 155, 159, 167, 186], "enriched_event_typ": 146, "enrol": 69, "ensembl": 70, "ensp": 34, "ensur": [1, 5, 10, 11, 13, 16, 18, 24, 25, 30, 38, 43, 46, 49, 53, 64, 72, 73, 79, 88, 91, 110, 111, 116, 117, 118, 120, 129, 130, 131, 146, 155, 157, 167, 178, 180, 181, 182, 183, 184, 185, 186, 187, 188, 190], "ensureoffens": 103, "ent": [43, 78, 80], "ent_trust_level": 77, "enter": [10, 21, 24, 28, 30, 31, 33, 34, 37, 38, 41, 42, 56, 64, 67, 70, 76, 82, 87, 89, 99, 104, 113, 115, 119, 120, 130, 133, 152, 157, 184, 190, 192], "enterpris": [4, 11, 43, 46, 64, 67, 69, 74, 77, 80, 87, 89, 98, 103, 104, 113, 114, 117, 129, 130, 131, 133, 184], "entir": [8, 80, 87, 99, 109, 111, 126, 148], "entiti": [33, 35, 37, 42, 78, 79, 98, 106, 109, 133, 139, 150, 152], "entities_result": 80, "entitlementview": 74, "entity_id": [80, 124], "entity_list": 124, "entity_properti": 80, "entity_typ": [80, 124, 130], "entity_url": [106, 107, 113, 130, 152], "entity_valu": [80, 130], "entitycard": 124, "entityid": 64, "entityidentifi": 124, "entitymap": 153, "entityrang": 153, "entitysnapshot": 152, "entitysummari": 37, "entitytyp": [78, 124, 130], "entri": [4, 20, 21, 30, 33, 34, 36, 37, 38, 42, 53, 59, 64, 67, 68, 72, 77, 80, 87, 88, 89, 96, 104, 110, 114, 120, 122, 129, 138, 155, 160, 167, 183, 191, 192], "entrop": 122, "entry1_attribute2": 160, "entry1_attribute3": 160, "entry1_dn1_valu": 160, "entry2_attribute2": 160, "entry2_attribute3": 160, "entry2_dn2_valu": 160, "entry_to_datatable_map": [34, 67], "entrypoint": 38, "enumer": [43, 72, 106, 167], "env": 11, "env_3": 3, "environ": [0, 1, 2, 3, 4, 33, 76, 138, 168, 172, 178, 180, 181, 182, 183, 184, 189, 190, 191], "environment2": 124, "environment_keys_pub": 0, "environment_keys_sec": 0, "envvar": 11, "eo": 147, "eoc": 98, "eopattributedmessag": 91, "ep": 90, "ephemeral_id": 39, "epmp": 59, "epo": [76, 77, 156, 172], "epo1": 76, "epo_adapt": 18, "epo_admin": 74, "epo_agent_guid": 74, "epo_allow_dupl": 74, "epo_allowed_ip": 74, "epo_delet": 74, "epo_delete_if_remov": 74, "epo_email": 74, "epo_flatten_tree_structur": 74, "epo_full_nam": 74, "epo_group_id": 74, "epo_id": 74, "epo_issue_assigne": 74, "epo_issue_descript": 74, "epo_issue_du": 74, "epo_issue_nam": 74, "epo_issue_prior": 74, "epo_issue_properti": 74, "epo_issue_resolut": 74, "epo_issue_sever": 74, "epo_issue_st": 74, "epo_issue_typ": 74, "epo_last_commun": 74, "epo_new_usernam": 74, "epo_not": 74, "epo_operating_system": 74, "epo_password": 74, "epo_phone_numb": 74, "epo_policy_id": 74, "epo_policy_type_id": 74, "epo_product_id": 74, "epo_push_ag": 74, "epo_push_agent_domain_nam": 74, "epo_push_agent_force_instal": 74, "epo_push_agent_install_path": 74, "epo_push_agent_package_path": 74, "epo_push_agent_password": 74, "epo_push_agent_skip_if_instal": 74, "epo_push_agent_suppress_ui": 74, "epo_push_agent_user_nam": 74, "epo_subject_dn": 74, "epo_system": 74, "epo_system_nam": 74, "epo_system_names_or_id": 74, "epo_tag": 74, "epo_ticket_id": 74, "epo_ticket_server_nam": 74, "epo_trust_cert": 74, "epo_uninstall_remov": 74, "epo_url": 74, "epo_user_dis": 74, "epo_user_password": 74, "epo_usernam": 74, "epo_windows_domain": 74, "epo_windows_usernam": 74, "epoagentmeta": 74, "epoassignedpolici": 74, "epobranchnod": 74, "epoch": [27, 36, 43, 60, 66, 85, 106, 127, 136, 168, 183], "epoch_now": 43, "epoch_tim": 79, "epochconvert": 183, "epocomputerproperti": 74, "epoleafnod": 74, "epp": [144, 188], "epsspercentil": 152, "epssprob": 152, "epsssever": 152, "epyc": 116, "eq": 79, "equal": [13, 15, 16, 18, 19, 24, 25, 33, 54, 60, 64, 67, 72, 80, 89, 91, 98, 102, 103, 106, 107, 108, 110, 113, 116, 117, 119, 127, 130, 131, 136, 137, 146, 155, 167, 168], "equat": 119, "equatori": 137, "equip": 113, "equiv": [41, 42], "equival": [43, 85, 182], "erad": [115, 120], "eri": 137, "eritrea": 137, "err": [13, 18, 25, 46, 55, 79, 91, 116, 130, 131, 137, 146, 183], "err_msg_ascii": 16, "err_msg_valid": 16, "errmsg": 120, "error": [10, 12, 13, 15, 16, 18, 19, 24, 25, 28, 29, 30, 33, 35, 36, 38, 42, 43, 52, 55, 56, 60, 61, 63, 64, 68, 69, 71, 72, 73, 77, 78, 79, 81, 85, 87, 90, 91, 95, 99, 100, 101, 102, 104, 106, 107, 108, 111, 113, 114, 115, 116, 117, 120, 121, 123, 124, 127, 128, 130, 132, 137, 141, 142, 143, 144, 146, 155, 161, 162, 179, 180, 181, 183, 184, 191, 192], "error_cod": 155, "error_messag": 138, "error_outli": 56, "error_tag": 35, "errorcod": [108, 117, 124], "errorhresult": 78, "errormessag": [117, 124], "es7q": 98, "es_auth_password": 39, "es_auth_usernam": 39, "es_cafil": 39, "es_datastore_schem": 39, "es_datastore_url": 39, "es_doc_typ": 39, "es_index": 39, "es_queri": 39, "es_use_http": 39, "es_verify_cert": 39, "es_veryify_cert": 39, "esamtrad": [111, 167], "esc_valu": 110, "escal": [23, 35, 49, 59, 75, 80, 90, 103, 106, 107, 108, 113, 115, 116, 121, 130, 131, 146, 152, 161, 186], "escalation_interv": 23, "escalation_polici": 90, "escalation_policy_refer": 90, "escalation_queri": 23, "escap": [43, 80, 85, 113, 125, 143], "eset": [122, 144, 188], "esh": 137, "esixa4962hljmlj": 98, "esm": [117, 156], "esm_password": 75, "esm_polling_interv": 75, "esm_url": 75, "esm_usernam": 75, "esn": 97, "esp": 137, "especi": [35, 49, 64, 90, 107, 113, 130, 146, 152], "esperanto": 147, "est": 137, "establish": [38, 59, 78, 85, 87, 109, 133, 137, 148], "estim": 21, "estimated_queri": 13, "estonia": 137, "estonian": 147, "estsecur": [144, 188], "esx_host_nam": 146, "esx_host_uuid": 146, "esxi": 43, "et": [147, 167, 187], "etag": [19, 42, 46, 80, 111, 133, 187], "etc": [4, 9, 11, 12, 13, 18, 19, 25, 37, 41, 43, 55, 64, 67, 74, 76, 79, 81, 83, 85, 86, 91, 97, 111, 114, 116, 117, 124, 130, 142, 146, 163, 178, 179, 180, 181, 182, 183, 184, 190, 191], "eternalblu": 43, "eternalblue_exploit": 43, "eth": 137, "eth0": 116, "eth1": 116, "ether": 43, "ether_type_id": 117, "ethernet": 78, "ethiopia": 137, "ethnic": 96, "etre": 167, "etw": 108, "etweventdescript": 108, "etwipaddress": 108, "etwipport": 108, "etwtargetdomainnam": 108, "etwtargetusernam": 108, "etwworkstationnam": 108, "eu": [19, 107, 147], "eu1": 152, "eu2": 152, "eur2": 149, "eur5": 149, "europ": [21, 41, 187], "eustatiu": 137, "eval": 129, "even": [41, 72, 102, 103, 111, 114, 130, 152, 186], "event": [15, 21, 26, 39, 42, 46, 49, 55, 66, 75, 76, 77, 90, 98, 99, 114, 118, 124, 130, 137, 146, 150, 162, 184, 192], "event_attack_stag": 146, "event_count": [102, 103, 104, 186], "event_creator_email": 81, "event_d": 117, "event_descript": 146, "event_dt_nam": 35, "event_first_seen": 15, "event_host": 184, "event_id": [24, 59, 81, 117, 129, 130, 146], "event_last_seen": 15, "event_nam": 103, "event_received_at": 137, "event_sourc": 184, "event_source_typ": 184, "event_threat_scor": 146, "event_tim": [49, 103], "event_titl": 35, "event_transformer_api_inbound_integration_refer": 90, "event_typ": [24, 107, 146], "event_type_descript": 24, "event_type_id": 24, "event_type_nam": 24, "eventannot": 103, "eventcount": 103, "eventdatetim": [79, 117], "eventdescript": 37, "eventdetail": 133, "evented_at": 107, "eventfirstseen": 15, "eventid": [117, 124], "eventlastseen": 15, "eventnam": 124, "eventreport": 81, "events_actor": 150, "events_api_v2_inbound_integration_refer": 90, "events_url": 46, "eventtyp": [37, 108], "eventu": [88, 157], "everi": [0, 23, 33, 41, 59, 72, 87, 98, 114, 168, 179, 191], "everyth": [38, 71, 109], "evid": [78, 99, 117], "evidence_data": 107, "evidencecreationtim": 78, "evidenceid": 124, "evidencenam": 124, "evidencethumbnailbase64": 124, "ew": [66, 187], "ex": [3, 10, 13, 18, 24, 25, 36, 46, 53, 55, 56, 60, 66, 68, 77, 78, 79, 85, 88, 91, 103, 108, 114, 116, 117, 119, 122, 124, 127, 130, 131, 138, 146, 148, 180, 181, 182, 183, 184, 189], "exact": [69, 106, 111], "exampl": [0, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 39, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 100, 101, 102, 104, 105, 106, 107, 108, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 131, 132, 133, 134, 135, 136, 137, 139, 140, 141, 142, 143, 144, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 159, 161, 165, 167, 168, 169, 178, 179, 180, 181, 182, 183, 184, 188, 192], "example1": 69, "example2": 69, "example_apivoid_dns_lookup": 13, "example_apivoid_domain_reput": 13, "example_apivoid_email_verifi": 13, "example_apivoid_ip_reput": 13, "example_apivoid_ssl_info": 13, "example_apivoid_threatlog": 13, "example_apivoid_url_reput": 13, "example_calendar_invit": 22, "example_clamav_scan_artifact_attach": 28, "example_clamav_scan_attach": 28, "example_close_incid": 60, "example_create_incid": 60, "example_create_pastebin": 93, "example_create_webex_meet": 31, "example_create_zoom_meeting_incid": 32, "example_elasticsearch_query_from_artifact": 39, "example_elasticsearch_query_from_incid": 39, "example_execute_netdevice_command": 84, "example_execute_netdevice_configuration_command": 84, "example_geocoding_get_address": 45, "example_geocoding_get_coordin": 45, "example_grpc_communication_interfac": 53, "example_grr_search_by_ip": 192, "example_html2pdf": 58, "example_icdx_get_event_data": 59, "example_icdx_get_event_datat": 59, "example_icdx_search_for_ev": 59, "example_icdx_search_for_events_from_archives_other_than_system": 59, "example_icdx_search_for_events_related_to_device_nam": 59, "example_icdx_search_for_events_related_to_ip": 59, "example_invoke_aws_lambda_python_addit": 17, "example_invoke_step_function_asynchron": 17, "example_invoke_step_function_synchron": 17, "example_isitphishing_analyze_html_docu": 63, "example_isitphishing_analyze_html_document_artifact": 63, "example_isitphishing_analyze_url": 63, "example_maas360_basic_search": 69, "example_maas360_cancel_pending_wip": 69, "example_maas360_delete_app": 69, "example_maas360_get_software_instal": 69, "example_maas360_locate_devic": 69, "example_maas360_lock_devic": 69, "example_maas360_stop_app_distribut": 69, "example_maas360_wipe_devic": 69, "example_mcafee_publish_to_dxl_set_tie_reput": 76, "example_mcafee_publish_to_dxl_tag_system": 76, "example_microsoft_security_graph_alert_search": 79, "example_microsoft_security_graph_get_alert_detail": 79, "example_microsoft_security_graph_resolve_alert": 79, "example_microsoft_security_graph_update_alert": 79, "example_odbc_delete_postgresql": 87, "example_odbc_insert_postgresql": 87, "example_odbc_select_postgresql": 87, "example_odbc_update_postgresql": 87, "example_of_email_header_validation_using_dkimarc_artifact": 40, "example_of_email_header_validation_using_dkimarc_attach": 40, "example_phishai_scan_url": 94, "example_pipl_search_funct": 96, "example_rdap_queri": 150, "example_search_incid": 60, "example_send_email": 88, "example_send_incident_email_html": 88, "example_send_incident_email_html2": 88, "example_send_incident_email_text": 88, "example_send_sms_incid": 17, "example_send_task_email_html": 88, "example_send_task_email_html2": 88, "example_shodan_host_lookup": 123, "example_snow_update_record_on_severity_chang": 119, "example_soar_utilities_artifact_attachment_to_base64": 127, "example_soar_utilities_artifact_hash": 127, "example_soar_utilities_attachment_hash": 127, "example_soar_utilities_attachment_to_base64": 127, "example_soar_utilities_close_incid": 127, "example_soar_utilities_create_incid": 127, "example_soar_utilities_get_incident_contact_info": 127, "example_soar_utilities_get_task_contact_info": 127, "example_soar_utilities_search_incid": 127, "example_soar_utilities_soar_search": 127, "example_soar_utilities_string_to_attach": 127, "example_soar_utilities_zip_extract": 127, "example_soar_utilities_zip_extract_to_artifact": 127, "example_soar_utilities_zip_list": 127, "example_staxx_indicator_import": 10, "example_staxx_indicator_search": 10, "example_url_to_dn": 140, "example_urlscanio": 142, "example_us": [21, 110], "example_whois_queri": 150, "example_wiki_create_pag": 151, "example_wiki_get_cont": 151, "example_wiki_lookup": 151, "exampledatefield": 130, "examplefield": 130, "examplenumfield": 130, "exampletextfield": 130, "exampleuser1": 41, "examplewww": 27, "exce": 59, "exceed": 107, "exceededmaximum": 37, "excel": [34, 127, 182], "except": [13, 16, 18, 19, 24, 25, 38, 43, 46, 47, 56, 57, 59, 79, 81, 85, 87, 88, 91, 111, 116, 121, 130, 131, 137, 144, 145, 146, 150, 155, 179, 188, 192], "exceptioninstruct": 49, "excess": 56, "excessive_ip_fragment": 43, "exchang": [1, 9, 11, 34, 43, 56, 59, 76, 77, 88, 91, 100, 103, 111, 118, 121, 156, 157, 169, 185, 187, 188, 190, 192], "exchange2016": 41, "exchange_date_of_retriev": 41, "exchange_delete_source_fold": 41, "exchange_destination_folder_path": 41, "exchange_dt_count_attach": 41, "exchange_dt_created_tim": 41, "exchange_dt_email_statu": 41, "exchange_dt_end_tim": 41, "exchange_dt_mandatory_attende": 41, "exchange_dt_meeting_inform": 41, "exchange_dt_meeting_loc": 41, "exchange_dt_meeting_subject": 41, "exchange_dt_message_id": 41, "exchange_dt_message_subject": 41, "exchange_dt_optional_attende": 41, "exchange_dt_recipient_email": 41, "exchange_dt_sender_email": 41, "exchange_dt_start_tim": 41, "exchange_email": 41, "exchange_email_id": 41, "exchange_email_information_dt": 41, "exchange_email_oper": 41, "exchange_email_recipi": 41, "exchange_end_d": 41, "exchange_folder_path": 41, "exchange_force_delete_subfold": 41, "exchange_get_email": 41, "exchange_hard_delet": 41, "exchange_has_attach": 41, "exchange_is_online_meet": 41, "exchange_meeting_bodi": 41, "exchange_meeting_end_tim": 41, "exchange_meeting_loc": 41, "exchange_meeting_start_tim": 41, "exchange_meeting_subject": 41, "exchange_message_bodi": 41, "exchange_message_id": 41, "exchange_message_subject": 41, "exchange_num_email": 41, "exchange_optional_attende": 41, "exchange_order_by_rec": 41, "exchange_required_attende": 41, "exchange_search_subfold": 41, "exchange_send": 41, "exchange_start_d": 41, "exchangelab": 42, "exchangelib": 41, "exchangeprovisioningflag": 133, "exclud": [13, 18, 19, 25, 35, 41, 42, 46, 59, 79, 87, 88, 91, 98, 108, 109, 113, 116, 130, 131, 146, 182, 183, 184, 189, 191, 192], "exclude_did": 35, "exclude_incident_field": 183, "exclude_incident_fields_fil": [182, 184], "excludedtag": 74, "excludehost": 117, "excludepassword": 148, "exclus": [24, 35, 72, 119, 157, 167, 179, 182], "exclusion_fil": [182, 184], "exclusion_set": 24, "exec": 78, "execut": [4, 10, 11, 12, 15, 16, 20, 23, 24, 27, 29, 30, 35, 43, 52, 53, 56, 59, 61, 65, 68, 69, 84, 85, 87, 91, 95, 97, 98, 100, 101, 106, 108, 111, 114, 115, 116, 117, 121, 122, 123, 125, 128, 129, 132, 133, 135, 136, 137, 141, 143, 145, 146, 155, 157, 159, 160, 161, 164, 167, 179, 180, 181, 183, 184, 186, 191], "execute_cal": 112, "execute_call_v2": 112, "execution_arn": 17, "execution_d": [16, 98], "execution_detail": 17, "execution_tim": 59, "execution_time_m": [7, 8, 10, 11, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 31, 33, 35, 36, 38, 41, 42, 43, 46, 47, 49, 51, 55, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 80, 81, 84, 85, 86, 87, 88, 89, 91, 92, 96, 97, 98, 103, 104, 106, 107, 108, 109, 111, 113, 114, 116, 117, 119, 122, 124, 126, 127, 129, 130, 131, 133, 136, 137, 138, 146, 148, 150, 152, 153, 154, 159, 185, 186], "executionarn": 17, "executor": 114, "exempt": 111, "exfil": 43, "exfiltr": 43, "exhibit": [72, 167], "exim": 43, "exist": [1, 7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 28, 29, 30, 32, 35, 36, 38, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 55, 56, 57, 58, 59, 60, 61, 64, 65, 66, 67, 71, 72, 73, 74, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 122, 124, 125, 126, 127, 129, 130, 131, 132, 133, 136, 137, 138, 142, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 157, 165, 167, 176, 178, 179, 180, 181, 182, 183, 184, 186, 190, 191, 192], "existing_descript": [81, 159], "exit": [21, 38, 64, 98, 105, 110, 157], "exit_address": 105, "exitcod": 85, "exmypb": 52, "exo_attachment_nam": 42, "exo_destination_mailfolder_id": 42, "exo_dt_email_address": 42, "exo_dt_has_attach": 42, "exo_dt_message_fold": 42, "exo_dt_message_id": 42, "exo_dt_message_subject": 42, "exo_dt_query_d": 42, "exo_dt_received_d": 42, "exo_dt_sender_email": 42, "exo_dt_statu": 42, "exo_dt_web_link": 42, "exo_email_address": 42, "exo_email_address_send": 42, "exo_end_d": 42, "exo_has_attach": 42, "exo_mail_fold": 42, "exo_mailfolders_id": 42, "exo_meeting_bodi": 42, "exo_meeting_email_address": 42, "exo_meeting_end_tim": 42, "exo_meeting_loc": 42, "exo_meeting_optional_attende": 42, "exo_meeting_required_attende": 42, "exo_meeting_start_tim": 42, "exo_meeting_subject": 42, "exo_message_bodi": 42, "exo_message_query_results_dt": 42, "exo_message_subject": 42, "exo_messages_id": 42, "exo_query_messages_result": 42, "exo_query_output_format": 42, "exo_recipi": 42, "exo_start_d": 42, "exp": 103, "expand": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167, 186], "expand_argument_var": 11, "expand_list": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 149, 150], "expand_list_result": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "expanded_list": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 149], "expans": 85, "expansion_list": 85, "expect": [21, 35, 48, 73, 111, 136, 162, 163, 168, 182, 191, 192], "experi": [103, 104, 136, 137, 190], "experiment": 43, "experimentalmetr": 43, "experimentalmetricanomali": 43, "experimentalsourc": 43, "expir": [0, 13, 19, 43, 78, 85, 91, 93, 99, 106, 108, 111, 117, 136, 144, 187, 190, 192], "expiration_d": 149, "expiration_statu": 91, "expirationdatetim": 133, "expirationinterv": 91, "expirationintervalreason": 91, "expirationstarttim": 91, "expirationstarttimereason": 91, "expirationstatu": 124, "expirationtim": 78, "expirationtime_t": 78, "expired_cert": 43, "expires_in": 88, "expiri": [19, 35, 91, 144, 188], "expirytim": 19, "expirytimeoffsetminut": 19, "explain": 179, "explan": [49, 70, 83], "explic": 38, "explicit": 191, "explicitli": [36, 85, 113, 121, 181, 191], "exploit": [7, 35, 43, 57, 78, 106, 117, 185], "exploitabilityscor": 152, "exploitinkit": 78, "exploittyp": 78, "exploituri": 78, "exploitverifi": 78, "explor": [24, 78, 152], "expon": [144, 188], "export": [3, 43, 47, 78, 125, 127, 156, 161, 182, 183, 189, 192], "expos": [4, 21, 38, 48, 49, 57, 59, 80, 110, 111, 121, 133, 135, 159, 168, 179, 185], "exposedmachin": 78, "exposedservic": 49, "exposur": [34, 60, 78, 99, 113, 124, 127], "exposure_dept_id": [60, 127], "exposure_individual_nam": [60, 127], "exposure_type_id": [60, 127], "exposure_vendor_id": [60, 127], "exposurelevel": 78, "express": [15, 16, 24, 35, 43, 64, 102, 113, 117, 151, 155, 163, 191], "extend": [7, 41, 91, 98, 107, 111, 119, 133, 148, 163], "extended_key_usag": [144, 188], "extendedkeyusag": 88, "extends_uuid": 81, "extens": [4, 5, 13, 21, 79, 85, 88, 91, 103, 113, 117, 119, 143, 144, 145, 153, 156, 172, 178, 180, 181, 182, 184, 188, 190, 192], "extension_list": 117, "extensionel": 98, "extern": [4, 13, 24, 35, 38, 43, 67, 78, 80, 88, 106, 107, 108, 111, 116, 117, 124, 143, 146, 152, 157, 158, 183, 186], "external_attr": 127, "external_db_req": 43, "external_exec_file_download": 43, "external_hostnam": 192, "external_ip": [24, 33], "external_ldap_req": 43, "external_network_scan": 152, "external_nfs_req": 43, "external_refer": [82, 186], "external_sourc": 107, "external_ssh_new_devic": 43, "external_system": 49, "external_uri": 49, "externalid": [78, 116, 152], "externalip": 116, "externalreferenceid": 117, "externalticketexist": 116, "externalticketid": 116, "externaltrigg": 35, "extfil": 88, "extra": [22, 38, 43, 58, 86, 100, 110, 111, 121, 192], "extra_packag": 4, "extract": [9, 34, 41, 44, 56, 61, 72, 82, 91, 98, 102, 108, 117, 134, 137, 155, 168, 186, 191], "extract_vers": 127, "extracted_fil": 127, "extragop": 43, "extrahop": 156, "extrahop_active_from": 43, "extrahop_active_until": 43, "extrahop_activitymap": 43, "extrahop_activitymap_id": 43, "extrahop_always_return_bodi": 43, "extrahop_artifact_typ": 43, "extrahop_assign": 43, "extrahop_assigne": 43, "extrahop_bpf": 43, "extrahop_cafil": 43, "extrahop_cloud_api_url": 43, "extrahop_console_url": 43, "extrahop_detect": 43, "extrahop_detection_assigne": 43, "extrahop_detection_categori": 43, "extrahop_detection_id": 43, "extrahop_detection_link": 43, "extrahop_detection_resolut": 43, "extrahop_detection_risk_score_min": 43, "extrahop_detection_statu": 43, "extrahop_detection_ticket_id": 43, "extrahop_detection_typ": 43, "extrahop_detection_upd": 43, "extrahop_devic": 43, "extrahop_device_field": 43, "extrahop_device_id": 43, "extrahop_device_oper": 43, "extrahop_device_operand": 43, "extrahop_end_tim": 43, "extrahop_id": 43, "extrahop_ip1": 43, "extrahop_ip2": 43, "extrahop_limit": 43, "extrahop_limit_byt": 43, "extrahop_limit_search_dur": 43, "extrahop_mod_tim": 43, "extrahop_not": 43, "extrahop_offset": 43, "extrahop_output": 43, "extrahop_particip": 43, "extrahop_port1": 43, "extrahop_port2": 43, "extrahop_risk_scor": 43, "extrahop_rx_api_kei": 43, "extrahop_rx_api_vers": 43, "extrahop_rx_cloud_console_url": 43, "extrahop_rx_host_url": 43, "extrahop_rx_key_id": 43, "extrahop_rx_key_secret": 43, "extrahop_search_filt": 43, "extrahop_search_typ": 43, "extrahop_site_nam": 43, "extrahop_site_uuid": 43, "extrahop_sort": 43, "extrahop_statu": 43, "extrahop_tag": 43, "extrahop_tag_id": 43, "extrahop_tag_nam": 43, "extrahop_ticket_id": 43, "extrahop_unassign": 43, "extrahop_update_notif": 43, "extrahop_update_tim": 43, "extrahop_valu": 43, "extrahop_watchlist": 43, "extrahop_watchlist_act": 43, "eyj0exaioijkv1qilcjzdii6ijawmdawmsisinptx3nrbsi6inptx28ybsisimfszyi6ikhtmju2in0": 32, "eyjhdwqioijjbgllbnrzbsisinvpzci6inhwdnpidfpju29hvkvusxe2vhhqsleilcjpc3mioij3zwiilcjzayi6ijailcjzdhkiojewmcwid2nkijoidxmwnsisimnsdci6mcwibw51bsi6ijg5otiymje2nza5iiwizxhwijoxnjc5otywndgzlcjpyxqioje2nzk5ntmyodmsimfpzci6ikxtvjjvshzvu3ftd0nmevptcxppcwcilcjjawqioiiifq": 32, "eyxn": 133, "ez": 187, "ez33zmxurlw": 117, "f": [8, 11, 13, 15, 16, 18, 19, 21, 24, 25, 26, 35, 36, 38, 41, 43, 46, 66, 67, 72, 74, 79, 80, 81, 85, 86, 89, 91, 103, 104, 113, 116, 117, 119, 126, 129, 130, 131, 133, 144, 146, 152, 153, 155, 167, 168, 192], "f0": [43, 54, 116], "f058a82542e8": 106, "f09a9e37d125": 98, "f0dc3f88": 78, "f1": 43, "f12fda6c092e5bb951df7579239ef18b": 117, "f138": 13, "f16f0e84": 130, "f1988": 153, "f2": [24, 43], "f23a143e092e5bb9729d4a06f126b084": 117, "f23eedc71476022c0fffe53ac794688f0227afc207e20091adf47b304777b92": 46, "f2baedb0ac74f8f42fc929e15f56da6a": 15, "f3": 24, "f31bb1cf": 24, "f35ad45a1f57b45713d7": 46, "f390": 106, "f39698a8092e5bb9465a33c08e4e132b": 117, "f4": 43, "f408": 146, "f41b": 104, "f4241202": 98, "f5": [24, 43], "f5ee89bb1e4a0b1c3c7f1e8d05d0677f2b2b5919": 78, "f5firepass": 104, "f5network": 104, "f6": 43, "f605": 103, "f617": 78, "f62ab0f7": 106, "f6b6cba4": 81, "f6ec44f025c67ab18170da47c1c610a94a9c84741f3cdfceb20cee565579868a": 146, "f6f5835d41d48d27a1ed7101ae0e21dc3548aab452f5c5d9a634f68c09b50b3ec062f086296628f8d226566637887e5c7be815c83abe2dc8b2746e324b70ac5c": 127, "f70c369a77320d54c042f0c632ee29c69c1f11899c4d5fe20b4cfaeda89d21ac": 187, "f741314d": 130, "f765": 80, "f7e3b66a064c": 133, "f7z0me0oseguuarcvdl9xw": 39, "f814e5ef": 106, "f829fb4a092e5bb92b1f80e5388c0870": 117, "f8a6a244138cb1e2f044f63f3dc42beeb555da892bbd7a121274498cbdfc9ad5": 24, "f95e": 24, "f9d2": 98, "f9e12dde6f68": 106, "f9e1983f24e1": 107, "f9e19e19e1": 107, "f9e1e1e1e1e1e1e1": 107, "f9e1e1e1e1ee1": 107, "f9ebc106951f": 106, "f9ed69326ca1": 146, "f9efe1e1e1e1e1": 107, "f9wohrng": 99, "f_hash": 146, "fa": [8, 13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 147], "fa059989": 152, "fa89897771d8": 80, "fa8e": 59, "face": 106, "facebook": [57, 96, 185], "facilit": [21, 43, 117, 137, 155], "fact": 133, "factor": [16, 42, 57, 185], "faf1d0b6": 81, "fail": [7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 25, 30, 35, 36, 43, 46, 49, 51, 53, 60, 64, 65, 71, 77, 78, 79, 80, 81, 85, 89, 90, 91, 92, 97, 98, 103, 104, 105, 107, 108, 110, 111, 113, 114, 116, 117, 119, 120, 122, 124, 125, 127, 129, 130, 131, 133, 138, 140, 144, 146, 152, 154, 182, 183, 185, 187, 188], "fail_reason": [31, 41, 133, 148], "failed_attach": 42, "failedact": 116, "failur": [10, 12, 16, 20, 29, 41, 43, 52, 60, 61, 68, 84, 85, 88, 95, 97, 100, 101, 104, 105, 107, 111, 115, 123, 124, 127, 128, 130, 132, 141, 143, 161, 183, 190], "failure_count": 129, "fake": [37, 49], "falcon": [85, 116], "falconapi": 33, "falkland": 137, "fals": [7, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 35, 36, 37, 38, 39, 41, 42, 43, 46, 49, 53, 54, 55, 56, 57, 59, 60, 64, 65, 66, 67, 69, 72, 73, 74, 75, 76, 78, 79, 80, 81, 84, 85, 88, 89, 90, 91, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 119, 121, 124, 125, 127, 129, 130, 131, 133, 137, 138, 139, 144, 146, 148, 152, 153, 155, 159, 160, 167, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 192], "falseposit": [66, 78, 80], "falsi": 187, "famili": [19, 41, 58, 88, 96, 99, 102, 117, 129, 137, 173], "familiar": 56, "families_list": 99, "faro": 137, "fashion": [41, 111], "faso": 137, "fast": [78, 97], "fasten": 99, "faster": [115, 125, 170, 184], "fatal": 59, "father": 96, "fault": 24, "favorit": 85, "fax": [113, 150, 188], "faxg59hr0v9fx8vlyxcxf25tbutk5hfxcqwlpyfdqiiiiujo6nzc3jexl7e3t6ioqdu1ndfx13t7e1pywizbqfscattu1erbqtiymjc3n4ehh8xfxs8vl7m5udbw1hsbg2mmt7ozs1gymkqe5p8ebmwaagiqkreaai0iclu7u80aaouaajucav4aaoqaad8": 187, "fb": 91, "fb33": 98, "fb5360be": 80, "fb94": 106, "fb9442f5411f": 81, "fbca0cd6": 81, "fbf657a616e211efaf639b4554e04742": 146, "fbgvfpajzirdeh3ua1": 111, "fbwf": 117, "fc00": 117, "fc3cdac565b676f3b5f5610fcf58160617fe83dfd691ee20d72a98990a058808": 99, "fc50d87a092e5bb91e4d52e4cb82c6cf": 117, "fc8c": 24, "fcd21bbeec66b34322c57b50478014ef": 107, "fd046ede": 98, "fd1a1e9e50fa": 39, "fd94": 78, "fdadb5a8": 98, "fdasfdjhk76876gshkf": 93, "fdf4c7f9": 24, "fdff": 117, "fe4b8cbd": 78, "fe80": [78, 117], "featur": [12, 27, 33, 52, 56, 68, 70, 71, 100, 127, 136, 138, 156, 160], "feature_nam": 59, "feature_path": 59, "feature_typ": 59, "feature_uid": 59, "featureid": 74, "featurenam": 74, "feb": [104, 114], "febf": 117, "februari": [41, 130, 185], "fec765d91888d9bbf6847953304233b8": 15, "fed": 38, "feder": 137, "federationidentifi": 113, "fedora": 117, "fee": 57, "feed": [4, 72, 111, 156, 182, 183], "feed_data": [178, 180, 181, 182, 183, 184], "feed_data_resili": 183, "feed_directori": 178, "feed_fe": 178, "feed_item_typ": 137, "feed_nam": [10, 178, 180, 181, 182, 183, 184], "feed_site_netloc": 10, "feedback": [79, 137], "feeder": [156, 180, 184], "feel": 97, "fegcxb3rdkim5dfog6sccfwia4yayv0rdgnlerbqntkyt14": 111, "feodo": 72, "feodo_id": 72, "ferrari": 106, "fetch": [24, 55, 56, 87, 103, 111, 130], "few": [4, 10, 30, 41, 49, 87, 121, 136, 166, 183], "fewer": 35, "ff": 117, "ff00": 117, "ff00ff": 102, "ff34ee4a092e5bb92609f4e71c39d814": 117, "ff402b": [28, 67, 91], "ffdf57": 88, "fff": 80, "ffff": 117, "fgshdsgfjn": 36, "fgzfdhgxj": 36, "fi": [24, 147], "fiberlink": 69, "fident": 24, "field": [8, 9, 11, 13, 14, 16, 20, 22, 24, 25, 31, 33, 34, 36, 41, 42, 46, 53, 60, 63, 66, 68, 69, 70, 72, 73, 74, 77, 83, 87, 89, 90, 91, 96, 98, 100, 101, 105, 110, 111, 114, 115, 117, 118, 120, 121, 125, 127, 129, 136, 140, 144, 148, 155, 159, 161, 162, 164, 166, 168, 179, 183, 184, 186, 188, 189, 190, 191, 192], "field_guardium_insights_config_id": 55, "field_guardium_insights_global_id": 55, "field_guardium_insights_what": 55, "field_guardium_insights_when": 55, "field_guardium_insights_wher": 55, "field_guardium_insights_whi": 55, "field_guardium_insights_who": 55, "field_mask": 49, "field_nam": [18, 60, 88, 119, 127], "field_typ": 98, "field_type_handl": 98, "field_uuid": 98, "field_valu": [60, 127], "fieldlabel": [60, 127], "fieldnam": [60, 113, 127], "fieldtag": 130, "fieldvalu": [60, 127], "fife": 188, "fiji": 137, "file": [1, 3, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25, 26, 27, 28, 29, 31, 32, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 47, 49, 51, 52, 53, 55, 56, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 109, 110, 112, 113, 114, 115, 116, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 136, 137, 138, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 157, 159, 160, 161, 162, 164, 165, 166, 167, 168, 169, 172, 173, 178, 179, 180, 181, 182, 183, 185, 186, 187, 188, 189, 190, 191], "file_access_failur": 43, "file_cr": 146, "file_descript": 24, "file_fe": [178, 180, 181, 183, 184], "file_hash": 129, "file_id": 117, "file_intel": 129, "file_list": 24, "file_list_guid": 24, "file_nam": [24, 28, 46, 48, 77, 107, 117, 127, 129, 182], "file_path": [24, 117], "file_path_list": 117, "file_s": 127, "file_scan_result": 146, "file_sha256": 24, "file_signature_state_sign": 146, "file_signature_state_verifi": 146, "file_typ": [13, 24], "file_upload_statu": 117, "fileaccessd": 131, "filebase64prefix": 78, "filebeat": 39, "filecreated": 131, "fileextens": 116, "fileextensiontyp": 116, "filehash": [72, 103], "fileidentifi": 78, "fileidentifiertyp": 78, "fileinfector": 122, "fileinfo": 127, "filemod": 146, "filemod_act": 146, "filemod_hash": 146, "filemod_issu": 146, "filemod_nam": 146, "filemod_publish": 146, "filemod_publisher_st": 146, "filemod_reput": 146, "filenam": [20, 24, 26, 35, 40, 46, 57, 63, 73, 78, 81, 85, 91, 98, 103, 105, 108, 124, 127, 135, 144, 146, 173, 188], "fileown": 131, "filepath": [78, 116], "fileprior": 73, "fileproductnam": 78, "fileproperti": 155, "filepublish": 78, "files": [116, 122, 155], "files_match": 11, "filesha1": 78, "filesha256": 78, "filest": 79, "filesystem": 117, "filesytem": 117, "filetyp": [78, 124, 155], "fileusag": 182, "fileverificationtyp": 116, "fill": [18, 32, 35, 41, 49, 64, 70, 90, 97, 106, 107, 113, 121, 130, 137, 146, 152], "filter": [10, 12, 15, 16, 24, 29, 33, 35, 41, 43, 52, 56, 59, 60, 61, 64, 66, 67, 68, 69, 70, 79, 86, 88, 90, 91, 95, 98, 99, 100, 101, 103, 108, 115, 117, 123, 124, 127, 128, 131, 132, 138, 141, 143, 150, 152, 155, 161, 183, 191], "filter_by_nam": 78, "filter_prop": 43, "filterbi": 152, "filtertyp": 35, "fin": [43, 137], "final": [4, 8, 21, 59, 72, 81, 88, 98, 183], "finalresult": 8, "finance_go": 55, "find": [4, 7, 8, 9, 11, 13, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 30, 31, 32, 34, 35, 36, 37, 39, 42, 43, 46, 47, 51, 53, 55, 58, 60, 63, 64, 65, 66, 67, 69, 71, 72, 75, 76, 77, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 156, 167, 183, 186, 192], "find_sync_row": 183, "findal": [13, 18, 25, 46, 79, 91, 109, 116, 117, 130, 131, 137, 146, 191], "finder": 41, "findincid": 137, "finding_class": 49, "finding_id": 49, "finding_nam": 49, "finding_payload_as_str": 15, "finding_url": 49, "findings_filt": 49, "findings_list": 49, "finfo": 120, "finger": 117, "fingerprint": [43, 98, 173], "fingerprintlist": 117, "fingerprintlist_id": 117, "finish": [20, 38, 73, 133], "finish_tim": 146, "finland": 137, "finnish": 147, "fip": 8, "fipresult": 8, "fire": 103, "firebrick": 41, "fireey": 44, "fireflow": 8, "firefox": [117, 126, 192], "firepass": 104, "firewal": [49, 55, 56, 80, 84, 118, 121, 165], "firewall_1": 25, "firewall_group_pair": 25, "firewall_group_pair_list": 25, "firewall_id": 25, "firewall_nam": 25, "firewall_scann": 49, "firewallen": 116, "firewallonoff": 117, "first": [2, 15, 18, 19, 21, 25, 35, 36, 37, 38, 41, 43, 49, 59, 67, 68, 73, 77, 78, 80, 85, 88, 90, 92, 96, 97, 98, 99, 104, 106, 107, 108, 113, 116, 119, 121, 124, 125, 130, 131, 136, 137, 146, 152, 153, 159, 162, 186, 187, 190, 191, 192], "first_alert_tim": 107, "first_event_tim": 107, "first_event_timestamp": 146, "first_nam": [21, 60, 87, 110, 127, 146], "first_packet_tim": 103, "first_parti": 137, "first_persisted_tim": 104, "first_seen": [33, 72, 78, 81, 94, 104, 106, 122, 154], "first_ten_subdomain": 92, "first_trigger_log_entri": 90, "firstact": 78, "firstactivitytimeutc": [66, 80], "firstdetectedat": 152, "firsteventtim": 78, "firstfullmodetim": 116, "firstli": 192, "firstnam": [41, 113], "firstpackettim": 103, "firstpag": 117, "firstregisteredinepochm": 69, "firstseen": [35, 37, 78, 92, 130, 167], "firstseen_t": 78, "firstseenat": 54, "firstwipd": 21, "fish": 117, "fist": [87, 192], "fit": [2, 120, 136, 185], "five": 117, "fix": [7, 11, 12, 15, 20, 24, 25, 36, 41, 42, 43, 45, 49, 57, 64, 65, 66, 67, 74, 75, 77, 78, 79, 80, 81, 88, 89, 90, 91, 95, 96, 98, 99, 100, 102, 103, 104, 110, 112, 114, 117, 118, 125, 127, 129, 131, 133, 141, 142, 143, 144, 150, 151, 153, 169, 173, 179, 182, 183, 184, 189, 190, 191], "fixed_time_per_dai": 90, "fixedvers": 152, "fixlet": 20, "fixvers": 64, "fji": 137, "fl": 24, "flag": [4, 16, 21, 24, 34, 42, 66, 69, 79, 88, 90, 105, 107, 117, 130], "flag_bit": 127, "flagstatu": 42, "flare": 44, "flask": 157, "flaticon": [102, 186], "flatten": [72, 74, 167], "flaw": 78, "fleetspeaken": 54, "flexibl": [38, 81, 124, 142, 148, 182, 190], "flk": 137, "float": [13, 18, 25, 46, 79, 91, 96, 116, 129, 130, 131, 146], "floss_opt": 44, "flow": [98, 111, 133, 148, 157, 179, 186], "flow_6b7udwv": 98, "flow_6b7udwv_di": 98, "flow_9af41ea": 98, "flow_9af41ea_di": 98, "flow_count": [102, 103, 104, 186], "flow_gvkozkt": 98, "flow_gvkozkt_di": 98, "flow_hbegkz1": 98, "flow_hbegkz1_di": 98, "flow_qgvwubw": 98, "flow_qgvwubw_di": 98, "flow_y10ymbl": 98, "flow_y10ymbl_di": 98, "flowcount": 103, "flynhzpctx3spvawqcruf3d": 111, "fn": [7, 8, 9, 10, 11, 12, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 29, 31, 33, 34, 35, 36, 38, 41, 42, 43, 45, 46, 47, 49, 51, 52, 55, 56, 59, 60, 61, 63, 64, 65, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 80, 81, 84, 85, 86, 87, 88, 89, 91, 92, 95, 96, 98, 100, 101, 104, 106, 107, 108, 109, 111, 112, 113, 114, 115, 116, 117, 119, 121, 122, 123, 124, 126, 127, 128, 129, 131, 132, 133, 134, 136, 137, 138, 141, 142, 143, 145, 148, 150, 152, 153, 154, 159, 161, 186, 187], "fn_abuseipdb": 3, "fn_alienvault_otx": [3, 9], "fn_amp_delete_computer_trajectori": 24, "fn_amp_delete_file_list": 24, "fn_amp_delete_file_list_fil": 24, "fn_amp_get_act": 24, "fn_amp_get_comput": [24, 117], "fn_amp_get_computer_trajectori": 24, "fn_amp_get_ev": 24, "fn_amp_get_event_typ": 24, "fn_amp_get_file_list": 24, "fn_amp_get_file_list_fil": 24, "fn_amp_get_group": 24, "fn_amp_move_comput": 24, "fn_amp_set_file_list_fil": 24, "fn_anomali_staxx": [3, 10], "fn_ansibl": [3, 11, 30], "fn_ansible_tow": [3, 12, 55], "fn_api_void": 3, "fn_apil": [3, 14], "fn_aws_guardduti": [3, 156], "fn_aws_iam": [3, 16], "fn_aws_iam_add_user_to_group": 16, "fn_aws_iam_attach_user_polici": 16, "fn_aws_iam_deactivate_mfa_devic": 16, "fn_aws_iam_delete_access_kei": 16, "fn_aws_iam_delete_login_profil": 16, "fn_aws_iam_delete_mfa_devic": 16, "fn_aws_iam_delete_ss_cr": 16, "fn_aws_iam_delete_ssh_kei": 16, "fn_aws_iam_delete_us": 16, "fn_aws_iam_detach_user_polici": 16, "fn_aws_iam_list_mfa_devic": 16, "fn_aws_iam_list_service_specific_credenti": 16, "fn_aws_iam_list_signing_cert": 16, "fn_aws_iam_list_signing_certif": 16, "fn_aws_iam_list_ssh_public_kei": 16, "fn_aws_iam_list_us": 16, "fn_aws_iam_list_user_access_kei": 16, "fn_aws_iam_list_user_group": 16, "fn_aws_iam_list_user_polici": 16, "fn_aws_iam_remove_user_from_group": 16, "fn_aws_iam_update_access_kei": 16, "fn_aws_iam_update_login_profil": 16, "fn_aws_util": [3, 17], "fn_axoniu": 3, "fn_azure_automation_util": 3, "fn_bigfix": 3, "fn_bluecoat_site_review": [158, 159], "fn_bmc_helix": 3, "fn_calendar_invit": [3, 22], "fn_call_rest_api": 143, "fn_cb_protect": [3, 23], "fn_cisco_amp4ep": 3, "fn_cisco_asa": [3, 25], "fn_cisco_enforc": [3, 26], "fn_cisco_umbrella_inv": [3, 30], "fn_clamav": [3, 28], "fn_cloud_foundri": [3, 29], "fn_compon": [3, 30], "fn_create_webex_meet": [3, 31], "fn_create_zoom_meet": [3, 32], "fn_crowdstrike_falcon": [3, 33], "fn_cve_search": [3, 34], "fn_darktrac": 3, "fn_datatable_util": 3, "fn_digital_shadows_search": [3, 37], "fn_docker": 3, "fn_docker_": 38, "fn_docker_volatil": 38, "fn_elasticsearch": 3, "fn_email_header_valid": [3, 40], "fn_exchang": 3, "fn_exchange_onlin": [3, 42], "fn_extrahop": 3, "fn_floss": [3, 44], "fn_geocod": [3, 45], "fn_github": 3, "fn_google_cloud_dlp": [3, 47], "fn_google_cloud_funct": [3, 48], "fn_google_cloud_scc": 3, "fn_google_maps_direct": 3, "fn_googlesafebrows": [3, 51], "fn_greynois": [3, 52], "fn_grpc_interfac": 3, "fn_grr": 192, "fn_grr_search": [3, 54], "fn_guardium_insights_integr": [3, 55], "fn_guardium_integr": [3, 56], "fn_hibp": [3, 57, 185], "fn_html2pdf": 3, "fn_icdx": 3, "fn_incident_util": 3, "fn_ioc_parser_v2": [3, 61], "fn_ipinfo": [3, 62], "fn_isitphish": [3, 63], "fn_jira": [3, 64], "fn_joe_sandbox_analysi": 3, "fn_kafka": 3, "fn_ldap_search": 160, "fn_ldap_util": [3, 67, 192], "fn_log_captur": [3, 68], "fn_maas360": 3, "fn_machine_learn": 3, "fn_machine_learning_nlp": [3, 71], "fn_mandiant": 3, "fn_mcafee_atd": [3, 73], "fn_mcafee_epo": 3, "fn_mcafee_esm": [3, 75], "fn_mcafee_opendxl": [3, 76], "fn_mcafee_ti": [3, 76, 77], "fn_mcafeee_atd": 73, "fn_microsoft_defend": [3, 78], "fn_microsoft_security_graph": 3, "fn_microsoft_sentinel": [3, 80], "fn_misp": 3, "fn_mitre_integr": [3, 82], "fn_mxtoolbox": [3, 83], "fn_name": [15, 16, 43, 117, 155], "fn_netdevic": [3, 84], "fn_network_util": [3, 85], "fn_ocr": 3, "fn_odbc_queri": [3, 182, 192], "fn_outbound_email": [3, 88, 157, 191], "fn_pa_panorama": [3, 89], "fn_pagerduti": [3, 90], "fn_parse_util": 3, "fn_passivetot": 3, "fn_pastebin": 3, "fn_phish_ai": [3, 94], "fn_phish_tank": [3, 95], "fn_pipl": 3, "fn_playbook_mak": 3, "fn_playbook_util": [3, 98], "fn_proofpoint_tap": 3, "fn_proofpoint_trap": [3, 100], "fn_pulsed": [3, 101], "fn_qradar_advisor": 3, "fn_qradar_enhanced_data": 3, "fn_qradar_integr": [3, 103, 104, 158], "fn_query_tor_network": [3, 105], "fn_randori": 3, "fn_rapid7_insight_idr": 3, "fn_reaqta": 3, "fn_relat": 3, "fn_remedi": [3, 110], "fn_res_to_icd": [158, 161], "fn_rest_api": [3, 167], "fn_risk_fabr": [158, 162], "fn_rsa_netwit": [3, 112], "fn_salesforc": 3, "fn_schedul": [3, 114], "fn_secureworks_ctp": [3, 115], "fn_send_to_staxx": 10, "fn_sentinelon": 3, "fn_sep": 3, "fn_sep_add_fingerprint_list": 117, "fn_sep_assign_fingerprint_list_to_group": 117, "fn_sep_delete_fingerprint_list": 117, "fn_sep_get_command_statu": 117, "fn_sep_get_comput": 117, "fn_sep_get_domain": 117, "fn_sep_get_file_content_as_base64": 117, "fn_sep_get_fingerprint_list": 117, "fn_sep_get_group": 117, "fn_sep_move_cli": 117, "fn_sep_quarantine_endpoint": 117, "fn_sep_scan_endpoint": 117, "fn_sep_update_fingerprint_list": 117, "fn_sep_upload_file_to_sepm": 117, "fn_service_now": [3, 118, 119], "fn_set_move_cli": 117, "fn_shadowserv": 3, "fn_shodan": [3, 123], "fn_siemplifi": 3, "fn_slack": [3, 127], "fn_snapshot_url": 3, "fn_soar_util": 3, "fn_spamhaus_queri": [3, 128], "fn_splunk_integr": [3, 129, 158], "fn_symantec_dlp": 3, "fn_symc_sep_get_group": 117, "fn_task_util": [3, 132], "fn_team": [0, 3], "fn_threatmin": [3, 134], "fn_threatmind": 134, "fn_thug": [3, 135], "fn_timer": [3, 127], "fn_trusteer_ppd": 3, "fn_twilio": [3, 138], "fn_twilio_send_sm": 138, "fn_twitter_most_popular": 3, "fn_url_to_dn": [3, 140], "fn_urlhau": [3, 141], "fn_urlscan": 187, "fn_urlscanio": [3, 142, 187], "fn_util": [1, 3, 11, 17, 48, 58, 111, 142, 143, 158, 192], "fn_virustot": [3, 188], "fn_vmray_analyz": [3, 145], "fn_vmware_cbc": 3, "fn_watson_transl": [3, 147], "fn_watson_translate_api": 147, "fn_watson_translate_source_lang": 147, "fn_watson_translate_source_text": 147, "fn_watson_translate_target_lang": 147, "fn_watson_translate_url": 147, "fn_watson_translate_vers": 147, "fn_webex": 3, "fn_whoi": 3, "fn_whois_rdap": [3, 156], "fn_wiki": 3, "fn_wiz": 3, "fn_xforc": [1, 3, 153], "fn_yeti": 3, "fn_zia": [3, 155], "fname": [60, 127], "fngwii9anc0z3": 98, "fo": 19, "focus": 42, "fold": 13, "folder": [3, 4, 46, 49, 70, 71, 77, 157, 158, 177, 179, 190, 192], "follow": [5, 7, 8, 9, 11, 13, 14, 15, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 30, 31, 32, 34, 35, 36, 39, 40, 41, 42, 43, 44, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 135, 136, 137, 138, 141, 142, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 157, 159, 160, 162, 163, 166, 167, 168, 171, 172, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "follow_up": 104, "followedurl": 159, "followers_url": 46, "following_url": 46, "font": [41, 58, 88, 102, 108], "font_color": 145, "fontdrvhost": 108, "foo": [110, 130], "forbidden": [30, 43, 78], "forc": [7, 38, 43, 74, 80, 88, 113, 130, 157, 192], "forcepoint": [144, 188], "fordbmigr": 124, "forecasten": 113, "forefront": 91, "foreign": 182, "forens": [85, 100, 107], "forensics_templ": 99, "forest": 70, "forexpack": 102, "forextrahop": 43, "forg": 108, "forgot": 192, "fork": 46, "forks_count": 46, "forks_url": 46, "form": [8, 16, 18, 21, 39, 41, 49, 88, 107, 110, 113, 114, 121, 136, 137, 150, 155, 168, 188, 190], "formal": [108, 159], "format": [1, 7, 8, 9, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 46, 47, 48, 49, 50, 51, 53, 54, 55, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 113, 114, 116, 117, 118, 119, 120, 122, 124, 125, 126, 127, 129, 130, 131, 133, 134, 136, 137, 138, 139, 142, 143, 144, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 159, 160, 162, 167, 168, 177, 180, 181, 182, 184, 185, 186, 187, 188, 190, 191, 192], "format_input_param": 43, "format_lin": 78, "format_link": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 150], "formatted_d": 33, "formatted_item": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "formerli": [13, 21, 24, 32, 35, 41, 42, 46, 64, 65, 72, 74, 78, 85, 88, 99, 104, 108, 109, 113, 116, 119, 137, 144, 153, 167], "formula": 86, "forq8jee9f": 98, "fort": 79, "forth": 183, "fortinet": [43, 122, 144, 188], "fortio": 43, "forward": [59, 100, 111, 117, 191], "forwardsnsnotificationrol": 15, "found": [3, 4, 10, 11, 13, 16, 18, 19, 20, 25, 28, 33, 35, 36, 37, 38, 41, 42, 43, 46, 47, 49, 54, 59, 60, 61, 64, 67, 69, 72, 73, 74, 76, 78, 79, 80, 81, 82, 86, 88, 91, 95, 99, 101, 102, 104, 105, 106, 107, 108, 116, 117, 119, 125, 127, 129, 130, 131, 135, 139, 146, 149, 151, 152, 154, 155, 167, 168, 182, 183, 185, 186, 187, 189, 190, 191, 192], "found_app": 69, "foundat": 106, "foundri": 156, "four": [64, 102], "fp": 117, "fpl_content": 117, "fpl_data": 117, "fpl_exist": 117, "fqdn": [1, 25, 54, 72, 79, 89, 103], "fqdn_analysi": 72, "fr": [13, 147, 159], "fr6k2kn2k": 146, "fra": [86, 137], "fragment": [24, 43, 107, 117], "frame": [13, 42, 64, 130], "frameid": 187, "framenavig": 187, "framestartedload": 187, "framestoppedload": 187, "framework": [9, 11, 27, 30, 32, 34, 38, 56, 85, 111, 138, 160, 164, 178, 180, 181, 182, 184], "franc": 137, "francisco": 91, "frankfurt": 187, "franki": 67, "fraud": [7, 137], "fraud_mo": 137, "fraudul": 137, "free": [57, 85, 94, 97, 114, 185], "free_space_of_drive_c": 74, "freebsd": 43, "freedisk": 117, "freediskspac": 74, "freemail": 14, "freemem": 117, "freememori": 74, "freetaxii": [102, 186], "freetd": [87, 182], "freetn": 182, "french": [86, 137, 147], "frequenc": [19, 98], "frequent": 98, "frequentprofiledapisaccountprofil": 15, "frequentprofiledapisuseridentityprofil": 15, "frequentprofiledasnsaccountprofil": 15, "frequentprofiledasnsuseridentityprofil": 15, "frequentprofileduseragentsaccountprofil": 15, "frequentprofileduseragentsuseridentityprofil": 15, "frequentprofiledusernamesaccountprofil": 15, "frequentprofiledusertypesaccountprofil": 15, "fresh": [56, 154], "friend": 96, "friendlynam": [80, 130], "friyzadn2k": 146, "fro": 137, "from": [1, 4, 7, 8, 9, 10, 11, 12, 13, 15, 17, 18, 19, 20, 21, 22, 23, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 38, 39, 41, 44, 45, 46, 47, 48, 49, 50, 51, 53, 55, 57, 58, 59, 60, 61, 63, 64, 65, 66, 68, 69, 70, 72, 73, 75, 77, 79, 80, 81, 82, 84, 87, 88, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 100, 102, 103, 104, 105, 108, 109, 110, 111, 114, 115, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 129, 131, 132, 133, 134, 136, 138, 139, 140, 142, 144, 147, 148, 150, 152, 153, 154, 157, 159, 160, 161, 164, 167, 168, 169, 179, 180, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "from_email": 90, "from_email_address": 88, "fromentityhead": 91, "fromisoformat": 79, "fromstr": 167, "fromtimestamp": [43, 144], "fromtyp": 182, "front": 43, "frontend": 187, "froobl": 111, "frozen": [60, 127], "fry": 192, "frzadn2kik": 146, "fsm": 137, "fsname": 108, "fti": 91, "ftp": [7, 43, 137], "ftp3": 192, "ftp_access_denied_error": 43, "ftp_bad_syntax_error": 43, "ftp_brute_forc": 43, "ftp_error": 43, "ftp_file_transfer_issu": 43, "ftp_not_logged_in_error": 43, "fuction1": 97, "full": [8, 11, 14, 35, 36, 38, 46, 60, 69, 74, 78, 80, 81, 95, 96, 102, 107, 116, 117, 119, 127, 130, 133, 146, 155, 168, 182], "full_finding_nam": 49, "full_match": 117, "full_nam": [46, 74], "full_path_nam": 117, "full_scan": 117, "full_search_period": 102, "full_search_tim": 102, "full_search_timeout": 102, "fulli": [8, 30, 88, 102, 111, 118, 119, 121, 162], "fullnam": [46, 67, 74, 103, 117], "fullpathnam": 117, "fullphotourl": 113, "fulluserag": 15, "fumik0": 72, "func": 114, "func_aws_guardduty_archive_find": 15, "func_aws_guardduty_refresh_find": 15, "funciton": 187, "funct_extrahop_rx_add_detection_not": 43, "funct_extrahop_rx_assign_tag": 43, "funct_extrahop_rx_create_tag": 43, "funct_extrahop_rx_get_activitymap": 43, "funct_extrahop_rx_get_devic": 43, "funct_extrahop_rx_get_tag": 43, "funct_extrahop_rx_get_watchlist": 43, "funct_extrahop_rx_search_detect": 43, "funct_extrahop_rx_search_devic": 43, "funct_extrahop_rx_search_packet": 43, "funct_extrahop_rx_update_detect": 43, "funct_extrahop_rx_update_watchlist": 43, "funct_mcafee_epo_find_a_system": 74, "funct_zia_add_to_allowlist": 155, "funct_zia_add_to_blocklist": 155, "funct_zia_add_to_url_categori": 155, "funct_zia_add_url_categori": 155, "funct_zia_get_allowlist": 155, "funct_zia_get_blocklist": 155, "funct_zia_get_sandbox_report": 155, "funct_zia_get_url_categori": 155, "funct_zia_remove_from_allowlist": 155, "funct_zia_remove_from_blocklist": 155, "funct_zia_remove_from_url_categori": 155, "funct_zia_url_lookup": 155, "function": [4, 12, 29, 30, 44, 45, 52, 61, 68, 70, 71, 73, 75, 95, 100, 101, 115, 118, 120, 121, 123, 128, 132, 141, 142, 143, 156, 158, 159, 160, 161, 162, 164, 180, 182, 183, 184, 186, 189, 190, 191], "function2": 97, "function_api_nam": 97, "function_nam": [24, 117], "functioncompon": 192, "functionerror": 192, "functionresult": 192, "fundament": [41, 91], "further": [4, 18, 21, 51, 53, 58, 72, 78, 80, 106, 111, 117, 119, 153, 157, 182, 184], "fusioncor": [78, 153], "futex": 72, "futuna": 137, "futur": [11, 13, 15, 18, 25, 36, 42, 43, 46, 66, 67, 71, 74, 78, 79, 80, 81, 88, 89, 90, 91, 99, 103, 104, 111, 114, 116, 117, 118, 119, 125, 129, 130, 131, 133, 136, 144, 146, 150, 153, 157, 182, 183, 189, 190, 192], "fuzzi": [129, 173], "fvjxbv": 188, "fw": 117, "fwlink": 80, "fxk41q1iqzarejgepzjiizvyb": 111, "fydibohf23spdlt": 42, "fyooyo": 98, "fyre": [90, 108, 116], "fze6vzt2c0ojg": 85, "g": [1, 4, 19, 23, 24, 36, 38, 60, 64, 81, 86, 102, 117, 120, 127, 138, 144, 155, 179, 182, 188], "g0032": 82, "g2vqdsa7oopo": 187, "g53091596": 35, "ga": [46, 147], "gab": 137, "gabon": 137, "gain": [85, 102, 111, 115, 154], "galaxi": 81, "galwai": 15, "gambia": 137, "gambl": 155, "game": 85, "gap": 1, "gari": 67, "gary1": 67, "gatewai": [8, 11, 13, 15, 16, 18, 19, 21, 24, 25, 32, 35, 41, 42, 43, 46, 64, 65, 66, 67, 72, 74, 78, 79, 80, 81, 82, 85, 88, 89, 91, 99, 102, 103, 104, 107, 108, 109, 110, 111, 113, 116, 117, 124, 130, 131, 137, 144, 146, 150, 152, 153, 155, 167], "gatewayip": 116, "gatewaymacaddress": 116, "gather": [15, 38, 43, 47, 49, 59, 72, 79, 82, 85, 102, 104, 110, 115, 153, 155, 167], "gathered_info": 72, "gaussian": 70, "gaussiannb": 70, "gb": [7, 94, 150], "gbr": 137, "gc": 98, "gcc": 182, "gconf": 91, "gcp": [47, 72], "gcp_artifact_input": 47, "gcp_dlp_deidentify_artifact": 47, "gcp_dlp_deidentify_attach": 47, "gcp_dlp_info_typ": 47, "gcp_dlp_inspect_attach": 47, "gcp_dlp_masking_char": 47, "gcp_function_nam": 48, "gcp_http_proxi": 48, "gcp_https_proxi": 48, "gcp_project": 47, "gcp_project_id": 48, "gcp_region": 48, "gcp_region_id": 48, "gcp_url": 48, "gd_access_key_detail": 15, "gd_action_detail": 15, "gd_finding_overview": 15, "gd_instance_detail": 15, "gd_resource_affect": 15, "gd_s3_bucket_detail": 15, "gda042c57": 35, "gdpr": [60, 127, 182, 183, 184], "gdpr_": 184, "gdpr_breach_circumst": [60, 127], "gdpr_breach_typ": [60, 127], "gdpr_breach_type_com": [60, 127], "gdpr_consequ": [60, 127], "gdpr_consequences_com": [60, 127], "gdpr_final_assess": [60, 127], "gdpr_final_assessment_com": [60, 127], "gdpr_harm_risk": [60, 127], "gdpr_identif": [60, 127], "gdpr_identification_com": [60, 127], "gdpr_lawful_data_processing_categori": [60, 127], "gdpr_personal_data": [60, 127], "gdpr_personal_data_com": [60, 127], "gdpr_subsequent_notif": [60, 127], "gear": 120, "gecko": [94, 187], "gen": 122, "gen8": 122, "gender": [47, 96, 185], "gener": [4, 9, 15, 22, 26, 33, 35, 38, 43, 49, 50, 53, 55, 59, 64, 65, 67, 68, 69, 72, 74, 76, 77, 78, 82, 86, 88, 89, 96, 97, 102, 103, 110, 111, 117, 119, 122, 124, 125, 131, 133, 144, 145, 148, 150, 151, 152, 155, 157, 162, 168, 180, 183, 191, 192], "generate_incident_url": 88, "generate_oauth2_refresh_token": 88, "generate_task_url": 88, "generatealert": 78, "generatecredentialreport": 15, "generated_cas": 104, "generatedfindingapinam": 15, "generatedfindingapiservicenam": 15, "generatedfindingasnorg": 15, "generatedfindingcitynam": 15, "generatedfindingcountrynam": 15, "generatedfindingisp": 15, "generatedfindingorg": 15, "generatedfindingprivatenam": 15, "generatedfindingpublicdnsnam": 15, "generationd": 19, "generationhost": 19, "generic_email_inbound_integration_refer": 90, "generic_events_api_inbound_integration_refer": 90, "generickd": 122, "geo": [9, 60, 127, 137], "geo_count": [60, 127], "geo_loc": 13, "geocod": 156, "geocodeaccuraci": 113, "geograph": [103, 185], "geographi": 103, "geoip": [14, 187], "geoloc": [15, 62], "georgia": 137, "georgian": 147, "german": [86, 147], "germani": [72, 137, 187], "gerri": 67, "get": [7, 8, 9, 10, 11, 13, 14, 15, 16, 20, 21, 22, 23, 26, 27, 29, 31, 34, 37, 38, 45, 47, 48, 50, 51, 53, 55, 56, 63, 64, 66, 67, 75, 76, 77, 81, 83, 84, 85, 86, 87, 88, 90, 91, 96, 97, 100, 102, 110, 111, 112, 114, 115, 118, 119, 120, 121, 129, 133, 136, 139, 140, 141, 143, 144, 148, 152, 157, 167, 168, 182, 186, 187, 188, 192], "get_activitymap_result": 43, "get_addresses_result": 89, "get_alert_by_id_result": 146, "get_alert_evident_result": 107, "get_alert_notes_result": 146, "get_alerts_result": 107, "get_all_runbook": 19, "get_artifact": 88, "get_attachments_result": 113, "get_categories_result": 155, "get_children": 88, "get_column_typ": 182, "get_command_result": 117, "get_comment_result": 113, "get_comments_result": 107, "get_computers_cont": 117, "get_computers_result": [24, 117], "get_critical_events_info_result": 117, "get_current_not": 43, "get_datat": 88, "get_details_result": 25, "get_detection_note_cont": 43, "get_detection_note_result": 43, "get_device_by_id_result": 146, "get_device_count_result": 18, "get_device_result": 18, "get_devices_result": 43, "get_domain": 26, "get_domains_result": 117, "get_entity_result": 130, "get_exceptions_policy_result": 117, "get_file_content_as_base65_result": 117, "get_file_lists_respons": 24, "get_file_lists_result": 24, "get_fingerprintlist_result": 117, "get_firewall_policy_result": 117, "get_formatted_timestamp": 33, "get_given_runbook": 19, "get_groups_result": [24, 89, 117], "get_incident_valu": 88, "get_insight_by_id_result": 130, "get_insights_comments_result": 130, "get_message_id": 137, "get_network_objects_result": 25, "get_non_null_item_from_list": 18, "get_not": 88, "get_paramet": 182, "get_policy_summary_result": 117, "get_project": 152, "get_prop": 43, "get_properti": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "get_reputation_result": 116, "get_result": [13, 18, 25, 79, 91, 116, 130, 146], "get_row": 88, "get_schedul": 19, "get_select_param": 192, "get_signal_by_id_result": 130, "get_tags_cont": 43, "get_tags_result": 43, "get_threat_result": 116, "get_trusteer_ppd_puid": 137, "get_user_result": 113, "get_users_result": 89, "get_watchlist_result": 43, "getaccountpublicaccessblock": 15, "getattr": [11, 18, 19, 21, 41, 46, 67, 74, 89, 103, 114, 119, 126, 129], "getbodyhtmlraw": 137, "getbucketlifecycl": 15, "getbucketloc": 15, "getbucketpolici": 15, "getchoicevalu": 120, "getdat": 33, "getfind": 15, "gethidpag": 117, "gethour": 33, "getinsight": 130, "getjournalentri": 120, "getlogg": 192, "getminut": 33, "getmonth": 33, "getpass": 2, "getresourc": 15, "getscreendetail": 187, "getsecond": 33, "gettim": [36, 78, 98], "gettrailstatu": 15, "getvalu": 120, "getyear": 33, "gf": 98, "gftubqtilvmskv0": 187, "ggbsavvln5qc5pcwvnut": 94, "ggggggggggg": 107, "ggy": 137, "gha": 137, "ghana": 137, "ghijk": 17, "ghostcat": 43, "gi": 55, "gi_dt_cl_catalog": 55, "gi_dt_cl_categori": 55, "gi_dt_cl_classification_nam": 55, "gi_dt_cl_classification_rul": 55, "gi_dt_cl_column": 55, "gi_dt_cl_comprehens": 55, "gi_dt_cl_datasource_ip": 55, "gi_dt_cl_datasource_nam": 55, "gi_dt_cl_datasource_typ": 55, "gi_dt_cl_date_cr": 55, "gi_dt_cl_descript": 55, "gi_dt_cl_port": 55, "gi_dt_cl_schema": 55, "gi_dt_cl_service_nam": 55, "gi_dt_cl_start_datelocal_tim": 55, "gi_dt_cl_tabl": 55, "gib": 137, "gibraltar": 137, "gin": 137, "gist": 46, "gist_id": 46, "gists_url": 46, "git": [3, 38, 46, 78], "git_commits_url": 46, "git_refs_url": 46, "git_tags_url": 46, "git_url": 46, "github": [3, 13, 27, 38, 44, 57, 76, 84, 91, 106, 107, 111, 113, 130, 146, 154, 156, 161, 162, 167, 168, 172, 173, 177, 179, 182, 185, 192], "github3": 46, "github_based_on_branch_or_sha": 46, "github_branch": 46, "github_commit_messag": 46, "github_committ": 46, "github_file_cont": 46, "github_file_path": 46, "github_filter_nam": 46, "github_limit": 46, "github_optional_file_path": 46, "github_own": 46, "github_prereleas": 46, "github_ref": 46, "github_release_descript": 46, "github_release_draft": 46, "github_release_nam": 46, "github_release_tag": 46, "github_repo": 46, "github_repo_typ": 46, "github_return_base64": 46, "github_sha": 46, "github_since_d": 46, "github_until_d": 46, "githubusercont": [102, 186], "gitlab": 43, "give": [17, 33, 51, 80, 89, 97, 108, 113, 119, 133, 136, 137, 153, 157, 164, 192], "given": [3, 4, 8, 9, 18, 19, 31, 33, 34, 35, 36, 37, 41, 42, 46, 49, 50, 55, 56, 57, 58, 64, 65, 67, 70, 72, 73, 74, 78, 80, 81, 87, 89, 91, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 111, 113, 114, 117, 119, 121, 127, 128, 129, 130, 133, 146, 152, 167, 183, 185, 186, 190], "given_filt": 49, "givennam": 67, "gjxdrwyw008": 69, "glass": [113, 192], "glide": [119, 121], "global": [15, 16, 23, 24, 30, 34, 37, 42, 43, 55, 74, 108, 115, 117, 130, 131, 137, 142, 155, 187, 192], "global_artifact": [108, 109, 127], "global_device_id": 137, "global_info": [108, 109, 127], "global_set": 64, "globalcallinnumb": 148, "globalfirstobserv": 78, "globallastobserv": 78, "globalpreval": 78, "glp": 137, "gmail": [22, 69, 72, 88], "gmb": 137, "gmbh": 33, "gmt": [13, 31, 41, 98, 111, 124, 148, 183, 187], "gmx": 91, "gnb": 137, "gnq": 137, "go": [10, 12, 13, 15, 16, 29, 30, 32, 33, 34, 37, 38, 45, 49, 55, 72, 80, 98, 101, 103, 115, 119, 121, 135, 142, 145, 146, 155, 157, 162, 184, 185, 186, 187, 188, 192], "goal": 64, "gocspx": 157, "goe": 111, "gog": 85, "golden": 43, "golden_devic": 146, "golden_device_id": 146, "gonra": 77, "good": [15, 37, 38, 117, 146, 168], "goodnewseveryon": 192, "goog": [187, 188], "googl": [13, 33, 53, 57, 62, 72, 81, 88, 89, 106, 108, 127, 137, 144, 156, 185, 187, 188, 192], "google_api_token": 53, "google_application_credenti": 47, "google_application_credentials_path": 49, "google_cloud_organization_id": 49, "google_maps_destin": 50, "google_maps_origin": 50, "google_mdm_adapt": 18, "google_safe_browsing_url_lookup": 51, "google_scc_add_finding_source_property_in_scc": 49, "google_scc_auto_update_severity_in_scc": 49, "google_scc_categori": 49, "google_scc_class": 49, "google_scc_close_case_on_chang": 49, "google_scc_close_finding_in_scc": 49, "google_scc_compliance_standard": 49, "google_scc_delete_security_mark": 49, "google_scc_field_mask": 49, "google_scc_filt": 49, "google_scc_finding_nam": 49, "google_scc_finding_source_properties_dt": 49, "google_scc_id": 49, "google_scc_list_asset": 49, "google_scc_nam": 49, "google_scc_next_step": 49, "google_scc_project_display_nam": 49, "google_scc_project_nam": 49, "google_scc_recommend": 49, "google_scc_refresh_find": 49, "google_scc_remediation_link": 49, "google_scc_resource_display_nam": 49, "google_scc_resource_nam": 49, "google_scc_search_filt": 49, "google_scc_security_mark": 49, "google_scc_security_mark_kei": 49, "google_scc_source_properti": 49, "google_scc_source_property_valu": 49, "google_scc_st": 49, "google_scc_typ": 49, "google_scc_update_finding_source_property_in_scc_from_dt": 49, "google_scc_update_kei": 49, "google_scc_update_next_steps_in_scc": 49, "google_scc_update_security_mark": 49, "google_scc_update_severity_in_scc": 49, "google_scc_update_state_in_scc": 49, "google_scc_update_valu": 49, "google_scc_url": 49, "google_scc_vulner": 49, "googleapi": [45, 49, 51], "googlebot": 72, "googlecrashhandl": 108, "googlecrashhandler64": 108, "googlesafebrows": [51, 127], "googlesafebrowsing_api_kei": 51, "googlesafebrowsing_artifact_typ": 51, "googlesafebrowsing_artifact_valu": 51, "googlesafebrowsing_url": 51, "googleusercont": 157, "googleweblight": 99, "gorinfotech": 102, "got": [15, 16, 28, 91, 117, 192], "gov": [72, 152], "govern": 152, "gp": 0, "gpg": 0, "gplv2": 11, "gpo": 43, "grab": 59, "grafana": [43, 179], "grai": 64, "grammat": 191, "grant": [19, 42, 49, 111, 131, 133, 146, 148, 157, 168, 182], "grant_typ": [88, 111], "grantdeni": 131, "graph": [42, 72, 133, 156, 157], "graphic": [102, 186], "graphql": 152, "gravatar": 64, "gravatar_id": 46, "grc": 137, "grd": 137, "grd_id": 55, "grd_outlier_detail": 56, "grd_sensitive_object": 56, "great": 7, "greater": [11, 15, 25, 36, 42, 43, 47, 49, 53, 64, 66, 67, 74, 78, 80, 81, 86, 87, 88, 89, 90, 91, 98, 99, 102, 103, 104, 106, 113, 114, 117, 118, 125, 129, 130, 133, 136, 144, 153, 172, 182, 183, 190, 191], "greater_or_equ": 106, "greater_or_equal_utc_seconds_ago": 106, "greater_utc_seconds_ago": 106, "greec": 137, "greek": 147, "green": [10, 25, 67, 116, 120, 145, 192], "greenland": 137, "greensnow": [144, 188], "greer": 18, "greet": 53, "greeter": 53, "grenada": 137, "grenadin": 137, "greynois": 156, "grl": 137, "group": [8, 11, 15, 19, 21, 42, 43, 55, 56, 66, 69, 79, 80, 98, 103, 108, 115, 116, 119, 131, 137, 150, 179, 183, 191], "group1": [89, 117], "group2": 24, "group_categori": 35, "group_cont": 35, "group_descript": [24, 117], "group_guid": 24, "group_id": [66, 74, 117], "group_list": 16, "group_nam": [24, 55, 59, 89, 117], "group_path": 74, "group_result": 146, "group_row": 82, "groupa": 108, "groupb": 108, "groupbyact": 35, "groupcategori": 35, "groupid": [16, 74, 116, 117, 133], "groupinfo": 74, "groupingid": 35, "groupingtyp": 115, "groupip": 116, "groupmemb": 133, "groupnam": [16, 74, 116, 124], "grouppath": 74, "grouppreviousgroup": 35, "groups_alias": 82, "groups_descript": 82, "groups_dn": 67, "groups_id": 82, "groups_mitr": 82, "groups_nam": 82, "groups_par": 21, "groups_techniqu": 82, "groupscor": 35, "groupsresult": 74, "grouptyp": 133, "groupupdateprovid": 117, "groupurl": 35, "grp": 16, "grp_stat": 16, "grpc": 156, "grpc_channel": 53, "grpc_function": 53, "grpc_function_data": 53, "grpc_response_data": 53, "grpcio": 53, "grr_3": 192, "grr_api_cli": 192, "grr_pwd": [54, 192], "grr_search": 192, "grr_search_typ": [54, 192], "grr_search_valu": [54, 192], "grr_server": [54, 192], "grr_test": 192, "grr_user": [54, 192], "grrapi": 192, "grrdocker": 192, "grybnnlmrgcsxwceflvayw4o2ob5suxrmchimxbxzdflmamnwbhehkkyjvvm": 98, "gsb": 170, "gserviceaccount": 49, "gssapi": 181, "gt": [99, 117, 187, 188], "gte": [39, 60, 127], "gti": 77, "gti_trust_level": 77, "gtm": 137, "gtrotman": 15, "gts1c3": 188, "gu": 147, "guadeloup": 137, "guarante": 82, "guardium": 156, "guardium_cert": 56, "guardium_host": 56, "guardium_id": 55, "guardium_insights_classification_report": 55, "guardium_insights_event_id": 55, "guardium_password": 56, "guardium_search_report_data": 56, "guardium_system_refer": 56, "guardium_us": 56, "guardum": 55, "guatemala": 137, "guernsei": 137, "guess": [80, 147], "guf": 137, "gui": [25, 122, 137, 144], "guiana": 137, "guid": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 140, 141, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 161, 164, 167, 168, 184, 191], "guidanc": [106, 120], "guidelin": 155, "guinea": 137, "gujarati": 147, "gum": 137, "guradium": 56, "guyana": 137, "gw": 13, "gwbrww": 99, "gxphvojcmlblxps13mdc6pmi5zpm0p1fkqqmxup3b7226osac4j": 117, "gxrhul1y9ccxq4ho5uudhfyznksuxd": 98, "gz": [4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 29, 30, 31, 32, 34, 35, 36, 39, 40, 41, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 55, 56, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 72, 73, 74, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 136, 137, 138, 141, 142, 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 157, 159, 161, 162, 167, 169, 171, 172, 174, 175, 176, 177, 178, 180, 181, 182, 183, 184, 192], "gzaam3kp4sy2dbabu": 98, "gzip": [111, 187], "gztar": [162, 177], "h": [36, 41, 43, 64, 85, 90, 91, 96, 104, 106, 114, 117, 136, 137, 143, 144, 152, 157, 168, 192], "h1": 82, "h2": [88, 91, 187], "h3": [82, 88, 102, 187], "h3a": 98, "h3x": 72, "h3x_1dai": 72, "h4epvvbqv5946aun1u9qg7kqp6tu5c1j": 157, "h5": [21, 110], "ha": [7, 11, 15, 17, 18, 19, 21, 22, 23, 24, 25, 30, 32, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 49, 50, 51, 53, 56, 57, 58, 64, 66, 67, 72, 73, 74, 77, 78, 79, 81, 82, 85, 86, 87, 88, 89, 90, 91, 92, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 119, 120, 121, 122, 124, 125, 127, 129, 130, 131, 133, 136, 137, 138, 139, 144, 145, 146, 148, 150, 151, 152, 153, 155, 157, 158, 160, 167, 168, 176, 179, 182, 183, 185, 186, 188, 189, 190, 191], "hack": [7, 43], "hacking_tool": 43, "had": [117, 179, 185], "haiti": 137, "haitian": 147, "hamburg": 121, "hand": [113, 120, 133, 192], "handl": [12, 13, 18, 21, 25, 35, 59, 64, 67, 70, 72, 79, 91, 102, 111, 116, 130, 146, 150, 152, 155, 179, 184], "handle_list": 137, "handler": 74, "handshak": [66, 88, 111], "hap": 21, "happen": [42, 59, 75, 108, 179], "happened_at": 108, "happenedat": [107, 108], "happenedat_t": 108, "happi": 41, "hard": [18, 41, 113, 191], "hard_driv": 18, "hard_liabl": [60, 127], "hard_limit": 59, "harden": [43, 49, 79, 80], "hardwar": 117, "hardware_info": 192, "hardwareinfo": 54, "hardwarekei": 117, "harmless": [144, 188], "harmstatus_id": [60, 127], "has_a_valu": [15, 16, 19, 24, 25, 79, 80, 81, 91, 103, 107, 108, 113, 116, 117, 119, 124, 130, 131, 146, 152, 155], "has_active_mfa": 16, "has_defect": 91, "has_download": 46, "has_ibm_default": [102, 186], "has_incid": 108, "has_issu": 46, "has_kei": 106, "has_logical_error": 98, "has_pag": 46, "has_project": 46, "has_sign_cert": 16, "has_srv_cr": 16, "has_ssh_public_kei": 16, "has_wiki": 46, "hasattach": 42, "hasattr": [32, 43, 137], "hascisakevexploit": 152, "hasepiclinkfielddepend": 64, "hasexploit": 152, "hasextrainfo": 187, "hash": [9, 24, 27, 33, 38, 57, 60, 72, 78, 81, 102, 103, 108, 109, 113, 117, 122, 129, 134, 144, 146, 152, 155, 170, 173, 175, 185, 187, 188, 190, 191], "hash_in_list": 117, "hash_is_md5": 146, "hash_is_sha1": 146, "hash_is_sha256": 146, "hash_length": 117, "hash_match": 117, "hash_typ": [77, 117], "hash_valu": [116, 117], "hashlib": 88, "hashtag": [42, 139], "hasincid": [108, 124], "haslimitedinternetexposur": 152, "hassuspiciousent": 124, "hasusergestur": 187, "hasverdict": 187, "hasvot": 64, "haswideinternetexposur": 152, "hasworkflow": 124, "hat": [4, 11, 43], "have": [0, 3, 4, 11, 13, 14, 15, 16, 21, 22, 25, 30, 33, 35, 36, 37, 38, 41, 42, 43, 47, 48, 49, 56, 59, 64, 65, 66, 67, 68, 70, 72, 74, 78, 80, 81, 83, 85, 87, 88, 89, 90, 91, 96, 97, 98, 99, 102, 104, 106, 107, 108, 111, 113, 114, 117, 118, 119, 120, 121, 124, 125, 127, 129, 130, 133, 137, 142, 144, 146, 149, 152, 153, 155, 156, 157, 165, 167, 168, 172, 176, 178, 179, 180, 181, 182, 183, 184, 186, 187, 189, 190, 191, 192], "have_i_been_pwned_threat_servic": 171, "haveibeenpwn": [57, 171, 185], "hc": 185, "hdr": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "hdr1": 36, "hdr2": 36, "hdr4": 36, "hdr_boolean": 36, "hdr_datetim": 36, "hdr_multiselect": 36, "hdr_number": 36, "hdr_select": 36, "hdr_text": 36, "he": [147, 187], "head": [33, 41, 42, 43, 46, 64, 86, 102, 111, 167, 168], "header": [13, 18, 25, 32, 35, 36, 37, 42, 46, 56, 64, 67, 72, 79, 87, 88, 89, 90, 91, 103, 104, 107, 111, 113, 116, 129, 130, 131, 137, 142, 144, 146, 153, 155, 156, 167, 168, 173, 181, 187, 189, 191], "header_kei": 137, "header_offset": 127, "headers_uuid": 106, "headless": [48, 86], "heal": [144, 188], "health": [78, 115, 117, 185], "healthstatu": 78, "hear": 179, "heard": 137, "heart": 91, "heartbeart": 117, "heavili": 49, "hebrew": 147, "hec": 184, "height": [98, 102, 117, 126, 186], "heimdal": [144, 188], "heirarchi": [60, 127], "hejxjrzji": 159, "helena": 137, "helix": 156, "helix_assigned_support_organ": 21, "helix_assigned_to": 21, "helix_compani": 21, "helix_created_d": 21, "helix_descript": 21, "helix_host": 21, "helix_impact": 21, "helix_incident_nam": 21, "helix_incident_numb": 21, "helix_organ": 21, "helix_password": 21, "helix_payload": 21, "helix_port": 21, "helix_prior": 21, "helix_request_id": 21, "helix_statu": 21, "helix_urg": 21, "helix_us": 21, "hello": [11, 21, 41, 53, 74, 80, 93, 133, 139], "hello_world": 19, "hellorepli": 53, "hellorequest": 53, "helloword": 53, "helloworld": 53, "helloworldproto": 53, "helo": [74, 91], "help": [33, 36, 38, 43, 53, 64, 67, 69, 82, 87, 88, 89, 99, 103, 104, 106, 119, 120, 129, 130, 137, 155, 157, 191], "helper": [9, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 33, 34, 36, 38, 39, 41, 46, 47, 50, 53, 54, 59, 60, 62, 63, 64, 67, 72, 76, 77, 78, 79, 80, 81, 82, 84, 85, 88, 91, 93, 94, 97, 98, 99, 102, 104, 106, 107, 108, 110, 113, 114, 116, 117, 120, 124, 125, 127, 129, 130, 131, 133, 137, 138, 139, 144, 145, 146, 148, 149, 150, 153, 155, 186, 190, 192], "helvetica": 41, "henri": 42, "here": [10, 11, 21, 24, 25, 28, 30, 33, 34, 36, 38, 41, 43, 44, 47, 48, 49, 53, 56, 58, 59, 64, 69, 72, 76, 80, 82, 84, 86, 87, 88, 90, 93, 97, 98, 99, 102, 106, 107, 110, 113, 116, 117, 118, 119, 127, 133, 135, 137, 138, 142, 146, 155, 162, 172, 179, 182, 183, 186, 188, 191, 192], "herzegovina": 137, "hexdigest": 88, "hh": [33, 104, 114], "hi": [103, 117, 147], "hi_fail": 117, "hiafags3egw5dkmijyxgkubydkqvy0l0dtjmd3lciywu2utbatguu0tpimarebf8n5g3kmaca1zawvuv": 98, "hibern": 152, "hibp": [57, 127, 185], "hibp_api_kei": 57, "hibp_proxy_http": 57, "hickori": 96, "hid": 117, "hidden": 78, "hide_o": 117, "hideattende": 42, "hidegroupinoutlook": 133, "hierarch": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 168, 189], "hierarchi": 41, "hierarchylevel": 64, "high": [21, 24, 25, 35, 43, 49, 60, 64, 66, 72, 78, 79, 80, 81, 88, 90, 96, 102, 103, 104, 106, 107, 108, 113, 117, 119, 120, 124, 127, 130, 131, 137, 146, 152, 170, 186, 188, 190], "high_citrix_lat": 43, "high_value_asset": [102, 186], "high_value_us": [102, 186], "high_volume_outli": 56, "higher": [38, 49, 103, 117, 167, 168, 180, 184], "highest": 64, "highli": [21, 49, 111, 113], "highlight": [93, 107, 124, 192], "hijklmn89123456": 88, "hindi": 147, "hint": [36, 60, 106, 127], "hipaa": [60, 127, 183], "hipaa_acquir": [60, 127], "hipaa_acquired_com": [60, 127], "hipaa_additional_misus": [60, 127], "hipaa_additional_misuse_com": [60, 127], "hipaa_advers": [60, 127], "hipaa_adverse_com": [60, 127], "hipaa_breach": [60, 127], "hipaa_breach_com": [60, 127], "hipaa_misus": [60, 127], "hipaa_misused_com": [60, 127], "histori": [27, 46, 88, 125, 166], "historicaldetect": 78, "historyst": 79, "hit": [7, 18, 20, 51, 60, 64, 72, 81, 85, 91, 92, 108, 109, 113, 122, 127, 130, 137, 146, 154, 168, 176, 192], "hit_list": 122, "hits_count": 20, "hits_over_limit": 20, "hive": [98, 108], "hive_label1": 108, "hive_label2": 108, "hjpw6pq2ffo": 98, "hkg": 137, "hllw": 122, "hltwau9567d2fdczjuwzp4ctyo9garwz44bma": 98, "hlw": 53, "hm": 150, "hmd": 137, "hnd": 137, "hoc": [11, 12, 85], "hokjyaqxwfeqh96pv1xbz0t8aey3nhwqeo8dckxc": 98, "hold": [13, 18, 19, 25, 46, 55, 64, 70, 79, 91, 116, 119, 120, 130, 131, 146, 186], "holder": [85, 87, 103], "holi": 137, "holist": 82, "home": [3, 38, 76, 85, 96, 152, 192], "home_phon": 96, "homepag": 46, "homephon": [67, 113, 117], "hondura": 137, "honeycli": 135, "hong": 137, "hook": 46, "hooks_url": 46, "hop": [85, 91], "host": [2, 7, 8, 9, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 31, 32, 33, 35, 36, 37, 38, 39, 41, 42, 43, 46, 49, 51, 52, 53, 54, 56, 57, 58, 59, 60, 63, 64, 65, 66, 67, 69, 70, 72, 74, 75, 76, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 92, 93, 94, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 119, 120, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 140, 143, 144, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 159, 167, 168, 181, 185, 186, 187, 192], "host0": 43, "host1": 43, "host_categori": 100, "host_dn": 55, "host_integrity_check": 117, "host_nam": [11, 55, 105, 121], "host_nowww": 13, "host_url": [31, 32], "hostdisplaynam": 148, "hostednam": 31, "hostemail": 148, "hostil": 103, "hostingphishurl": 37, "hostip": 53, "hostkei": 148, "hostnam": [7, 8, 13, 18, 19, 21, 24, 25, 33, 35, 39, 43, 47, 59, 62, 66, 68, 74, 80, 81, 89, 92, 106, 107, 110, 121, 130, 146, 155, 163, 167, 173, 187], "hostname_id": 106, "hostname_pref": 18, "hoststat": 79, "hostuserid": 148, "hostuserid123": 148, "hot": 113, "hotfix": 39, "hotter": 88, "hour": [36, 55, 74, 100, 104, 114, 130, 136, 138, 143, 148, 168], "hous": 96, "how": [1, 13, 15, 18, 25, 30, 33, 36, 38, 39, 41, 42, 44, 46, 47, 48, 49, 58, 59, 61, 63, 66, 72, 73, 75, 77, 79, 82, 86, 88, 91, 93, 94, 101, 102, 115, 116, 117, 119, 120, 123, 128, 130, 131, 143, 145, 146, 148, 151, 164, 168, 181, 182, 183, 184, 186, 188, 189], "howev": [4, 21, 49, 111, 113, 114, 121, 130, 131, 133, 136, 145, 146, 179, 182, 183, 192], "hpd": [21, 110], "hpd_ci": 21, "hpd_ci_formnam": 21, "hpd_ci_reconid": 21, "hr": [88, 102, 147], "href": [13, 18, 21, 25, 31, 32, 34, 35, 37, 38, 41, 43, 46, 49, 50, 57, 60, 64, 65, 78, 79, 80, 82, 88, 90, 91, 93, 94, 96, 97, 98, 103, 106, 107, 108, 109, 113, 114, 116, 117, 119, 120, 124, 125, 127, 130, 131, 133, 137, 144, 145, 146, 148, 150, 185, 186], "hrv": 137, "hs256": 111, "hsd1": 96, "ht": 147, "hta": 43, "hti": 137, "html": [8, 13, 18, 25, 33, 35, 39, 41, 42, 43, 46, 49, 53, 56, 57, 64, 65, 66, 73, 76, 79, 85, 88, 91, 95, 96, 99, 102, 105, 106, 107, 109, 113, 116, 117, 118, 119, 120, 121, 127, 130, 131, 135, 137, 145, 146, 152, 155, 156, 185, 187, 188, 189], "html2": 88, "html2pdf": 58, "html2pdf_data": 58, "html2pdf_data_typ": 58, "html2pdf_stylesheet": 58, "html_bodi": 91, "html_form": 13, "html_note": 102, "html_url": [46, 90], "htmld": 99, "http": [1, 2, 3, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 60, 61, 63, 64, 65, 66, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 110, 111, 112, 113, 115, 116, 117, 119, 121, 122, 123, 124, 125, 126, 128, 129, 130, 131, 132, 133, 134, 135, 137, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 159, 160, 161, 162, 167, 168, 169, 170, 172, 173, 174, 175, 176, 177, 180, 182, 183, 184, 185, 186, 187, 188, 190, 192], "http_400_status_cod": 43, "http_bad_request": 43, "http_desync_attack": 43, "http_error": 43, "http_forbidden": 43, "http_gateway_timeout_error": 43, "http_intel": 129, "http_internal_error": 43, "http_method_scan": 43, "http_not_found": 43, "http_path_travers": 43, "http_plaintext_password_cli": 43, "http_plaintext_password_serv": 43, "http_proxi": [10, 15, 16, 22, 25, 26, 27, 29, 34, 42, 43, 45, 46, 64, 75, 78, 80, 81, 82, 89, 100, 108, 123, 128, 142, 150, 155, 184], "http_referr": 129, "http_requesthead": 130, "http_scan": 9, "http_server": 43, "http_service_unavailable_error": 43, "http_str": [82, 186], "http_user_ag": 129, "httponli": 111, "https_proxi": [8, 10, 15, 16, 19, 21, 22, 25, 26, 27, 29, 34, 42, 43, 45, 46, 64, 75, 78, 80, 81, 82, 89, 100, 108, 110, 117, 123, 128, 142, 150, 155, 184], "https_str": [82, 186], "hu": 147, "hub": [59, 103, 190, 192], "human": [24, 111], "human_url": 154, "hun": 137, "hungari": 137, "hungarian": 147, "hunt": [116, 117], "hunt_results_limit": 20, "hv": 117, "hvstatu": 108, "hw_kei": 117, "hx": 43, "hy": 147, "hy000": 87, "hybridonprem": 91, "hychuang": 104, "hydra": [0, 90], "hyperflex": 43, "hyperlink": 49, "hypervisorvendorid": 117, "hyphen": 125, "hywij2": 98, "hz73oqbyqay0maglhjz4iw": 59, "i": [1, 2, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 51, 52, 53, 54, 55, 56, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 110, 111, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 156, 157, 159, 160, 161, 162, 163, 164, 166, 167, 168, 169, 172, 173, 174, 176, 177, 178, 180, 181, 182, 183, 184, 186, 187, 188, 189, 190, 191], "i0000v": 64, "i0u": 98, "i440fx": 116, "iam": [15, 49, 156], "iam_bind": 49, "iam_polici": 49, "iam_test_us": 16, "iam_test_user_1": 16, "iam_test_user_10": 16, "iam_test_user_2": 16, "iam_us": 15, "iamus": 15, "ian": 21, "ian_ag": 21, "iana": [144, 188], "iawpuewdqyjkozihvcnaqelbqaw": 85, "iazurecontextcontain": 19, "ibm": [0, 1, 4, 7, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 35, 36, 37, 39, 40, 41, 42, 43, 46, 47, 48, 49, 50, 51, 52, 53, 55, 58, 59, 61, 63, 64, 65, 66, 68, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 99, 100, 101, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 135, 136, 138, 140, 141, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 154, 157, 159, 161, 167, 168, 180, 182, 183, 184, 185, 187, 188, 192], "ibm_cloud_sdk_cor": 147, "ibm_default": [102, 103, 186], "ibm_resilient_integr": 121, "ibm_soar_case_id": 131, "ibm_soar_case_url": 131, "ibm_soar_id": 49, "ibmc4": 113, "ibmcloud": [85, 103, 153, 190, 192], "ibmexpert": 153, "ibmresili": [106, 107, 113, 119, 121, 130, 146, 161, 162, 182], "ibmsecur": 119, "ibmserviceengag": 161, "ibmsoar": 124, "ibpb": 116, "ic": 22, "icaluid": 42, "icann": [27, 144, 188], "icd_email": 161, "icd_field_sever": 161, "icd_pass": 161, "icd_prior": 161, "icd_severity_valu": 161, "icd_url": 161, "icdaa": 161, "icdx": 156, "icdx_amqp_host": 59, "icdx_amqp_password": 59, "icdx_amqp_port": 59, "icdx_amqp_usernam": 59, "icdx_amqp_vhost": 59, "icdx_device_ip": 59, "icdx_device_nam": 59, "icdx_ev": 59, "icdx_forwarder_inc_own": 59, "icdx_forwarder_toggl": 59, "icdx_search_limit": 59, "icdx_search_request": 59, "icdx_severity_id": 59, "icdx_typ": 59, "icdx_uuid": 59, "iceland": [137, 147], "ichat": 117, "icload": 153, "icmp": [43, 83], "icmp_cod": 117, "icmp_code_rang": 117, "icmp_tunnel": 43, "icmp_typ": 117, "icmp_type_rang": 117, "icmpv6": 117, "icnj3l5ewtra5krkgokclntu3kr3snjyw6n3glqassrk5ycnppt7fn6": 187, "icon": [64, 102, 113, 120, 168, 186, 192], "icontain": 106, "iconurl": 64, "id": [2, 8, 9, 10, 13, 15, 17, 19, 20, 21, 22, 23, 24, 25, 28, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 48, 49, 55, 56, 57, 59, 60, 63, 64, 65, 66, 72, 73, 74, 76, 77, 78, 79, 80, 81, 82, 86, 87, 88, 90, 91, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 119, 120, 121, 124, 125, 126, 127, 129, 131, 133, 137, 138, 142, 144, 145, 147, 148, 151, 152, 154, 155, 157, 162, 173, 179, 182, 183, 185, 186, 187, 188, 190, 191, 192], "id1": 41, "id3810": 55, "id_epmp_dx": 59, "id_in": 131, "id_str": 139, "idea": 191, "ident": [16, 19, 24, 59, 88, 102, 111, 117, 133, 137, 157, 186], "identif": [82, 102, 114, 147, 184], "identifi": [13, 15, 17, 18, 19, 24, 25, 27, 35, 37, 43, 46, 59, 66, 69, 72, 74, 79, 81, 82, 85, 88, 90, 91, 97, 99, 103, 106, 107, 108, 111, 113, 115, 116, 117, 124, 130, 131, 133, 137, 146, 147, 148, 152, 157, 167, 168, 183, 188, 189, 190], "identifiedat": 116, "identity_class": [102, 186], "idn": [41, 137], "idr": 107, "idschecksum": 117, "idsserialno": 117, "idsvers": 117, "idx": [72, 167], "ie": [15, 16, 76, 78, 89, 97, 117], "ieee802": 117, "ienoyw5uzww6igz1bmn0aw9ucy5mbl90aw1lcgoymdiylta5lta5ide4oja4ojm1ldqyosbjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifzhbglkyxrlzcbmdw5jdglvbibpbnb1dhmkmjaymi0wos0wosaxodowodoznsw0mzagsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibtdgfydgluzybbchagrnvuy3rpb246icdmbl90aw1lcickmjaymi0wos0wosaxodowodoznsw0mzagsu5gtybbznvuy3rfzm5fdgltzxjdihrpbwvyx3rpbwu6idjtcjiwmjitmdktmdkgmtg6mdg6mzusndmzielork8gw2z1bmn0x2zux3rpbwvyxsb0aw1lcl9lcg9jadogtm9uzqoymdiylta5lta5ide4oja4ojm1ldqzmibjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifzhbglkyxrlzcbmdw5jdglvbibpbnb1dhmkmjaymi0wos0wosaxodowodoznsw0mzugsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibtdgfydgluzybbchagrnvuy3rpb246icdmbl90aw1lcickmjaymi0wos0wosaxodowodoznsw0mzygsu5gtybbznvuy3rfzm5fdgltzxjdihrpbwvyx3rpbwu6idntcjiwmjitmdktmdkgmtg6mdg6mzusndm2ielork8gw2z1bmn0x2zux3rpbwvyxsb0aw1lcl9lcg9jadogtm9uzqoymdiylta5lta5ide4oja4ojm1lduxnibjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6ifnszwvwaw5nigzvciazmhmuidavmtiwcybjb21wbgv0zs4kmjaymi0wos0wosaxodowodoznsw1mjkgsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibtbgvlcgluzybmb3igndvzliawlze4mhmgy29tcgxldguucjiwmjitmdktmdkgmtg6mdk6mdusnjmwielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gu3rhdhvztwvzc2fnztogv29ya2zsb3cgd2fzihrlcm1pbmf0zwqucjiwmjitmdktmdkgmtg6mdk6mdusnjmyielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gu3rhdhvztwvzc2fnztogvg90ywwgc2xlzxagdgltzsazmcbzzwnvbmrzignvbxbszxrllgoymdiylta5lta5ide4oja5oja1ldyzmybjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifjldhvybmluzybyzxn1bhrzcjiwmjitmdktmdkgmtg6mdk6mdusnjm2ielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gu3rhdhvztwvzc2fnztogrmluaxnozwqgcnvubmluzybbchagrnvuy3rpb246icdmbl90aw1lcickmjaymi0wos0wosaxodowotoymcw2mzugsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibxb3jrzmxvdyb3yxmgdgvybwluyxrlzc4kmjaymi0wos0wosaxodowotoymcw2mzygsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibub3rhbcbzbgvlccb0aw1lidq1ihnly29uzhmgy29tcgxldguucjiwmjitmdktmdkgmtg6mdk6mjasnjm5ielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gumv0dxjuaw5nihjlc3vsdhmkmjaymi0wos0wosaxodowotoymcw2ndagsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbtdgf0dxnnzxnzywdloibgaw5pc2hlzcbydw5uaw5niefwccbgdw5jdglvbjogj2zux3rpbwvyjwoymdiylta5lta5ide4oje5ojuxldk3ncbjtkzpifthy3rpb25zx2nvbxbvbmvudf0grxzlbnq6idxmbl90aw1lcltdichpzd00mswgd29ya2zsb3c9cgxhewjvb2tfntdmnmm1njlfnwuxzv80ztm4xzgwnjjfm2mzzdg2oty1otu3lcb1c2vypwfkbwluqgv4yw1wbguuy29tksaymdiylta5lta5ide4oje5ojuxljy5nzawmd4gq2hhbm5lbdogznvuy3rpb25zlmzux3rpbwvycjiwmjitmdktmdkgmtg6mtk6ntismtgwielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gvmfsawrhdgvkigz1bmn0aw9uigluchv0cwoymdiylta5lta5ide4oje5ojuylde4msbjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6ifn0yxj0aw5niefwccbgdw5jdglvbjogj2zux3rpbwvyjwoymdiylta5lta5ide4oje5ojuylde4mibjtkzpiftmdw5jdf9mbl90aw1lcl0gdgltzxjfdgltztognw0kmjaymi0wos0wosaxodoxoto1miwxodigsu5gtybbznvuy3rfzm5fdgltzxjdihrpbwvyx2vwb2nooibob25lcjiwmjitmdktmdkgmtg6mtk6ntismtgyifdbuk5jtkcgw2nvm10gvw52zxjpzmllzcbivfrquybyzxf1zxn0cyaoy2fmawxlpwzhbhnlks4kmjaymi0wos0wosaxodoxoto1miwyodcgsu5gtybby28zymfzzv0gvxnpbmcgb3jnig5hbwu6ifrlc3qgt3jnyw5pemf0aw9ucjiwmjitmdktmdkgmtg6mtk6ntisndy3ielork8gw2rly29yyxrvcnndiftmbl90aw1lcl0gu3rhdhvztwvzc2fnztogu2xlzxbpbmcgzm9yidc1cy4gmc8zmdbzignvbxbszxrllgoymdiylta5lta5ide4ojixoja3ldyxmsbjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6ifdvcmtmbg93ihdhcyb0zxjtaw5hdgvklgoymdiylta5lta5ide4ojixoja3ldyxmibjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6ifrvdgfsihnszwvwihrpbwugnzugc2vjb25kcybjb21wbgv0zs4kmjaymi0wos0wosaxodoymtownyw2mtygsu5gtybbzgvjb3jhdg9yc10gw2zux3rpbwvyxsbszxr1cm5pbmcgcmvzdwx0cwoymdiylta5lta5ide4ojixoja3ldyxnibjtkzpiftkzwnvcmf0b3jzxsbbzm5fdgltzxjdifn0yxr1c01lc3nhz2u6iezpbmlzagvkihj1bm5pbmcgqxbwiez1bmn0aw9uoianzm5fdgltzxin": 127, "ifoilvzfugqzinet1jgqqafoxjdoarubejtu2vyxq": 98, "igmp": 117, "ignor": [41, 42, 64, 87, 88, 103, 119, 125, 146], "ignore_parent_rul": 117, "ignore_white_list": [7, 169], "ignorecas": 137, "ignorerul": 152, "ih3o": 98, "iiac": 15, "iiop": 43, "ijkl1mno2p3q4rs5tuv6wxyzabc": 15, "ikaru": 122, "illeg": 150, "illicit": 150, "illustr": [36, 66], "ima": 99, "imac": 18, "imag": [4, 64, 66, 85, 96, 102, 116, 127, 142, 152, 155, 156, 180, 185, 186, 187, 191], "imageid": 152, "imageinfo": 85, "imagenam": [38, 103], "imbal": 70, "imbalanc": 70, "imbalance_upsampl": 70, "imd": 43, "imei": 69, "imeiesn": 69, "imeimeid": 69, "immedi": [114, 125], "immin": 72, "immut": [153, 184], "imn": 137, "imp": 103, "impact": [21, 57, 98, 108, 110, 119, 179, 182, 185], "impact_lik": [60, 127], "impact_or_root": 21, "impact_scor": 106, "impact_sv": 108, "impactdescript": 37, "impacted_servic": 90, "impactscor": 152, "imperson": [41, 108], "imphash": 173, "implant": 43, "implement": [7, 18, 24, 25, 29, 32, 34, 35, 38, 39, 41, 43, 45, 46, 49, 51, 64, 66, 72, 83, 84, 86, 90, 92, 99, 102, 106, 107, 108, 111, 113, 114, 115, 116, 117, 121, 122, 124, 125, 126, 130, 131, 133, 136, 137, 144, 146, 152, 155, 164, 168, 169, 170, 171, 173, 174, 176, 191, 192], "implicit": [11, 111], "import": [3, 4, 8, 9, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 25, 29, 33, 34, 35, 36, 39, 40, 41, 42, 43, 45, 46, 52, 55, 56, 61, 64, 68, 69, 73, 74, 77, 78, 79, 80, 82, 83, 84, 85, 87, 88, 89, 90, 91, 95, 96, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 119, 121, 123, 124, 128, 129, 130, 131, 132, 133, 135, 136, 137, 138, 141, 142, 143, 144, 145, 146, 152, 155, 157, 161, 167, 178, 180, 181, 182, 183, 184, 189, 190, 191, 192], "import_hash": 122, "importantli": 136, "impostor": 99, "improp": 113, "improv": [4, 42, 64, 74, 80, 116, 118, 125, 127, 143, 155, 179, 182, 184], "impsum": 147, "in0sicjjb250zw50x3zlcnnpb24ioia1lcaizgvzy3jpchrpb24ioiaiug9zdcbtzxnzywdligzyb20gysbuyxnrihrvihlvdxigu2xhy2sgy2hhbm5lbc4gu2vuzcbzcgvjawzpy3mgywjvdxqgdghlifrhc2sgd2l0acbhbibvchrpb25hbcbjdxn0b20gdgv4dcbtzxnzywdlliisicjlehbvcnrfa2v5ijoginnsywnrx2v4yw1wbgvfcg9zdf9tzxnzywdlx3rvx3nsywnrx190yxnriiwgimxhc3rfbw9kawzpzwrfynkioiaiywrtaw5azxhhbxbszs5jb20ilcaibgfzdf9tb2rpzmllzf90aw1lijogmty1otu1ndmxnzi0mswgim5hbwuioiairxhhbxbsztogug9zdcbuyxnrihrvifnsywnriiwgim9iamvjdf90exblijoginrhc2silcaichjvz3jhbw1hdgljx25hbwuioiaic2xhy2tfzxhhbxbszv9wb3n0x21lc3nhz2vfdg9fc2xhy2tfx3rhc2silcaidgfncyi6ift7inrhz19oyw5kbguioiaizm5fc2xhy2silcaidmfsdwuioibudwxsfv0sicj1dwlkijogimviythmmjcwltjkmdmtngrhoc1hodeyltjjodc4mzc0mjq1ncisicj3b3jrzmxvd19pzci6idm2fv0sicj3b3jrc3bhy2vzijogw119": 127, "in_progress": [43, 116, 146], "in_reply_to": [88, 137], "inaccuraci": [150, 188], "inaccuratedata": 80, "inact": [16, 49, 78, 104], "inb": 91, "inbound": [25, 43, 79, 88, 138, 183, 190, 191], "inbound_cobalt_strike_connect": 43, "inbound_id": [88, 137], "inbound_mailbox": 137, "inbound_tor_connect": 43, "inbox": [41, 42, 99, 191], "inc": [60, 91, 98, 119, 120, 127, 144, 146, 149, 188], "inc000000005009": 21, "inc000000018070": 21, "inc123456": 120, "inc_create_field": [60, 127], "inc_filter_condit": 60, "inc_id": [36, 60, 88, 98, 108, 109, 127, 178, 179, 182], "inc_last_modified_d": [60, 127], "inc_nam": [36, 60, 108, 109, 127], "inc_own": [36, 60, 108, 109, 127], "inc_owner_id": [60, 127], "inc_search_field": 60, "inc_sort_field": 60, "inc_start": [60, 127], "inc_train": [60, 127], "inc_url": 88, "incas": [38, 47], "inch": 42, "incid": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 36, 39, 41, 42, 43, 44, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 57, 59, 61, 62, 63, 64, 65, 67, 68, 69, 71, 72, 73, 74, 75, 76, 77, 79, 81, 82, 84, 85, 86, 87, 89, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 104, 106, 107, 108, 111, 112, 113, 114, 116, 117, 118, 119, 120, 122, 123, 124, 125, 126, 128, 129, 130, 132, 133, 134, 136, 138, 139, 140, 141, 142, 143, 144, 146, 148, 149, 150, 151, 152, 153, 154, 155, 156, 161, 164, 165, 166, 167, 168, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 192], "incident_": 178, "incident_close_templ": [78, 131], "incident_creation_templ": [78, 80, 131], "incident_data": 181, "incident_data_top": 181, "incident_el": 98, "incident_ev": 35, "incident_events_output": 35, "incident_field": [13, 18, 25, 46, 79, 91, 116, 130, 131, 142, 146, 189], "incident_group": 35, "incident_group_output": 35, "incident_id": [5, 15, 21, 28, 36, 38, 42, 43, 47, 48, 55, 60, 63, 64, 65, 73, 74, 80, 88, 90, 91, 98, 99, 106, 109, 110, 111, 113, 114, 116, 119, 125, 127, 131, 133, 137, 142, 144, 145, 159, 180, 183, 187, 188], "incident_id_str": 125, "incident_kei": 90, "incident_memb": [17, 55], "incident_nam": 98, "incident_numb": 90, "incident_predict": 70, "incident_properties_given": 82, "incident_propery_given": 82, "incident_status": 116, "incident_templ": 79, "incident_top": 181, "incident_typ": 183, "incident_type_id": [60, 70, 88, 113, 117, 119, 127, 131, 133, 183, 191], "incident_update_templ": [78, 131], "incident_urgency_rul": 90, "incident_url": 98, "incident_utils_close_field": 60, "incidentdetail": 131, "incidentev": 35, "incidenteventurl": 35, "incidentid": [78, 79, 80, 90, 120, 131], "incidentinterfac": 21, "incidentinterface_cr": [21, 110], "incidentnam": 78, "incidentnumb": 80, "incidents_respond": 90, "incidents_return": 114, "incidentstatu": 116, "incidentstatus": 116, "incidentstatusdescript": 116, "incidentstatusid": 131, "incidentstatusnam": 131, "incidenturi": 78, "incidenturl": 80, "incidetn": 56, "incient": 124, "includ": [7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 29, 30, 31, 32, 35, 36, 38, 39, 41, 42, 43, 44, 46, 47, 48, 49, 51, 53, 55, 57, 58, 59, 60, 63, 64, 65, 66, 67, 70, 72, 74, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 100, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 120, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 142, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 156, 163, 164, 165, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 191], "include_attachment_data": [180, 181, 182, 183, 184], "inclus": 130, "incom": [64, 98, 178, 180, 182, 183, 190, 191], "incompat": 74, "incomplet": [21, 110], "inconclus": [115, 124], "inconsist": 119, "incorpor": [38, 41, 57, 88, 111, 183, 190], "incorrect": 151, "incorrectli": [80, 109, 152], "increas": [18, 101, 103], "increment": 37, "incur": 98, "ind": 137, "ind_act": 78, "ind_created_bi": 78, "ind_creation_d": 78, "ind_descript": 78, "ind_expiration_d": 78, "ind_id": 78, "ind_sever": 78, "ind_titl": 78, "ind_typ": 78, "ind_valu": 78, "indefinit": 111, "indent": [8, 13, 18, 19, 25, 46, 79, 89, 90, 91, 107, 113, 116, 117, 130, 131, 144, 146, 192], "independ": 111, "index": [13, 24, 39, 63, 64, 72, 103, 107, 117, 131, 135, 155, 167, 180, 184, 187, 191, 192], "index_d": 39, "index_prefix": 180, "indexerror": [87, 155, 192], "india": 137, "indian": [96, 137], "indianr": 41, "indic": [9, 10, 13, 15, 16, 18, 21, 24, 25, 35, 39, 42, 43, 46, 49, 61, 69, 73, 79, 80, 81, 85, 88, 89, 91, 98, 99, 102, 103, 106, 107, 111, 113, 115, 116, 117, 120, 125, 130, 131, 137, 146, 153, 155, 178, 180, 182, 183, 184, 186, 189], "indicator_act": 78, "indicator_descript": 78, "indicator_expir": 78, "indicator_occurr": 107, "indicator_sever": 78, "indicator_titl": 78, "indicator_typ": 10, "indicatorofcompromisecount": 37, "indicatortyp": 78, "indicatorvalu": 78, "indict": 16, "individu": [25, 55, 64, 97, 99, 102, 107, 109, 112, 133, 137, 143, 146, 150, 179, 180, 186, 191], "individualid": 113, "indonesia": 137, "industri": [37, 82, 96, 113, 153], "inet": 116, "inet6": 116, "inet_check_output": 8, "infect": [35, 99, 116, 117, 137], "infer": 96, "infer_person": 96, "inferenceclassif": 42, "infinit": [111, 183], "influenc": 152, "info": [9, 13, 19, 27, 30, 33, 34, 37, 53, 59, 62, 68, 74, 78, 81, 86, 88, 91, 98, 102, 103, 108, 119, 122, 131, 137, 138, 139, 143, 145, 149, 154, 160, 168, 172, 177, 183, 187, 192], "info_typ": [47, 72, 167], "infolist": 127, "infomap": 131, "inform": [0, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 42, 43, 45, 46, 47, 48, 49, 51, 52, 53, 55, 56, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 72, 74, 76, 77, 79, 80, 81, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 109, 110, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 141, 142, 143, 144, 146, 147, 148, 149, 150, 152, 153, 154, 155, 157, 161, 162, 168, 170, 172, 175, 177, 178, 179, 180, 181, 182, 183, 184, 186, 187, 188, 190, 191, 192], "infosec": 108, "infrastructur": [21, 72, 192], "infrastructure_provid": 146, "infrastructureeventtyp": 21, "infrequentprofiledapisaccountprofil": 15, "infrequentprofiledapisuseridentityprofil": 15, "infrequentprofiledasnsaccountprofil": 15, "infrequentprofiledasnsuseridentityprofil": 15, "infrequentprofileduseragentsaccountprofil": 15, "infrequentprofileduseragentsuseridentityprofil": 15, "infrequentprofiledusernamesaccountprofil": 15, "infrequentprofiledusertypesaccountprofil": 15, "ingest": [184, 191], "ingress_tim": 146, "inherit": [24, 74, 117, 164], "ini": [131, 182], "inicd": 22, "inifil": 182, "init_d": [60, 127], "init_snow_note_text": 119, "inithttp": 192, "initi": [7, 8, 10, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29, 30, 31, 32, 35, 36, 41, 42, 43, 45, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 117, 118, 119, 120, 122, 123, 124, 126, 127, 128, 129, 130, 131, 134, 136, 137, 140, 141, 142, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 167, 168, 169, 179, 180, 181, 182, 186, 187, 190, 191], "initial_not": 119, "initialaccess": 80, "initialdevic": 35, "initialis": 37, "initialprior": 187, "initiate_scan_result": 116, "initiatedbi": 116, "initiatedbydescript": 116, "initiatinguserid": 116, "initiatingusernam": 116, "initiatorinfo": 187, "initsnnot": 120, "inject": [7, 43, 87, 108, 124, 152], "inlin": [16, 88, 137, 190, 191], "inlinestylerang": 153, "inner": [104, 182], "inner_item": 104, "inner_kei": 104, "innererror": 42, "innerexcept": 124, "innerexceptiontyp": 124, "innotek": 33, "innov": 99, "inoffens": [103, 104], "inprogress": [78, 130], "input": [7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 31, 32, 35, 36, 39, 40, 41, 42, 43, 44, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 70, 72, 73, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 113, 114, 116, 117, 119, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 135, 136, 137, 140, 142, 143, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 159, 160, 162, 167, 168, 182, 184, 185, 186, 187, 188, 192], "input_disposit": 107, "input_field_guardium_insights_config_id": 55, "input_field_guardium_insights_fetch_s": 55, "input_field_guardium_insights_from_d": 55, "input_field_guardium_insights_guardium_id": 55, "input_field_guardium_insights_to_d": 55, "input_field_guardium_insights_what": 55, "input_field_guardium_insights_who": 55, "input_full_url": 48, "input_param": [24, 43], "input_paramet": 19, "input_params_comput": 24, "input_params_format": 43, "input_params_group": 24, "input_statu": 107, "input_typ": 182, "input_url": 48, "inputdetail": 17, "inputobject": 19, "inputobjectlowcpuexcludeparameterset": 19, "inputobjectrgexcludeparameterset": 19, "inputs_data": 55, "inputs_str": 18, "inqw": 111, "inremoteshellsess": 116, "insecur": [88, 89, 187], "insecure_registri": 1, "insensit": [107, 111], "insert": [59, 87, 104, 121, 182, 192], "insert_link": 49, "insid": [25, 81, 93], "insight": [72, 98, 102, 107, 117, 124, 156, 186], "insightid": 130, "insightidr": 156, "insights_ca_fil": 55, "insights_encoded_token": 55, "insights_host": 55, "inspect": 127, "inspector": 103, "instal": [0, 2, 3, 4, 14, 23, 27, 48, 57, 83, 119, 120, 156, 160, 163, 164, 169, 170, 177, 179, 186], "install_d": [24, 98], "install_princip": 98, "installedd": 69, "installeddateinepochm": 69, "installertyp": 116, "installtyp": 117, "instanc": [21, 23, 27, 28, 29, 35, 39, 43, 48, 56, 64, 67, 68, 69, 78, 80, 81, 89, 98, 102, 103, 104, 106, 108, 110, 111, 114, 118, 119, 120, 121, 129, 131, 138, 147, 152, 154, 155, 162, 177, 179, 180, 182, 183], "instance_id": [15, 136], "instance_private_dn": 15, "instance_private_ip": 15, "instance_public_dn": 15, "instance_public_ip": 15, "instance_st": 15, "instance_typ": 15, "instancedetailsid": 152, "instanceid": 21, "instancetyp": 67, "instant": 148, "instanti": [120, 137], "instead": [1, 11, 38, 43, 48, 69, 88, 111, 114, 120, 125, 164, 182, 191, 192], "institut": 72, "instr_text": [60, 120, 127], "instruct": [7, 8, 11, 13, 15, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 58, 59, 60, 63, 64, 65, 66, 67, 71, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 144, 146, 147, 148, 150, 152, 153, 154, 155, 183, 185, 187, 188, 192], "insuffici": 30, "insur": 41, "int": [12, 13, 15, 16, 18, 19, 21, 25, 29, 34, 36, 43, 46, 52, 53, 59, 61, 64, 68, 69, 72, 74, 75, 76, 78, 79, 88, 91, 95, 98, 100, 101, 103, 104, 106, 109, 111, 115, 116, 117, 119, 121, 123, 128, 129, 130, 131, 132, 136, 137, 140, 141, 143, 145, 146, 151, 161, 167], "int32": 19, "integ": [98, 103, 125], "integer01": 21, "integer02": 21, "integr": [0, 4, 5, 7, 9, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 39, 41, 42, 43, 46, 48, 49, 51, 52, 53, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 72, 74, 75, 76, 77, 78, 80, 81, 82, 84, 85, 87, 88, 89, 90, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 106, 107, 108, 109, 110, 111, 112, 113, 116, 117, 118, 119, 120, 122, 124, 125, 129, 130, 131, 132, 133, 134, 136, 137, 138, 139, 140, 143, 144, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 160, 161, 162, 163, 164, 165, 167, 168, 169, 176, 177, 178, 179, 185, 186, 187, 188, 191, 192], "integratio": 148, "integration_us": 121, "intel": [20, 108, 117, 122, 167], "intel64": 117, "intel_collect": 129, "intel_field": 129, "intel_kei": 129, "intel_valu": 129, "intellig": [9, 10, 13, 43, 77, 79, 81, 90, 98, 99, 102, 115, 129, 137, 144, 150, 156, 173, 179, 188], "intend": [38, 49, 119, 152, 178, 180, 181, 182, 183, 184, 191], "intended_effect": 37, "intens": 117, "intent": [38, 108], "inter": 191, "interact": [19, 23, 29, 43, 48, 73, 89, 113, 133, 152, 168, 179], "interactive_traffic_remote_desktop": 43, "interactive_traffic_shel": 43, "interactive_traffic_ssh": 43, "interest": [89, 91], "interesting_sect": 91, "interfac": [21, 25, 49, 54, 72, 95, 111, 115, 133, 148, 156, 165], "interface_dir": 53, "intermediateca": 72, "intermix": 183, "intern": [11, 15, 18, 24, 35, 36, 43, 64, 69, 77, 98, 107, 113, 138, 146, 157, 161, 192], "internal_attr": 127, "internal_axon_id": 18, "internal_customizations_field": [60, 127], "internal_ip": 24, "internal_url": 64, "internal_vol": 38, "internet": [21, 25, 64, 72, 102, 107, 144, 156, 167, 192], "internet4": 15, "internetmessageid": 42, "interrupt": [43, 179, 182], "interrupted_citrix_data_transf": 43, "intersect": 130, "interv": [15, 19, 23, 35, 43, 55, 64, 73, 79, 99, 100, 106, 107, 113, 114, 116, 124, 130, 131, 144, 146], "intranet": 192, "intric": 111, "introduc": [4, 39, 43, 64, 78, 85, 86, 88, 119, 182, 183, 184, 191], "introduct": 27, "intrus": [82, 113, 117], "intrust": 117, "intun": 133, "invalid": [41, 43, 60, 107, 117, 127, 130, 191], "inventori": 11, "invertori": 3, "investig": [35, 43, 56, 72, 79, 80, 98, 102, 106, 113, 117, 124, 152, 156, 186], "investigationid": 78, "investigationsecurityst": 79, "investigationst": 78, "invit": [41, 42, 125, 156], "invite": 22, "invoc": [11, 114, 129], "invok": [4, 9, 15, 16, 28, 33, 38, 48, 56, 63, 76, 78, 82, 103, 110, 111, 114, 119, 120, 132, 140, 148, 151, 155, 185, 186, 187, 188], "involv": [35, 78, 111, 153], "involved_ent": 130, "involvedent": 130, "io": [1, 52, 53, 64, 66, 69, 76, 88, 99, 106, 107, 113, 123, 127, 130, 135, 146, 152, 154, 156, 160, 168, 177], "io_merged_recurs": 38, "io_queue_recurs": 38, "io_service_bytes_recurs": 38, "io_service_time_recurs": 38, "io_serviced_recurs": 38, "io_time_recurs": 38, "io_wait_time_recurs": 38, "ioc": [20, 43, 102, 103, 117, 150, 156], "ioc_parser_v2": 61, "ioc_typ": 33, "ioc_valu": 33, "iocpars": 61, "iot": [7, 43, 116, 137], "ip": [1, 7, 8, 9, 10, 13, 14, 15, 18, 20, 21, 23, 24, 25, 27, 33, 35, 37, 39, 41, 43, 48, 49, 52, 54, 55, 56, 57, 59, 60, 62, 65, 66, 67, 72, 74, 76, 79, 80, 81, 83, 84, 88, 89, 91, 92, 98, 100, 102, 104, 105, 106, 108, 109, 110, 113, 116, 117, 119, 121, 123, 124, 127, 128, 129, 130, 131, 134, 135, 137, 142, 144, 146, 149, 150, 153, 155, 161, 163, 165, 167, 169, 173, 174, 185, 186, 187, 188, 192], "ip4": 91, "ip_address": [49, 94, 103, 167, 188], "ip_address__c": 113, "ip_end": 117, "ip_fragmented_onli": 117, "ip_id": 106, "ip_info_unavailable_templ": 167, "ip_inform": 167, "ip_intel": 129, "ip_list": 24, "ip_nam": 89, "ip_rang": 117, "ip_start": 117, "ip_str": 106, "ip_vers": 150, "ipaddr": 43, "ipaddr4": 43, "ipaddr6": 43, "ipaddress": [7, 37, 59, 74, 78, 87, 102, 117, 152, 159, 186], "ipaddressv4": 15, "ipf": 99, "ipgeoinfo": 37, "iphon": 69, "iphostnam": 74, "ipie0g1vgmzhefq3lf": 98, "ipincidenthistori": 37, "ipinfo": 156, "ipinfo_access_token": 62, "ipinfo_query_ip": 62, "iprang": 191, "ipreputationhistori": 37, "ips_pref": 18, "ipsec": 124, "ipset": 124, "ipstat": 187, "ipsubnet": 74, "ipsubnetmask": 74, "ipsum": [82, 144, 188], "ipthreathistori": 37, "ipv": 91, "ipv4": [24, 25, 37, 72, 102, 117, 186, 191], "ipv4address": [19, 25], "ipv4allowlist": 191, "ipv4fqdn": 25, "ipv4network": 25, "ipv4rang": 25, "ipv4x": 74, "ipv6": [25, 72, 74, 117, 187, 191], "ipv6_subnet": 117, "ipv6address": [19, 25], "ipv6allowlist": 191, "ipv6fqdn": 25, "ipv6network": 25, "ipv6percentag": 187, "ipv6rang": 25, "ipvers": 7, "ipvoid": 13, "ipwhoi": 150, "ipxaddress": 74, "ipython": 64, "iq": 43, "iqmtk6ixatsv6lhez7xjcmkoazkxjgafhnczmjv6mcscvqwytgmwrsfgykm0nb45pqsiinqasvunbhv3xbqrf8tmbxzshvom6p0yesiyr6sg": 98, "iran": 137, "iraq": 137, "ireland": [7, 15, 137], "irewal": 55, "irish": 147, "irl": 137, "irn": 137, "ironport": [103, 104], "irq": 137, "is_anonym": 13, "is_author": 106, "is_bulk_appli": 106, "is_china_countri": 13, "is_compromis": 24, "is_credit_card_field": 13, "is_defaced_heurist": 13, "is_delet": [60, 98, 127], "is_directory_list": 13, "is_doc_on_directory_list": 13, "is_domain_blacklist": 13, "is_email_address_on_url_queri": 13, "is_empti": 106, "is_empty_page_cont": 13, "is_empty_page_titl": 13, "is_exe_on_directory_list": 13, "is_extern": [60, 127], "is_external_redirect": 13, "is_free_dynamic_dn": 13, "is_free_host": 13, "is_host_an_ipv4": 13, "is_intern": [102, 186], "is_l3": 43, "is_last_index": 107, "is_ldap": 127, "is_linux_elf_fil": 13, "is_linux_elf_file_on_free_dynamic_dn": 13, "is_linux_elf_file_on_free_host": 13, "is_linux_elf_file_on_ipv4": 13, "is_list": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "is_lock": 98, "is_malicious_lookup": 108, "is_masked_fil": 13, "is_masked_linux_elf_fil": 13, "is_masked_windows_exe_fil": 13, "is_merg": 90, "is_most_abused_tld": 13, "is_ms_office_fil": 13, "is_non_standard_port": 13, "is_not_empti": 106, "is_not_nul": 106, "is_nul": 106, "is_password_field": 13, "is_pdf_on_directory_list": 13, "is_phishing_heurist": 13, "is_php_on_directory_list": 13, "is_possible_emotet": 13, "is_publish": 72, "is_regex": [16, 155], "is_risky_geo_loc": 13, "is_robots_noindex": 13, "is_safe_dns_serv": 168, "is_saml": 127, "is_scenario": [60, 127], "is_search": [102, 186], "is_sinkholed_domain": 13, "is_stage3_pend": [102, 186], "is_support": 24, "is_suspended_pag": 13, "is_suspicious_cont": 13, "is_suspicious_domain": 13, "is_suspicious_file_extens": 13, "is_suspicious_url_pattern": 13, "is_target": 137, "is_templ": 46, "is_termin": 136, "is_torr": 13, "is_tox": 102, "is_uncommon_clickable_url": 13, "is_upd": 146, "is_url_shorten": 13, "is_user_cr": 43, "is_valid_http": 13, "is_virtu": 16, "is_virtual_mfa": 16, "is_vpn_provid": 13, "is_windows_exe_fil": 13, "is_windows_exe_file_on_free_dynamic_dn": 13, "is_windows_exe_file_on_free_host": 13, "is_windows_exe_file_on_ipv4": 13, "is_zip_on_directory_list": 13, "isaadjoin": 78, "isaccessiblefromothersubscript": 152, "isaccessiblefromothervnet": 152, "isaccessiblefromvpn": 152, "isact": [35, 113, 116], "isalldai": 42, "isalnum": 102, "isassignabletorol": 133, "isatap": 117, "isazureadjoin": 79, "isazureadregist": 79, "isblank": 130, "isblockedstatussupersed": 131, "isc_sans_get_enrichment_data_for_an_ip_address": 167, "iscancel": 42, "isclos": [113, 124], "isdecommiss": 116, "isdelet": 113, "isdeliveryreceiptrequest": 42, "isdigit": [72, 167], "isdis": 153, "isdomaincontrol": 108, "isdraft": 42, "isdynam": 19, "isemailbounc": 113, "isen": 19, "isescal": 113, "isexecut": 98, "isextindicatorvis": 113, "isfabr": [57, 185], "isfavorit": 124, "isfavoritebydefault": 133, "isfileless": 116, "isgrac": 117, "ishidden": 131, "ishidingnotallow": 131, "ishighlight": 124, "ishybridazuredomainjoin": 79, "isimport": 124, "isin": 59, "isincid": 124, "isinst": [13, 16, 18, 24, 25, 34, 36, 43, 46, 53, 59, 64, 67, 72, 79, 82, 84, 91, 106, 108, 116, 117, 124, 129, 130, 131, 137, 146, 149, 150, 153, 155, 159, 182], "isitphish": 156, "isitphishing_api_url": 63, "isitphishing_licens": 63, "isitphishing_nam": 63, "isitphishing_url": 63, "isl": 137, "island": 137, "islow": 16, "ismalwar": 185, "ismandatori": 19, "ismanualalert": 124, "ismerg": 124, "ismserv": 108, "isn": [30, 74, 119, 125, 181], "isnpvdicli": 117, "isnul": 130, "iso": [49, 79, 182], "iso_cod": 94, "isoformat": 79, "isolate_host_result": 8, "isolated_bi": 24, "isolation_result": 24, "isolation_statu": 24, "isolationstatu": 108, "isolationstatusfailur": 108, "isonlinemeet": 42, "isorgan": 42, "isoverflowcas": 124, "isp": [7, 13, 15, 88], "ispdf": 91, "ispefil": 78, "ispendinguninstal": 116, "isport": 74, "isprofilephotoact": 113, "ispubl": 7, "isr": 137, "israel": 137, "isread": 42, "isreadreceiptrequest": 42, "isreferenc": 35, "isreminderon": 42, "isretir": [57, 185], "issamesit": 187, "issensit": [57, 185], "isserv": 108, "isspamlist": [57, 185], "issu": [10, 12, 13, 15, 16, 18, 20, 23, 25, 29, 30, 42, 43, 46, 52, 56, 61, 66, 68, 78, 79, 80, 81, 91, 95, 100, 101, 104, 106, 107, 108, 111, 113, 115, 116, 123, 124, 126, 128, 130, 131, 132, 141, 143, 146, 148, 150, 161, 168, 173, 179, 182, 183, 190], "issue_comment_url": 46, "issue_delet": 74, "issue_descript": 74, "issue_due_d": 74, "issue_events_url": 46, "issue_id": 74, "issue_kei": 64, "issue_nam": 74, "issue_st": 74, "issue_url": 64, "issue_url_intern": 64, "issueid": 74, "issuelink": 64, "issuer": [78, 91, 108, 144, 155, 187, 188], "issueraltnam": 91, "issuerestrict": 64, "issues_url": 46, "issuetyp": 64, "issuperviseddevic": 69, "issuppress": 130, "istestcas": 124, "istouch": 124, "isuninstal": 116, "isunusualuserident": 15, "isupp": 16, "isuptod": 116, "isvalidcertif": [78, 116], "isverifi": [57, 185], "isvirtualmachin": 108, "isvpn": 79, "iswatch": 64, "iswhitelist": 7, "ita": 137, "itali": 137, "italian": 147, "itaskschedulerservic": 43, "item": [7, 8, 9, 10, 11, 13, 15, 16, 18, 21, 22, 24, 25, 26, 34, 41, 42, 43, 46, 55, 59, 69, 72, 74, 78, 79, 80, 87, 89, 91, 96, 98, 103, 107, 110, 115, 116, 122, 124, 130, 131, 137, 144, 146, 150, 162, 166, 178, 179, 180, 182, 183, 186, 191, 192], "item_kei": 129, "item_list": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "item_row": 104, "item_valu": [21, 104], "itemid": 42, "items_in_index": 107, "items_list": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "items_per_pag": 24, "iter": [72, 125, 152], "its": [16, 21, 30, 33, 36, 38, 41, 42, 49, 72, 74, 80, 102, 103, 104, 110, 111, 117, 118, 119, 120, 127, 133, 137, 147, 148, 163, 165, 167, 168, 182, 191, 192], "itself": [38, 39, 49, 72, 88, 102, 111, 136, 142, 164, 179, 182], "itsm": [21, 118, 120, 121], "ityp": [10, 162], "iu_close_field": [60, 127], "iv": 185, "ivborw0kggoaaaansuheugaabkaaaaswcamaaacu33alaaaabgdbtueaalgpc": 187, "ivh": 192, "ivoir": 137, "iyopu31uq6ii0rfhvtkai8lfzqsxcvcxw97fn9dhf": 187, "j": [31, 32, 43, 91, 153, 192], "j2g29i5zyjmuifdruudgcjoyxzrulftaiqraowxf3chwgwwbr": 98, "j5ust1tp5bmgwizwh95ou6k": 98, "j7u3x6fy6umfrera1r9et9xrmz": 98, "j8jvpotcfiplpqxd8faclh7httfydwqqcerz2hblvyiizocoauqkqgmvcpbdqa": 117, "j8zpesesicq6ri7plktj9hqzwn9whxcikbkuyrbuf0oe6gvajsyqdknfdghei4lqoctuad2vram6qztudkbzovx6fgq6": 98, "ja": [147, 159], "ja3": 43, "jailbreakstatu": 69, "jam": 137, "jamaica": 137, "jamf": 117, "jan": [13, 107, 137], "jane": 69, "japan": 137, "japanes": [86, 147], "jarm": [144, 188], "jatjs90i7tsbxky7pbcyxlcpfrcm": 32, "java": [15, 30, 33, 36, 43, 64, 69, 77, 78, 87, 98, 106, 131, 138, 192], "java_multiple_fil": 53, "java_outer_classnam": 53, "java_packag": 53, "javascript": [91, 142], "jbig2decod": 91, "jbxapi": 65, "jbxcloud": 65, "jcpzuehsqhb2vdg7x8o5ibivo": 98, "jeff": 89, "jei": 137, "jersei": 137, "jhjkkkaaaaaaaaaaa": 146, "jigsaw": 113, "jigsawcompanyid": 113, "jigsawcontactid": 113, "jigsawimportlimitoverrid": 113, "jimscott": 185, "jinja": [23, 35, 49, 64, 66, 76, 78, 79, 88, 90, 99, 108, 115, 116, 124, 130, 131, 152, 190], "jinja2": [30, 80, 88, 124, 125, 131, 157], "jira": 156, "jira_api_url": 64, "jira_com": 64, "jira_dt_nam": 64, "jira_field": 64, "jira_internal_url": 64, "jira_issue_closed_on_jira": 64, "jira_issue_id": 64, "jira_issue_id_col": 64, "jira_issue_statu": 64, "jira_issue_typ": 64, "jira_label": 64, "jira_label1": 64, "jira_link": 64, "jira_linked_to_incid": 64, "jira_prior": 64, "jira_privatekei": 64, "jira_project_id": 64, "jira_project_kei": 64, "jira_serv": 64, "jira_task_refer": 64, "jira_transition_id": 64, "jira_transition_issu": 64, "jira_url": 64, "jirashel": 64, "jjs1l85hkp7qdrn": 117, "jldquz": 111, "jmr": 91, "jndi": 43, "job": [10, 12, 89, 96, 109, 117], "job_nam": 19, "job_output": 19, "job_paramet": 146, "job_result": 19, "jobcount": 19, "jobid": [19, 89], "jobtitl": 117, "joe": [53, 113, 156], "joesandbox": 65, "joesecur": 65, "john": [41, 80, 108, 109, 113], "john_do": 109, "johndo": [24, 41], "johnp": 15, "johnpren": 157, "johnsmacbook": 33, "join": [7, 10, 11, 13, 16, 17, 18, 24, 25, 35, 36, 38, 41, 43, 46, 49, 53, 59, 60, 64, 67, 78, 79, 80, 81, 82, 85, 91, 92, 97, 98, 102, 106, 107, 108, 116, 117, 119, 124, 127, 130, 131, 133, 137, 146, 149, 150, 151, 152, 155, 159, 179, 182, 186, 187, 192], "joinbeforehostminut": 148, "joiner": [113, 131], "jonathan": 96, "jor": [96, 137], "jordan": 137, "jorik": 153, "jose": 146, "joseph": 96, "journal": [96, 130], "jp": 24, "jpeg": 127, "jpg": 96, "jpn": [86, 137], "jqueri": 106, "jra": 64, "jrd": 19, "jsb_accept_tac": 65, "jsb_analysis_report_ping_delai": 65, "jsb_analysis_report_request_timeout": 65, "jsb_api_kei": 65, "jsb_api_url": 65, "jsb_email_notif": 65, "jsb_report_typ": 65, "jsb_secondary_result": 65, "jsb_system": 65, "jsb_verifi": 65, "jsdpublic": 64, "json": [1, 7, 8, 11, 15, 17, 19, 20, 21, 22, 24, 27, 32, 34, 35, 36, 39, 41, 42, 43, 45, 47, 49, 51, 53, 59, 60, 64, 65, 66, 67, 72, 74, 76, 80, 81, 82, 85, 86, 87, 88, 89, 90, 92, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 112, 113, 117, 119, 122, 124, 125, 126, 127, 129, 133, 134, 136, 137, 139, 142, 144, 145, 148, 150, 151, 152, 153, 154, 155, 160, 178, 184, 185, 186, 187, 188, 192], "json2html": [30, 58], "json_entri": [36, 53, 59, 64], "json_entry_str": [36, 53, 59, 64], "json_err": [13, 18, 25, 79, 91, 116, 130, 146], "json_intel": 167, "json_not": [13, 25, 79, 107, 116, 130, 131, 146], "json_omit_list": [13, 18, 25, 46, 79, 91, 116, 130, 131, 142, 146, 189], "json_str": 59, "jsonarraycontain": 130, "jsp": 43, "jspdklrg7uwi": 107, "jujcnog3wleal5dr4avbfoovfwvbb7law9xa3trkgcodzmpd4fndah3gu5m": 98, "jul": [114, 117, 130], "juli": [57, 104, 185], "jun": 117, "june": [27, 41, 57, 99, 104, 185], "junior": 96, "junip": [144, 188], "jurisdiction_nam": [60, 127], "jurisdiction_reg_id": [60, 127], "just": [4, 11, 21, 35, 53, 66, 81, 91, 97, 106, 107, 108, 109, 110, 111, 113, 121, 126, 127, 146, 148, 182, 185, 192], "jvup": 98, "jwt": 168, "jwt_algorithm": [111, 168], "jwt_header": [111, 168], "jwt_kei": [111, 168], "jwt_payload": [111, 168], "jwt_token": [111, 168], "k": [16, 43, 55, 67, 70, 74, 78, 80, 84, 85, 89, 96, 98, 137, 144], "k7": 122, "k76exjwrxcwur0dnwbesgktwel8tgcfl1koacu6dln2pve1bozz8gp1cysn0cpsq": 111, "k7antiviru": [144, 188], "k7gw": 122, "k9": 159, "ka": 147, "ka_des7recjbej": 32, "kafka": [156, 179, 181], "kafka_broker_label": 66, "kafka_fe": [180, 181, 183, 184], "kafka_kei": 66, "kafka_messag": 66, "kafka_send_result": 66, "kafka_top": 66, "kafkafe": 156, "kafkaproduc": 66, "kak": 153, "kakfa": 98, "kal": 96, "kali": [43, 103], "kali_ssh_server_kei": 43, "kansa": 96, "kara": 96, "karthik": 153, "kaseya": 43, "kaseya_ml": 43, "kaseya_ml_ip": 43, "kaseya_vsa": 43, "kasperski": [144, 188], "kaz": 137, "kazakh": 147, "kazakhstan": 137, "kb": [54, 182], "kcebe": 98, "kcmi": 122, "kdbgscan": 85, "keel": 137, "keep": [64, 67, 80, 86, 103, 104, 111, 191], "keeper": 108, "kega": 122, "kei": [2, 4, 9, 29, 33, 36, 38, 45, 52, 53, 57, 68, 69, 71, 95, 100, 101, 114, 115, 119, 120, 123, 127, 128, 136, 139, 141, 142, 145, 156, 167, 168, 169, 174, 176, 178, 180, 182, 183, 184, 186, 187, 189], "kek2z8ov3uqsbaeqbkdkznsp75n7h": 85, "ken": 137, "kent": 96, "kenya": 137, "kept": 111, "kerbero": [43, 117, 181], "kerberos_attack_tool_act": 43, "kerberos_auth_error": 43, "kerberos_auth_issu": 43, "kerberos_brute_forc": 43, "kerberos_duplicate_sessions_error": 43, "kerberos_expired_password_error": 43, "kerberos_golden_ticket_attack": 43, "kerberos_invalid_ticket_error": 43, "kerberos_policy_error": 43, "kerberos_revoked_credentials_error": 43, "kerberos_service_unknown_error": 43, "kerberos_silver_ticket_attack": 43, "kerberos_sync_error": 43, "kerberos_ticket_error": 43, "kerberos_unknown_service_error": 43, "kerberos_user_enumer": 43, "kerberos_wrong_password_error": 43, "kernel": [35, 54, 70, 108, 116, 117, 130], "key1": 168, "key_count": 16, "key_data": [9, 34], "key_id": 46, "key_incid": 98, "key_label": 104, "key_last_us": 16, "key_nam": 146, "key_name_typ": 104, "key_siz": [144, 188], "key_usag": [144, 188], "key_valu": 146, "keyencipher": [144, 188], "keyexchang": 187, "keyexchangegroup": 187, "keygen": 89, "keyid": [16, 144, 188], "keylog_txt": 43, "keynam": 19, "keys_url": 46, "keysourc": 19, "keytab": 181, "keyval": [137, 149], "keyword": [13, 87, 155], "kf92rn9he7sth7wvpgwmcbw2klij0hcao": 98, "kgeib4daunlwb1klfb0htwntq22kitwncti4frykpwjohsci6pv": 98, "kgz": 137, "khm": 137, "khmer": 147, "khtml": [94, 187], "kick": 114, "kid": 109, "kill": 4, "kill_process_result": 146, "kind": [25, 49, 79, 80, 150, 191], "kingdom": [7, 137], "kingston": [120, 121], "kinyn9vz97cvz1bbu24qvrw8nvnn054o": 98, "kir": 137, "kirghiz": 147, "kiribati": 137, "kitt": 137, "kk": 147, "kke2djeo_8xo1hokfp_ryi": 157, "km": [15, 147, 187], "kms_master_key_arn": 15, "kmsguid": 21, "kna": 137, "know": [69, 82, 102, 168, 186, 189, 191], "knowledg": [17, 22, 28, 30, 31, 39, 47, 53, 55, 56, 58, 60, 63, 69, 72, 75, 76, 77, 78, 82, 84, 88, 93, 94, 96, 98, 140, 145, 147, 151], "knowledge_graph": 72, "knowledgebas": 54, "knowledgecent": [56, 69], "known": [8, 11, 15, 16, 18, 19, 24, 25, 30, 42, 43, 57, 64, 66, 67, 72, 76, 77, 79, 80, 81, 82, 89, 91, 102, 103, 107, 108, 110, 111, 113, 117, 124, 130, 131, 134, 146, 150, 152, 155, 157, 185, 186], "known_malwar": 146, "knownrisk": 117, "ko": 147, "kolkata": 41, "kong": 137, "kor": [86, 137], "korea": [15, 137], "korean": [86, 147], "kosovo": 137, "krassi": 72, "kryptik": 153, "ks_ekiebtwr1htd9od_f": 39, "ktbyer": 84, "ktmk": 188, "ktptnvhduvq1kq": 98, "ku": 147, "kube": 152, "kubernet": [4, 49], "kubernetesinfo": 116, "kurdish": 147, "kuwait": 137, "kvvp3r": 98, "kw": 43, "kwarg": [114, 192], "kwt": 137, "ky": 147, "kyrgyzstan": 137, "l": [9, 10, 11, 12, 13, 16, 29, 34, 42, 45, 52, 55, 56, 61, 64, 68, 84, 88, 95, 100, 101, 112, 115, 121, 123, 128, 132, 133, 134, 138, 141, 142, 143, 144, 145, 159, 161, 178, 180, 181, 182, 184], "l1": [137, 191], "l6gqp4nogkfejsgwbem4iodb5qwthssucklvmmps4kcwfzyav4gd2nucilznb1qtgmbleslsa5g9cflwsvu1e5iandbdqzwpjsgpgl7jluhcxydfm3ljb8o7e0yindh0qechotm87pornqzuzobq1lwnifo8w55or36ihbu8ariv9y4veufsnbz1ukbxpkmnswairk1nm7dk2wf8pkco1fksy0r27ovxtnkar6d3fasvhymy6mgk2gcpspigbsvo0ygoax5dkjbygkwncinibiqe8fkrwofjhnfmxbmavic10bc0f0nkqjukcmekhqseeshknaaojechd8hc8qcls7nv7ffb7dioxqbimacawecd": 98, "l6gszntreuuessazkip6jeu9qrj97wpbgif4iatluo4muorivplaki0sr7hmu5ui0umuw": 98, "l9da": 153, "l9irh71z4st_vsml4ko3rsaw4fekktpetfvhf6dfxdbupxqb": 157, "la": 182, "lab": [10, 52, 61, 95, 101, 115, 123, 128, 132, 161], "label": [13, 15, 18, 19, 21, 25, 35, 36, 39, 43, 46, 49, 55, 56, 78, 79, 80, 81, 82, 85, 88, 91, 99, 102, 106, 107, 108, 109, 113, 114, 116, 119, 124, 125, 130, 131, 137, 146, 148, 152, 168, 180, 181, 183, 184, 186, 189], "label1": 80, "label_list": 80, "labela": 88, "labelb": 88, "labelnam": 80, "labels_url": 46, "labeltyp": 80, "lambda": [69, 74, 98, 191], "lambda_function_nam": 17, "lambda_payload": 17, "lambda_result": 17, "lamer": 122, "landscap": 58, "lane": 96, "lang": [15, 30, 86, 91], "langaug": 86, "languag": [18, 35, 46, 71, 86, 96, 106, 113, 187, 190], "languagelocalekei": 113, "languages__c": 113, "languages_url": 46, "lanka": 137, "lao": [137, 147], "laptop": [88, 107, 113, 137, 192], "larg": [11, 18, 20, 42, 47, 74, 98, 113, 130], "last": [7, 15, 16, 18, 21, 24, 30, 33, 34, 35, 43, 46, 49, 59, 64, 68, 69, 74, 78, 80, 92, 96, 98, 104, 106, 108, 110, 117, 119, 120, 121, 131, 144, 150, 153, 159, 187, 188, 192], "last_access": 107, "last_activity_bi": 98, "last_activity_tim": 98, "last_analys": 154, "last_analysis_d": [144, 188], "last_analysis_date_str": 144, "last_analysis_result": [144, 188], "last_analysis_stat": [144, 188], "last_attempt": 183, "last_contact_tim": 146, "last_device_policy_changed_tim": 146, "last_device_policy_requested_tim": 146, "last_dns_record": 144, "last_dns_records_d": 144, "last_event_timestamp": 146, "last_external_ip_address": 146, "last_http_response_content_sha256": 144, "last_https_certif": [144, 188], "last_https_certificate_d": [144, 188], "last_incident_timestamp": 90, "last_internal_ip_address": 146, "last_loc": 146, "last_modifi": 103, "last_modification_d": [144, 188], "last_modified_bi": [60, 108, 109, 127], "last_modified_princip": 98, "last_modified_tim": [60, 98, 108, 109, 127], "last_nam": [21, 60, 110, 127, 146], "last_packet_tim": 103, "last_persisted_tim": 104, "last_policy_updated_tim": 146, "last_reported_tim": 146, "last_reset_tim": 146, "last_seen": [24, 33, 72, 81, 96, 104, 106, 122, 154], "last_seen_tim": 43, "last_shutdown_tim": 146, "last_status_change_at": 90, "last_status_change_bi": 90, "last_sync": 183, "last_tim": 166, "last_upd": [64, 72, 102, 149, 186], "last_update_d": 144, "last_update_tim": 146, "last_update_timestamp": 146, "last_updated_tim": 104, "last_us": 103, "last_used_us": 18, "last_used_users_departments_associ": 18, "last_used_users_mail_associ": 18, "last_user_seen": 103, "lastact": 78, "lastactived": 116, "lastactivityd": 113, "lastagenthandl": 74, "lastbootedat": 54, "lastchangedat": 108, "lastclock": 54, "lastcommsecur": 74, "lastconnectedipaddr": 117, "lastcurequestd": 113, "lastcuupdated": 113, "lastdeploymenttim": 117, "lastdetectedat": 152, "lastdownloadtim": 117, "lastediteddatetim": 133, "lasteventdatetim": 79, "lasteventtim": 78, "lastexternalipaddress": 78, "lastheuristicthreattim": 117, "lastipaddress": 78, "lastiptomgmt": 116, "lastloggedinusernam": 116, "lastlogind": 113, "lastlogoff": 67, "lastlogon": 67, "lastlogontimestamp": 67, "lastmdmregisteredinepochm": 69, "lastmodifi": [108, 117], "lastmodifiedat": 19, "lastmodifiedbi": 19, "lastmodifiedbyid": 113, "lastmodifiedd": 113, "lastmodifieddatetim": [42, 79, 133], "lastmodifiedtim": [19, 117], "lastmodifiedtimeutc": 80, "lastnam": [41, 113], "lastpag": 117, "lastpasswordchanged": 113, "lastrank": 167, "lastreferencedd": 113, "lastregisteredinepochm": 69, "lastreport": 69, "lastreportedat": 7, "lastreportedinepochm": 69, "lastscantim": 117, "lastseen": [35, 78, 92, 130, 167], "lastseen_t": 78, "lastseenat": [54, 108], "lastserverid": 117, "lastservernam": 117, "lastsiteid": 117, "lastsitenam": 117, "lastsoftwaredatarefreshd": 69, "laststatusmodifiedtim": 19, "lastupd": [8, 74, 117, 130], "lastupdatedatetimeutc": 78, "lastupdatedbi": [78, 130], "lastupdatedtim": [78, 103], "lastupdatetim": [78, 117], "lastupdatetime_t": 78, "lastusedd": 16, "lastuserdistinguishednam": 116, "lastusermemberof": 116, "lastview": 64, "lastviewedd": 113, "lastvirustim": 117, "lastwipd": 21, "lat": [15, 60, 127], "latenc": [43, 187], "later": [23, 27, 28, 35, 43, 44, 70, 71, 78, 79, 102, 107, 113, 120, 121, 129, 133, 134, 138, 145, 146, 168, 178, 181, 182, 183, 185, 189, 190, 191], "latest": [4, 8, 15, 27, 33, 34, 64, 77, 81, 103, 111, 118, 135, 153, 156], "latest_act": 33, "latest_action_text": 33, "latest_alert_tim": 107, "latest_event_tim": 107, "latest_tag": 1, "latin": 108, "latitud": [13, 37, 62, 69, 113], "latlng": [45, 60, 127], "latter": 77, "latvia": 137, "latvian": 147, "launch": [43, 78, 91, 103, 117, 157, 192], "law": 150, "layer": [76, 111], "layermetadata": 152, "layout": [16, 33, 37, 38, 56, 67, 88, 90, 125, 192], "lbn": 137, "lbr": 137, "lby": 137, "lca": 137, "ld2_1_count": 27, "ld2_2_count": 27, "ld2_count": 27, "ld3_count": 27, "ld_library_path": 182, "ldap": [43, 117, 156, 162, 164], "ldap3": [30, 67, 160], "ldap_all_workstation_enum": 43, "ldap_as_rep_act": 43, "ldap_attribute_nam": 67, "ldap_attribute_name_valu": 67, "ldap_attribute_update_valu": 67, "ldap_attribute_valu": 67, "ldap_auth": [67, 192], "ldap_auth_error": 43, "ldap_auth_issu": 43, "ldap_base_dn": 67, "ldap_client_any_attribute_enum": 43, "ldap_computer_enum": 43, "ldap_connect_timeout": [67, 192], "ldap_dn": 67, "ldap_domain_nam": 67, "ldap_gpo_enumer": 43, "ldap_group": 67, "ldap_invalid_credentials_error": 43, "ldap_is_active_directori": [67, 192], "ldap_multiple_group_dn": 67, "ldap_multiple_user_dn": 67, "ldap_new_auto_password_len": 67, "ldap_new_auto_password_length": 67, "ldap_new_password": 67, "ldap_object_enum": 43, "ldap_operational_error": 43, "ldap_param": [67, 160, 192], "ldap_password": [67, 192], "ldap_port": [67, 192], "ldap_protocol_error": 43, "ldap_query_result": 67, "ldap_return_new_password": 67, "ldap_search_attribut": [67, 160], "ldap_search_bas": [67, 160, 192], "ldap_search_filt": [67, 160, 192], "ldap_search_param": [67, 192], "ldap_serv": [67, 192], "ldap_spn_scan": 43, "ldap_toggle_access": 67, "ldap_update_attribute_nam": 67, "ldap_us": 109, "ldap_use_ssl": [67, 192], "ldap_user_dn": [67, 192], "ldap_user_info": 67, "ldap_user_new_password": 67, "ldap_user_ntlm": 67, "ldap_utilities_search": 67, "ldapwhoami": 192, "lead": [42, 86, 96, 106], "leadsourc": 113, "learn": [49, 56, 71, 80, 98, 115, 133, 137, 147], "least": [16, 74, 78, 103, 114, 117, 120, 121, 127, 133, 184], "leav": [41, 42, 55, 56, 64, 77, 78, 80, 87, 121, 125, 133, 148, 155, 180, 184], "lebanon": 137, "lee": 90, "left": [4, 18, 35, 39, 41, 42, 56, 60, 68, 85, 91, 102, 111, 115, 120, 121, 124, 127, 130, 133, 137, 138, 157, 183, 192], "leg": 64, "legaci": [15, 33, 41, 49, 88, 146, 150, 159], "legacy_authorization_en": 49, "legacy_id": 43, "legal": [18, 150], "legitim": [130, 137], "len": [11, 13, 15, 16, 18, 24, 25, 35, 41, 43, 46, 49, 57, 59, 74, 79, 82, 85, 89, 91, 92, 98, 99, 102, 104, 106, 107, 108, 113, 116, 117, 127, 130, 131, 133, 137, 146, 152, 155, 185, 186, 191], "length": [13, 16, 43, 44, 67, 102, 111, 120, 153, 182, 187], "lens_id": 106, "lens_view": 106, "leon": 137, "leptonica": 86, "lesotho": 137, "less": [27, 30, 88, 106, 111, 113, 125], "less_or_equ": 106, "less_or_equal_utc_seconds_ago": 106, "less_utc_seconds_ago": 106, "lest": 137, "let": [111, 119, 127], "letter": [25, 42, 125], "level": [4, 11, 13, 18, 25, 35, 38, 43, 46, 49, 59, 68, 72, 76, 77, 78, 79, 80, 86, 88, 91, 96, 98, 103, 108, 114, 116, 130, 131, 134, 146, 148, 157, 183, 189], "level__c": 113, "leverag": [4, 48], "lfew8logqn5onueuw2v6p5d9w2rlgygsedaicsw": 85, "lfhmuv5zxazfdyk5u1w7ak5xzzdlebdi2mt3nrmy83o6fi0kpv3icp3": 98, "lgravdrmcyzsgotmhfsrzqdx5bjp3nhmxeuoguzrpn1qt6bsfw0blzewfysgdb42gccmrotfqddr": 98, "li": [13, 18, 25, 46, 79, 91, 102, 116, 130, 131, 146, 186], "lib": [22, 30, 34, 36, 39, 46, 52, 56, 57, 60, 79, 84, 89, 90, 106, 107, 110, 113, 130, 142, 146, 155, 157, 161, 182], "lib64": 182, "liberia": 137, "libjpeg": 86, "libmaodbc": 182, "libpng": 86, "librari": [4, 6, 11, 38, 39, 61, 81, 86, 134, 138, 150, 159, 162, 177, 179, 181, 182, 192], "librdkafka": 181, "libsqora": 182, "libtdsodbc": 182, "libtiff": 86, "libya": 137, "licens": [11, 46, 63, 117, 168], "licenseexpiri": 117, "licenseid": 117, "licensekei": 116, "licensestatu": 117, "licpecf1dbo6na7ashtornr3b7ns4wp9fjivffaxhxc": 98, "lie": 137, "liechtenstein": 137, "life_contain": 33, "lifecyclest": 49, "lift": 33, "lift_contain": 33, "light": 192, "lightn": 113, "lightsteelblu": 41, "like": [8, 9, 12, 15, 19, 20, 21, 24, 41, 42, 43, 47, 53, 55, 59, 64, 67, 69, 72, 74, 76, 77, 78, 80, 82, 85, 86, 87, 88, 91, 94, 96, 97, 99, 102, 103, 104, 107, 108, 109, 110, 111, 113, 114, 115, 124, 125, 129, 130, 133, 136, 142, 146, 152, 155, 166, 168, 179, 183, 187, 192], "likelihood": 47, "lima": 90, "limit": [15, 19, 24, 25, 33, 34, 36, 38, 41, 43, 46, 47, 59, 69, 78, 80, 85, 86, 88, 90, 98, 103, 104, 106, 107, 111, 114, 116, 117, 119, 124, 130, 133, 146, 150, 155, 162, 168, 180, 181, 182, 184], "line": [1, 4, 13, 16, 18, 25, 30, 31, 38, 46, 53, 68, 70, 71, 78, 79, 84, 86, 89, 91, 108, 116, 130, 131, 137, 142, 144, 146, 148, 151, 157, 165, 182, 184, 189, 191, 192], "linenumb": 187, "link": [13, 18, 21, 24, 25, 31, 35, 37, 38, 41, 42, 43, 46, 48, 49, 50, 51, 64, 78, 79, 80, 82, 85, 90, 91, 92, 93, 94, 97, 98, 102, 103, 106, 107, 108, 109, 111, 113, 116, 118, 124, 125, 127, 130, 131, 144, 146, 148, 150, 152, 153, 168, 173, 182, 186, 187, 188, 189, 190, 191, 192], "link_back": 144, "link_bas": 35, "link_formatt": 49, "link_to_solut": 49, "link_url": [34, 51], "link_url_device_id": 137, "link_url_puid": 137, "linkabl": 159, "linkback": 43, "linkback_url": 43, "linkdomain": 187, "linkedin": 96, "linkid": 80, "linkified_descript": 49, "linkified_recommend": 49, "linkurl": 51, "linux": [4, 10, 12, 29, 33, 35, 43, 45, 52, 54, 55, 59, 61, 68, 74, 84, 94, 95, 101, 106, 115, 116, 117, 123, 128, 130, 132, 141, 143, 145, 152, 161, 192], "lionic": [144, 188], "list": [1, 3, 4, 7, 8, 11, 12, 13, 15, 17, 18, 20, 21, 22, 25, 26, 27, 28, 30, 31, 32, 33, 36, 37, 38, 39, 41, 42, 43, 44, 47, 51, 53, 55, 58, 60, 63, 64, 65, 66, 67, 69, 72, 75, 77, 79, 80, 82, 83, 84, 85, 86, 87, 88, 89, 91, 92, 93, 94, 96, 97, 98, 99, 100, 102, 103, 104, 106, 109, 110, 111, 113, 115, 116, 118, 119, 121, 122, 125, 129, 130, 131, 134, 136, 137, 138, 143, 144, 146, 147, 148, 149, 150, 152, 153, 154, 156, 157, 159, 160, 162, 163, 168, 170, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "list_artifact": [60, 127], "list_as_str": 64, "list_attachments_result": 107, "list_builder_str": 59, "list_descript": 117, "list_find": 49, "list_id": 117, "list_incid": 90, "list_mfa_devices_result": 16, "list_mileston": [60, 127], "list_nam": [24, 117, 124], "list_of_fields_for_features_separated_by_comma": 70, "list_of_not": 78, "list_of_tag": 74, "list_signing_certs_result": 16, "list_srv_specific_creds_result": 16, "list_ssh_keys_result": 16, "list_str": 59, "list_time_valu": 136, "list_to_json_str": 64, "list_url": 155, "list_us": 16, "list_valu": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 149, 150], "listbucket": 15, "listdetector": 15, "listen": [30, 53, 76, 157, 173, 178, 180, 181, 182, 183, 184], "listener_brok": 66, "listfind": 15, "listhostedzon": 15, "listmatch": 130, "listmemb": 15, "listresourcerecordset": 15, "lit": 33, "lite": 168, "lithuania": 137, "lithuanian": 147, "littl": 183, "live": [18, 31, 70, 103, 111, 116, 131, 146, 183], "live_response_dis": 146, "live_response_not_kil": 146, "live_response_not_run": 146, "liverespons": 146, "liveupd": 117, "lka": 137, "ll": [11, 15, 36, 42, 66, 67, 74, 78, 81, 88, 89, 90, 91, 97, 103, 104, 108, 114, 117, 118, 119, 125, 129, 133, 153, 156, 187], "llc": [13, 62, 102, 188], "llmnr": [43, 117], "llmnr_poison": 43, "lm": 187, "lm_account_id": 39, "lname": [60, 127], "lng": [60, 127], "lnnvzrib82vyovftvu14kafietu9f9nvmknly86n593zyvnddijpxh6domgpir14fyudng7azmsjvchqg9t5etp7nhslyrcpaktq7swadvraa63yk33o": 98, "lo": [144, 147], "load": [25, 30, 105, 107, 112, 116, 125, 126, 135, 137, 138, 159, 162, 183, 185, 192], "loaderid": 187, "loc": 62, "locaip": 98, "local": [1, 3, 4, 8, 10, 11, 13, 15, 18, 19, 20, 21, 22, 23, 24, 25, 30, 31, 33, 35, 36, 38, 42, 43, 55, 58, 59, 60, 63, 64, 65, 66, 67, 74, 76, 77, 78, 80, 81, 84, 86, 87, 89, 98, 103, 104, 106, 107, 108, 113, 114, 117, 124, 129, 131, 133, 137, 138, 146, 153, 157, 178, 179, 182, 186], "local_admin_enumer": 43, "local_appx": 192, "local_destination_address_id": 104, "local_destination_count": 104, "local_ip": [15, 24, 33], "local_pip": 192, "local_port": [15, 24], "localaddr": 108, "localcomput": 117, "localdestinationcount": 103, "localdnsnam": 79, "localdomain": [33, 54, 182], "localesidkei": 113, "localhost": [1, 10, 11, 28, 33, 39, 49, 53, 54, 64, 88, 89, 91, 98, 104, 109, 124, 129, 133, 148, 154, 157, 160, 172, 179, 180, 181, 182, 183, 192], "localid": 108, "locat": [10, 12, 13, 16, 19, 21, 29, 38, 39, 41, 42, 43, 52, 60, 61, 62, 68, 76, 77, 79, 80, 88, 89, 95, 97, 100, 101, 103, 106, 111, 115, 116, 117, 121, 123, 125, 127, 128, 132, 133, 137, 141, 143, 146, 153, 155, 157, 161, 162, 165, 172, 178, 180, 185, 191, 192], "locatedtim": 69, "location_account": 19, "locationen": 116, "locationid": 117, "locationpath": 152, "locationtyp": [42, 116], "lock": [35, 60, 81, 117, 127, 159], "lockbit": 35, "lockdown": 117, "lockedmessag": 159, "lockedopt": 117, "lockedspecialnot": 159, "lockouttim": 67, "loco_moco_search": 39, "loco_moco_search_request_id": 39, "log": [4, 28, 30, 38, 39, 42, 43, 49, 56, 70, 78, 88, 90, 91, 103, 104, 106, 107, 112, 117, 121, 127, 129, 137, 140, 151, 155, 157, 166, 179, 183, 186, 187, 189, 190, 191, 192], "log4j": 106, "log4shel": 43, "log_act": 117, "log_entri": 90, "log_level": 59, "log_nam": 59, "log_sourc": [103, 104], "log_source_nam": 103, "log_tim": 59, "logactivitytrac": 19, "loganalyt": 80, "logdir": [10, 12, 16, 29, 52, 61, 68, 95, 101, 115, 123, 128, 132, 141, 143, 161, 192], "logfil": 192, "logforward": 79, "loggedonus": 78, "logic": [13, 18, 25, 35, 39, 46, 49, 66, 79, 88, 91, 97, 116, 131, 146, 156, 179, 182, 183, 190, 191], "logic_typ": 98, "logicalcpu": 117, "login": [1, 8, 19, 21, 35, 42, 43, 46, 59, 69, 79, 80, 88, 103, 104, 107, 113, 121, 129, 130, 133, 157, 182, 192], "login_count": 166, "login_user_nam": 146, "logindomain": 117, "loginprofileexist": 16, "logist": 70, "loglevel": [9, 28, 34, 78, 82, 100, 110, 140, 151, 155, 183, 192], "loglin": 107, "logo": 4, "logon": [130, 168], "logoncount": 67, "logondatetim": 79, "logonid": [79, 108], "logonip": 79, "logonloc": 79, "logontyp": 79, "logonui": 108, "logonusernam": 117, "logopath": 185, "logotyp": 57, "logout": 192, "logprogress": 19, "logsourceid": [103, 104], "logsourcenam": [103, 104], "logsourcename_logsourceid": 104, "logverbos": 19, "lon": 15, "long": [13, 15, 16, 18, 19, 25, 35, 42, 46, 47, 79, 91, 101, 106, 107, 108, 111, 113, 116, 119, 130, 142, 146, 152, 190], "longer": [25, 85, 86, 109, 119, 144, 157, 158, 190, 191], "longitud": [13, 37, 62, 69, 113], "look": [2, 18, 35, 43, 49, 64, 78, 80, 86, 96, 97, 100, 103, 104, 106, 107, 108, 109, 113, 114, 116, 119, 121, 124, 128, 131, 137, 141, 155, 183, 191, 192], "lookback": [90, 130, 146, 152], "lookbackperiod": 78, "lookup": [9, 13, 43, 51, 78, 81, 83, 123, 124, 125, 126, 133, 141, 144, 145, 156, 159, 168, 170, 183, 188, 192], "lookup_map": 129, "lookup_statu": [78, 124], "lookuperror": 71, "loop": [33, 35, 37, 49, 54, 64, 78, 80, 120, 131, 137, 192], "loopback": 179, "lorem": [82, 147], "los_angel": 113, "lose": [136, 182], "loss": 88, "lost": [74, 88, 113, 183], "lot": [47, 127, 142], "love": [96, 179], "low": [10, 15, 35, 37, 43, 49, 60, 64, 66, 72, 74, 78, 79, 80, 81, 85, 88, 90, 102, 104, 106, 107, 108, 119, 120, 124, 127, 130, 131, 133, 137, 138, 146, 152, 186, 187, 190], "lowcputhreshold": 19, "lower": [16, 18, 74, 78, 85, 106, 107, 113, 130, 133, 137, 144, 146, 155, 180], "lowercas": [16, 125, 137], "lowest": [64, 90], "lsass": 108, "lsgnekmopmabjgukgqadpw3astob6vfadeqvoh6pkteitzsyuhysxljo1eo20se4jxskyw3ii": 98, "lso": [100, 137], "lt": [99, 147], "ltc": 192, "ltd": [7, 54, 78], "ltr": 41, "ltu": 137, "lu": [34, 117, 153], "lua": [144, 188], "luak": 16, "lucia": 137, "luckili": 86, "lucont": 117, "lumu": [144, 188], "luthor": 96, "lux": 137, "luxembourg": 137, "lv": 147, "lva": 137, "lvm2": 192, "lxml": 91, "lz": 187, "m": [20, 36, 41, 42, 43, 76, 78, 79, 80, 84, 85, 90, 91, 96, 104, 106, 113, 114, 117, 122, 130, 136, 137, 142, 143, 144, 147, 148, 152, 162, 168, 181, 182, 192], "m3": [15, 94], "m365x594651": 79, "m4a809400de110cbedaa89ff5e55b3d73": 148, "m84f604b5194e7f10e384fe4043aafd": 31, "m8zozer6": 98, "ma": [50, 96, 187], "ma42": 150, "maarten": 137, "maas360": 156, "maas360_action_typ": 69, "maas360_app_access_kei": 69, "maas360_app_app_id": 69, "maas360_app_app_nam": 69, "maas360_app_app_vers": 69, "maas360_app_device_id": 69, "maas360_app_id": 69, "maas360_app_lastsoftwaredatarefreshd": 69, "maas360_app_timestamp": 69, "maas360_app_typ": 69, "maas360_app_vers": 69, "maas360_basic_search_match": 69, "maas360_basic_search_page_s": 69, "maas360_basic_search_sort_attribut": 69, "maas360_basic_search_sort_ord": 69, "maas360_billing_id": 69, "maas360_device_dt": 69, "maas360_device_group_id": 69, "maas360_device_id": 69, "maas360_deviceid": 69, "maas360_devicenam": 69, "maas360_devicestatu": 69, "maas360_devicetyp": 69, "maas360_email": 69, "maas360_host_url": 69, "maas360_imei_meid": 69, "maas360_installed_software_datat": 69, "maas360_lastreport": 69, "maas360_partial_device_nam": 69, "maas360_partial_phone_no": 69, "maas360_partial_usernam": 69, "maas360_password": 69, "maas360_platform_id": 69, "maas360_platform_nam": 69, "maas360_platformnam": 69, "maas360_request_timeout": 69, "maas360_rule_app_typ": 69, "maas360_rule_device_id": 69, "maas360_rule_device_nam": 69, "maas360_rule_email": 69, "maas360_rule_imei_meid": 69, "maas360_rule_phone_no": 69, "maas360_rule_platform_nam": 69, "maas360_rule_usernam": 69, "maas360_target_devic": 69, "maas360_timestamp": 69, "maas360_usernam": 69, "maas360_wipe_device_notify_m": 69, "maas360_wipe_device_notify_oth": 69, "maas360_wipe_device_notify_us": 69, "maas360deviceid": 69, "maas360forio": 69, "maas360managedstatu": 69, "mac": [3, 10, 18, 24, 33, 35, 43, 69, 74, 81, 103, 108, 111, 117, 129, 130, 137, 173], "mac274": 150, "mac_address": [33, 146], "macaddr": 43, "macaddress": [35, 78, 117, 130], "macao": 137, "macbook": [3, 10, 15, 22, 25, 31, 42, 60, 63, 76, 77, 78, 84, 96, 98, 106, 113, 138, 186], "macbookpro": 15, "macedonia": 137, "machin": [3, 4, 17, 20, 38, 54, 64, 65, 71, 79, 80, 85, 86, 98, 104, 107, 115, 131, 135, 137, 147, 173, 192], "machine_com": 78, "machine_exposure_level": 78, "machine_file_hash": 78, "machine_firstseen": 78, "machine_health_statu": 78, "machine_id": 78, "machine_ip": 78, "machine_last_act": 78, "machine_lastseen": 78, "machine_learn": 70, "machine_learning_predict": 70, "machine_link": 78, "machine_list": 78, "machine_nam": 78, "machine_platform": 78, "machine_risk_scor": 78, "machine_tag": 78, "machineact": 78, "machineid": [78, 108], "machinetag": 78, "machinetyp": 116, "maco": [15, 38], "macosx": 117, "macro": 88, "madagascar": 137, "made": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 59, 61, 64, 65, 66, 67, 68, 72, 74, 77, 78, 79, 80, 81, 84, 85, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 110, 111, 113, 114, 115, 116, 117, 118, 119, 122, 123, 124, 125, 128, 129, 130, 131, 132, 133, 136, 137, 141, 143, 144, 146, 147, 148, 150, 152, 153, 154, 155, 161, 162, 168, 182, 183, 189, 190, 191], "madrid": 118, "maf": 137, "magic": 122, "magnifi": [113, 192], "magnitud": [103, 104], "mai": [1, 4, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 24, 25, 27, 28, 29, 32, 33, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 64, 65, 66, 67, 68, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 95, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 135, 136, 137, 138, 141, 143, 144, 146, 147, 148, 150, 152, 153, 154, 155, 159, 161, 167, 168, 179, 180, 182, 183, 184, 186, 187, 188, 189, 190, 191, 192], "mail": [21, 41, 42, 65, 67, 83, 88, 91, 99, 100, 103, 104, 111, 133, 157, 160, 191, 192], "mail_attach": [88, 97, 98], "mail_bcc": [88, 97, 98], "mail_bodi": 88, "mail_body_html": [88, 97, 98], "mail_body_text": [88, 98], "mail_cc": [88, 98], "mail_encryption_recipi": 88, "mail_from": [88, 98], "mail_import": 88, "mail_in_reply_to": 88, "mail_incident_id": [88, 98], "mail_inline_templ": 88, "mail_line_templ": 88, "mail_merge_bodi": 88, "mail_message_id": 88, "mail_subject": [88, 98], "mail_template_label": 88, "mail_template_select": 88, "mail_to": [88, 98], "mailbox": [42, 43, 88, 91, 99, 137, 191], "mailbox_typ": 41, "mailboxdeviceid": 69, "mailboxlastreport": 69, "mailboxlastreportedinepochm": 69, "mailboxmanag": 69, "mailboxset": 42, "mailen": 133, "mailer": 173, "mailfold": 42, "mailfrom": 91, "mailingaddress": 113, "mailingc": 113, "mailingcountri": 113, "mailinggeocodeaccuraci": 113, "mailinglatitud": 113, "mailinglongitud": 113, "mailingpostalcod": 113, "mailingst": 113, "mailingstreet": 113, "mailmessag": 78, "mailnicknam": 133, "mailto": [137, 191], "main": [4, 15, 16, 24, 43, 46, 64, 98, 117, 119, 120, 121, 124, 155, 187], "main_pag": 13, "main_sect": 72, "mainlin": [69, 99, 117, 137, 191], "maint": 150, "maintain": [0, 1, 6, 38, 46, 119, 133, 158, 178, 180, 181, 182, 183, 184, 191], "mainten": 124, "mainthread": 183, "majest": 144, "majestic_million_1m": 72, "major": [39, 57, 59, 182, 185, 190], "major_vers": 33, "majorvers": 117, "make": [4, 7, 8, 9, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 34, 35, 36, 37, 39, 41, 42, 43, 46, 47, 48, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 69, 70, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 142, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 162, 167, 168, 182, 183, 186, 190, 191], "make_linkback_url": 43, "make_list_str": 43, "make_playbook": 97, "make_properties_str": 43, "make_summary_not": 43, "make_unicod": [13, 18, 25, 46, 79, 91, 116, 130, 146], "make_url": 98, "maker": [98, 156], "mal": 153, "mal_ip": 10, "malai": 147, "malawi": 137, "malayalam": 147, "malaysia": 137, "malc0d": 72, "maldiv": 137, "male": 96, "malform": 87, "mali": 137, "malici": [15, 20, 24, 27, 33, 35, 37, 43, 72, 76, 77, 78, 79, 88, 94, 99, 100, 102, 103, 107, 108, 122, 124, 135, 137, 141, 144, 145, 150, 168, 176, 183, 186, 187, 188, 191], "malicious_count": 72, "malicious_flag": [99, 187], "maliciousipcal": 15, "maliciousprocessargu": 116, "malicioustot": 187, "maliciousverdict": 187, "malshar": 72, "malta": 137, "maltes": 147, "malvina": 137, "malwar": [9, 24, 28, 33, 38, 43, 51, 60, 72, 77, 78, 81, 82, 91, 93, 99, 102, 108, 113, 116, 117, 122, 124, 127, 129, 134, 137, 139, 144, 145, 146, 153, 155, 173, 183, 188], "malware_analysi": 72, "malware_famili": [102, 186], "malware_list": 99, "malware_sha_256_hash__c": 113, "malwaredomainlist": 72, "malwaremustdi": 72, "malwarepatrol": [144, 188], "malwarest": 79, "mamv1jsfxbw": 187, "man": 137, "manag": [4, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 157, 162, 165, 167, 168, 172, 184, 190, 192], "managedbi": 78, "managedbystatu": 78, "managedst": 74, "manageengin": 43, "managerid": 113, "mandatori": 41, "mandiant": 156, "mandiant_artifact_data": 72, "mandiant_artifact_typ": 72, "mandiant_result": 72, "mani": [5, 7, 11, 42, 47, 59, 74, 80, 88, 97, 99, 106, 131, 183, 191], "manipul": [36, 42, 67, 74, 111, 132, 139], "manner": 111, "manual": [4, 8, 11, 15, 18, 19, 21, 24, 25, 26, 35, 36, 42, 43, 45, 49, 57, 64, 66, 67, 68, 73, 74, 77, 80, 81, 82, 86, 87, 88, 89, 90, 91, 97, 98, 99, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 119, 121, 124, 125, 126, 129, 130, 131, 133, 136, 137, 144, 146, 152, 153, 155, 157, 161, 163, 168, 180, 183, 184, 185, 186, 187, 188, 190, 191], "manual_set": 98, "manuallyad": 108, "manufactur": [21, 54, 69], "map": [16, 21, 35, 36, 43, 45, 64, 66, 69, 76, 78, 80, 81, 82, 85, 90, 103, 104, 106, 107, 113, 119, 120, 124, 129, 130, 131, 137, 146, 152, 164, 173, 183, 191], "map_sn_record_st": 119, "map_tempt": 106, "mapp": 124, "mapped_classif": 137, "mapper": 192, "mapping_closure_reason": 146, "mapping_determination_on_clos": 146, "mapping_dispositon_on_clos": 107, "mapping_no_head": 36, "mapping_resolut": 130, "mapping_sub_resolution_on_clos": 130, "mar": [111, 137], "marathi": 147, "march": [57, 104, 136, 185], "margin": 41, "mariadb": [87, 179, 182], "mariadbdialect": 182, "mariana": 137, "marino": 137, "mark": [10, 25, 41, 46, 67, 77, 78, 80, 81, 87, 98, 111, 114, 116, 133, 136, 138, 152, 159, 176], "mark_kei": 49, "markdown": 168, "marketplac": [32, 185], "markmonitor": 188, "marks_list": 49, "markscherfl": [78, 133], "markup": 125, "marshal": 137, "martin": 137, "martiniqu": 137, "mass": 188, "massiv": [103, 185], "master": [15, 44, 66, 84, 102, 162, 168, 182, 186, 192], "masterrecordid": 113, "mastodon": 167, "match": [3, 4, 10, 11, 15, 18, 21, 24, 35, 36, 37, 39, 42, 43, 51, 53, 59, 64, 66, 68, 69, 74, 78, 79, 80, 81, 85, 88, 95, 96, 98, 103, 108, 110, 113, 114, 117, 120, 122, 127, 130, 136, 137, 151, 153, 163, 167, 182, 183, 191], "match_al": 39, "match_field_nam": 127, "match_field_valu": 127, "match_highlight": 127, "matchcount": 131, "matched_record": 39, "matcheditem": 130, "matcher": 108, "matching_oper": 183, "materi": 150, "mathew": 148, "matter": [64, 67, 103, 104], "mauritania": 137, "mauritiu": 137, "max": [13, 20, 21, 24, 33, 36, 42, 64, 65, 77, 78, 85, 96, 98, 103, 110, 129, 136, 143, 144, 152, 182, 187], "max_alert": [78, 80], "max_auth_attempt": 117, "max_batch_request": 42, "max_batched_request": 42, "max_count": 70, "max_data_table_row": 99, "max_datatable_row": [21, 110], "max_id": 98, "max_inst": 114, "max_issues_return": 64, "max_mariadb_text": 182, "max_messag": 42, "max_polling_wait_sec": 144, "max_results_displai": 34, "max_retri": 24, "max_retries_backoff_factor": 42, "max_retries_tot": 42, "max_row": 146, "max_tim": [136, 143], "max_us": 42, "maxdat": 167, "maximo_cb": 161, "maximum": [10, 18, 34, 35, 36, 42, 43, 55, 56, 64, 70, 98, 99, 107, 111, 115, 117, 136, 152, 167], "maxlin": 68, "maxmemorypershellmb": 85, "maxresult": 64, "maxretri": 21, "maxrisk": 167, "mayb": [91, 179], "mayen": 137, "mayott": 137, "mbi": 152, "mbp": [38, 43, 59, 113, 114, 159], "mc": 42, "mc_ueid": 21, "mcafe": [117, 156], "mcafee_atd_report_typ": 73, "mcafee_atd_url_submit_typ": 73, "mcafee_dxl_payload": [76, 77], "mcafee_epo_abort_after_minut": 74, "mcafee_epo_admin": 74, "mcafee_epo_allow_dupl": 74, "mcafee_epo_allowed_ip": 74, "mcafee_epo_client_task": 74, "mcafee_epo_delete_if_remov": 74, "mcafee_epo_email": 74, "mcafee_epo_flatten_tree_structur": 74, "mcafee_epo_fullnam": 74, "mcafee_epo_group": 74, "mcafee_epo_group_id": 74, "mcafee_epo_issu": 74, "mcafee_epo_issue_assigne": 74, "mcafee_epo_issue_descript": 74, "mcafee_epo_issue_du": 74, "mcafee_epo_issue_id": 74, "mcafee_epo_issue_nam": 74, "mcafee_epo_issue_prior": 74, "mcafee_epo_issue_properti": 74, "mcafee_epo_issue_resolut": 74, "mcafee_epo_issue_sever": 74, "mcafee_epo_issue_st": 74, "mcafee_epo_issue_typ": 74, "mcafee_epo_new_usernam": 74, "mcafee_epo_not": 74, "mcafee_epo_object_id": 74, "mcafee_epo_pass": 74, "mcafee_epo_permission_set": 74, "mcafee_epo_permsetnam": 74, "mcafee_epo_phone_numb": 74, "mcafee_epo_polici": 74, "mcafee_epo_product_id": 74, "mcafee_epo_push_ag": 74, "mcafee_epo_push_agent_domain_nam": 74, "mcafee_epo_push_agent_force_instal": 74, "mcafee_epo_push_agent_install_path": 74, "mcafee_epo_push_agent_package_path": 74, "mcafee_epo_push_agent_password": 74, "mcafee_epo_push_agent_skip_if_instal": 74, "mcafee_epo_push_agent_suppress_ui": 74, "mcafee_epo_push_agent_usernam": 74, "mcafee_epo_query_group": 74, "mcafee_epo_query_ord": 74, "mcafee_epo_query_select": 74, "mcafee_epo_queryid": 74, "mcafee_epo_random_minut": 74, "mcafee_epo_reset_inherit": 74, "mcafee_epo_retry_attempt": 74, "mcafee_epo_retry_intervals_in_second": 74, "mcafee_epo_search_text": 74, "mcafee_epo_stop_after_minut": 74, "mcafee_epo_sub_group": 74, "mcafee_epo_subjectdn": 74, "mcafee_epo_system": 74, "mcafee_epo_system_name_or_id": 74, "mcafee_epo_systems_dt": 74, "mcafee_epo_tag": 74, "mcafee_epo_target": 74, "mcafee_epo_task_id": 74, "mcafee_epo_ticket_id": 74, "mcafee_epo_ticket_server_nam": 74, "mcafee_epo_timeout_in_hour": 74, "mcafee_epo_type_id": 74, "mcafee_epo_uninstal": 74, "mcafee_epo_uninstall_softwar": 74, "mcafee_epo_us": 74, "mcafee_epo_use_all_agent_handl": 74, "mcafee_epo_user_dis": 74, "mcafee_epo_usernam": 74, "mcafee_epo_windowsdomain": 74, "mcafee_epo_windowsusernam": 74, "mcafee_esm_password": 75, "mcafee_esm_serv": 75, "mcafee_esm_usernam": 75, "mcafee_publish_method": [76, 77], "mcafee_tie_com": 77, "mcafee_tie_filenam": 77, "mcafee_tie_get_file_reput": 77, "mcafee_tie_get_lastest_reput": 77, "mcafee_tie_hash": 77, "mcafee_tie_hash_typ": 77, "mcafee_tie_reputation_typ": 77, "mcafee_tie_search": 172, "mcafee_tie_set_file_reput": 77, "mcafee_tie_set_reputation__datat": 77, "mcafee_tie_trust_level": 77, "mcafee_topic_nam": [76, 77], "mcafee_wait_for_respons": [76, 77], "mcdonald": 137, "mco": 137, "mcygaf6oouwx38qnhpwhossusdo8yvi": 98, "md": [15, 44, 168], "md5": [24, 33, 37, 38, 72, 77, 78, 81, 88, 102, 103, 108, 116, 117, 122, 127, 129, 134, 144, 146, 155, 173, 188, 191], "md5_hash": 103, "md5hash": 37, "mda": 137, "mdatpdeviceid": 78, "mdc6umvszwfzztexnta4mdg": 46, "mdc6umvszwfzztexnza1mdq": 46, "mdc6umvszwfzztexnza1mti": 46, "mdc6umvszwfzztexnza1nj": 46, "mdc6umvszwfzztexnza3njq": 46, "mdewoljlcg9zaxrvcnkxmzy3nda4": 46, "mdg": 137, "mdm": 69, "mdmmailboxdeviceid": 69, "mdq6vxnlcjezmzaxmq": 46, "mdr": 146, "mdr_alert": 146, "mdr_alert_notes_pres": 146, "mdr_threat_notes_pres": 146, "mdv": 137, "mdy6q29tbwl0mtm2nzqwodo0ymu2zju2zmrkmzdjowqzywewntrhmtvjzgzjyja5mwjimtzmytrk": 46, "mdy6q29tbwl0mtm2nzqwodpjzdlmogy3ndqzmgzhodiyntq5oddkogmwmwu0mze2zmi4mjewmmq3": 46, "me": [43, 144, 188], "mean": [4, 19, 38, 70, 72, 86, 90, 109, 111, 119, 133, 179, 182, 192], "meaning": [87, 89, 129, 133], "meant": [81, 109], "measur": 80, "meb86e2013c2d82c3c9dea7b8b27253": 31, "mechan": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167, 181, 182, 191], "med": 72, "media": [96, 113, 153], "medium": [21, 35, 37, 43, 49, 60, 64, 66, 74, 78, 79, 80, 81, 90, 102, 104, 106, 107, 108, 113, 119, 120, 124, 127, 130, 131, 137, 146, 152, 186], "mediumbannerphotourl": 113, "mediumphotourl": 113, "meeitng": 148, "meet": [22, 64, 106, 110, 127, 133, 168, 189, 190, 191], "meet8": 31, "meetingid": 148, "meetinglink": 148, "meetingnumb": 148, "meetingopt": 148, "meetingseri": 148, "meetingtyp": 148, "meid": 69, "mem": 117, "member": [0, 17, 22, 43, 46, 55, 60, 89, 99, 100, 125, 127, 133, 148, 182, 183], "member_list": [25, 89], "memberof": 67, "membership": [16, 133], "membershiprul": 133, "membershipruleprocessingst": 133, "membershiptyp": 133, "memcach": 43, "memcache_error": 43, "memcache_issu": 43, "memdump": 38, "memori": [38, 78, 85, 117], "memory_stat": 38, "memorys": 54, "mention": [16, 41, 55, 111, 133, 148, 168], "mentioned_us": [60, 127], "menu": [10, 12, 16, 21, 22, 26, 29, 30, 31, 32, 36, 42, 43, 52, 56, 61, 68, 69, 95, 96, 100, 101, 107, 115, 116, 120, 121, 123, 128, 130, 131, 132, 137, 141, 143, 148, 157, 161, 162, 166, 186, 191, 192], "merg": [11, 13, 46, 88], "merges_url": 46, "mes1": 94, "messag": [4, 8, 17, 25, 35, 36, 40, 41, 44, 45, 46, 53, 56, 59, 60, 64, 66, 67, 73, 74, 76, 78, 80, 91, 98, 99, 100, 102, 103, 104, 106, 108, 117, 123, 124, 127, 129, 135, 137, 144, 146, 148, 152, 157, 162, 165, 166, 173, 179, 180, 181, 183, 184, 188], "message_bodi": 138, "message_id": [17, 88, 137, 138], "message_id_domain": 88, "message_id_from_sns_execut": 17, "message_id_list": 137, "message_pattern": 137, "message_row": 41, "messageaclentri": 131, "messagecomponentid": 131, "messagecomponentnam": 131, "messagecomponenttyp": 131, "messaged": 131, "messagedirection": 91, "messageid": [99, 131], "messages_block": 99, "messages_deliv": 99, "messagesecurityst": 79, "messagesourc": 131, "messagetyp": [131, 133], "messagetypeid": 131, "messaging_service_sid": 138, "messukesku": 126, "met": [72, 183, 191], "meta": [33, 102, 112, 181, 186, 187], "metaconfigur": 19, "metadata": [0, 24, 37, 42, 43, 59, 78, 79, 107, 111, 112, 133, 134, 142, 146, 150], "metadata_deviceeventid": 130, "metadata_mappernam": 130, "metadata_mapperuid": 130, "metadata_orgid": 130, "metadata_pars": 130, "metadata_parsetim": 130, "metadata_product": 130, "metadata_productguid": 130, "metadata_receipttim": 130, "metadata_schemavers": 130, "metadata_sensorid": 130, "metadata_sensorinform": 130, "metadata_sensorzon": 130, "metadata_sourceblockid": 130, "metadata_sourcecategori": 130, "metadata_sourcemessageid": 130, "metadata_vendor": 130, "metasploit": 43, "meterpret": 43, "meterpreter_shel": 43, "method": [21, 24, 38, 43, 60, 64, 70, 76, 85, 106, 107, 113, 117, 127, 130, 133, 137, 143, 144, 146, 148, 152, 167, 168, 173, 187, 188, 191], "methodologi": 111, "metric": [7, 8, 10, 11, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 31, 33, 35, 36, 38, 41, 42, 43, 46, 47, 49, 51, 55, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 80, 81, 84, 85, 86, 87, 88, 89, 91, 92, 96, 97, 98, 103, 104, 105, 106, 107, 108, 109, 111, 113, 114, 116, 117, 119, 122, 124, 126, 127, 129, 130, 131, 133, 136, 137, 138, 146, 148, 150, 152, 153, 154, 155, 159, 185, 186], "metro": 187, "metropoli": 96, "mex": 137, "mexico": 137, "mfa_ser_num": 16, "mfa_serial_num": 16, "mgr": 159, "mhl": 137, "micro": 103, "micronesia": 137, "microsecond": 136, "microsoft": [19, 34, 35, 43, 72, 87, 88, 91, 94, 103, 108, 130, 137, 146, 150, 156, 179], "microsoft_azure_security_azuredefenderfordata": [79, 80], "microsoft_azure_security_insight": 80, "microsoft_azure_security_r3": 79, "microsoft_graph_token_url": [42, 79], "microsoft_graph_url": [42, 79], "microsoft_security_graph_alert_data": 79, "microsoft_security_graph_alert_id": 79, "microsoft_security_graph_alert_search_queri": 79, "microsoft_security_graph_query_end_datetim": 79, "microsoft_security_graph_query_start_datetim": 79, "microsoftdefenderatp": 79, "microsoftdefenderforendpoint": 78, "microsoftonlin": [19, 42, 79, 133, 157], "microworld": 122, "mid": 118, "middl": [21, 33, 34, 37, 38, 96], "middle_nam": 146, "midnight": 114, "might": [7, 8, 11, 13, 15, 18, 19, 20, 21, 24, 25, 32, 35, 36, 39, 41, 42, 43, 46, 49, 51, 64, 65, 66, 67, 72, 74, 76, 78, 79, 80, 81, 82, 85, 86, 87, 88, 89, 90, 91, 92, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 148, 150, 152, 153, 154, 155, 157, 167, 185, 186, 187, 188, 191], "mightymol": 99, "migrat": [11, 15, 25, 33, 36, 41, 42, 43, 66, 67, 74, 78, 81, 88, 89, 90, 91, 99, 104, 117, 118, 125, 129, 133, 144, 148, 153, 156, 185, 186, 187, 188], "miievaibadanbgkqhkig9w0baqefaascbkywggsiageaaoibaqdfo8xuu": 111, "mileston": [30, 46, 55, 98, 178, 181, 183], "milestones_url": 46, "million": [57, 185], "millisecond": [36, 43, 60, 85, 106, 127, 136, 182, 183], "milliseond": 98, "mime": [41, 42, 91, 173], "mime_cont": 41, "mime_typ": 107, "mimetyp": 187, "min": [48, 77, 98, 102, 104, 148, 186], "min_id": 98, "min_scor": 35, "min_supported_agent_vers": 24, "min_supported_os_vers": 24, "mind": [21, 72, 86], "mindat": 167, "mine": [43, 98, 153], "minim": 179, "minimum": [7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 44, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 68, 69, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 140, 141, 142, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 167, 168], "minimum_prob": 96, "minimum_recent_signal_sever": 130, "minimum_sever": 146, "minimumcompatiblevers": 19, "minor": [21, 42, 59, 80, 137, 141, 169], "minor_vers": 33, "minorvers": 117, "minu": 55, "minut": [15, 23, 35, 36, 43, 49, 64, 73, 74, 78, 80, 90, 99, 100, 103, 106, 107, 108, 113, 114, 115, 116, 117, 124, 130, 136, 138, 142, 143, 146, 148, 152, 168], "miquelon": 137, "mirror_url": 46, "misconfigur": 49, "misfire_grace_tim": 114, "misidentifi": 115, "mislead": 70, "misp": [72, 156], "misp_analysis_level": 81, "misp_attribut": 81, "misp_attribute_typ": 81, "misp_attribute_valu": 81, "misp_distribut": 81, "misp_ev": 81, "misp_event_id": 81, "misp_event_nam": 81, "misp_kei": 81, "misp_sight": 81, "misp_tag_nam": 81, "misp_tag_typ": 81, "misp_threat_level": 81, "misp_typ": 81, "misp_url": [81, 173], "miss": [1, 24, 43, 46, 85, 87, 88, 102, 117, 183], "mission_crit": 146, "mit": [178, 179, 180, 181, 182, 183, 184], "mitchellkrogza": 13, "miti": 82, "mitig": [37, 82, 106, 115, 116, 117, 119, 186], "mitigatedpreempt": 116, "mitigation_text": 82, "mitigationmod": 116, "mitigationmodesuspici": 116, "mitigationstatu": 116, "mitigationstatusdescript": 116, "mitr": [43, 78, 81, 102, 116, 156], "mitre_attack_group": 82, "mitre_attack_of_incid": [82, 186], "mitre_attack_softwar": 82, "mitre_attack_techniqu": [82, 186], "mitre_get_groups_using_all_techniqu": 82, "mitre_get_groups_using_techniqu": 82, "mitre_get_software_for_a_techniqu": 82, "mitre_get_tactic_inform": 82, "mitre_get_technique_inform": 82, "mitre_group": 82, "mitre_mitig": 82, "mitre_result": 103, "mitre_softwar": 82, "mitre_tact": [43, 82, 103, 186], "mitre_tactic_id": [82, 103, 186], "mitre_tactic_nam": [82, 102, 186], "mitre_tactid_id": 186, "mitre_tactid_nam": 186, "mitre_techniqu": [43, 78, 82, 103, 186], "mitre_technique_id": [82, 103], "mitre_technique_mitigation_onli": 82, "mitre_technique_nam": 82, "mitre_technique_task": 82, "mitretechniqu": 78, "mix": 64, "mixedcontenttyp": 187, "mk_note": 78, "mk_str": 110, "mkavanagh": 99, "mkd": 137, "mkdir": [70, 192], "mkivqoqexxpt1wd9vo9vi6uvbv1ts7o4y44vfdw1": 187, "mkleehamm": 182, "ml": [70, 71, 147], "ml_predict": 70, "mli": 137, "mlid": 35, "mlos2": 74, "mlt": 137, "mlverdict": 72, "mm": [33, 36, 70, 81, 104, 114], "mmb29m": 69, "mmole": 99, "mmr": 137, "mn": 147, "mn2pr15mb2877": 91, "mne": 137, "mng": 137, "mnp": 137, "mnt": 150, "mobil": [37, 69, 133, 144, 148, 157], "mobileiron": 43, "mobilephon": [113, 117], "mobisav": 78, "mock_data": 87, "mod": 43, "mod_tim": 43, "modal": 121, "mode": [4, 9, 14, 15, 24, 26, 28, 34, 43, 44, 73, 78, 82, 83, 85, 97, 105, 110, 117, 140, 151, 155, 157, 159, 162], "model": [19, 21, 43, 69, 98, 117, 133, 147, 179], "model_breaches_dt": 35, "model_dir": 70, "model_overrid": 43, "model_path": 71, "modelbreach": 35, "modelnam": [35, 116], "modelvers": 72, "modif": [43, 57, 64, 67, 87, 88, 89, 103, 104, 124, 129, 168], "modifi": [4, 10, 11, 12, 16, 18, 21, 29, 33, 34, 35, 37, 38, 43, 46, 49, 52, 57, 61, 64, 68, 70, 72, 78, 80, 87, 88, 90, 95, 97, 100, 101, 102, 103, 106, 107, 108, 111, 113, 115, 119, 123, 128, 130, 132, 141, 143, 146, 152, 161, 168, 180, 183, 184, 186, 188, 189, 190, 191, 192], "modificationd": 103, "modificationtimeunixtimeinm": 124, "modified_timestamp": 33, "modifiedd": [57, 185], "modify_d": [60, 127], "modify_princip": [60, 127], "modify_schedule_typ": 114, "modify_schedule_type_valu": 114, "modify_scheduler_typ": 114, "modify_scheduler_type_valu": 114, "modify_us": [60, 127], "modifyvolum": 15, "modul": [12, 27, 30, 78, 106, 107, 113, 116, 119, 121, 130, 136, 146, 157, 160], "module_act": 19, "module_arg": 11, "module_nam": 19, "module_result": 11, "modulenotfounderror": 30, "modulu": [144, 188], "moldova": 137, "mon": [91, 104], "monaco": 137, "mongolia": 137, "mongolian": 147, "monitor": [4, 15, 49, 72, 83, 107, 146, 152, 186], "monitorapp": [144, 188], "montenegro": 137, "month": [36, 130, 168], "monthli": 117, "montserrat": 137, "moor": 91, "more": [4, 9, 11, 15, 16, 18, 24, 25, 27, 30, 33, 34, 35, 37, 41, 49, 53, 56, 58, 59, 64, 67, 68, 70, 71, 72, 76, 78, 84, 85, 86, 87, 88, 89, 90, 91, 99, 102, 103, 104, 105, 106, 107, 111, 113, 114, 115, 117, 118, 119, 121, 123, 127, 129, 130, 133, 134, 135, 136, 137, 139, 141, 146, 147, 148, 154, 157, 159, 160, 170, 172, 176, 177, 183, 184, 185, 186, 188, 191], "morocco": 137, "most": [1, 4, 7, 30, 43, 56, 72, 76, 77, 85, 98, 111, 117, 121, 136, 152, 179, 182], "most_recent_report": 7, "mostli": [85, 133], "mount": [4, 135], "mountain": [13, 39, 62], "mountpoint": 54, "move": [13, 30, 35, 49, 79, 100, 104, 111, 183, 192], "move_endpoint_result": 117, "move_to_group": 24, "movement": [43, 78], "moz": 137, "mozambiqu": 137, "mozilla": [72, 94, 187], "mr": [113, 147], "mrhmxxxxxxxxxxmnji53": 148, "mrpa3": 150, "mrt": 137, "ms_channel_id": 133, "ms_channel_nam": 133, "ms_descript": 133, "ms_exchange_ssrf_rc": 43, "ms_group_id": 133, "ms_group_mail_nicknam": 133, "ms_group_nam": 133, "ms_groupteam_id": 133, "ms_groupteam_nam": 133, "ms_message_id": 133, "ms_owners_list": 133, "ms_sentinel_label": 80, "ms_team_nam": 133, "msal": [78, 133], "mscherfl": 15, "mscore": 72, "msdownload": 108, "msdtc": 108, "msf_cert": 43, "msft_dscmetaconfigur": 19, "msft_dscmetaconfiguration1ref": 19, "msft_webdownloadmanag": 19, "msft_webdownloadmanager1ref": 19, "msft_webreportmanag": 19, "msft_webreportmanager1ref": 19, "msft_webresourcemanag": 19, "msft_webresourcemanager1ref": 19, "msg": [11, 15, 35, 60, 78, 89, 97, 98, 108, 114, 127, 130, 144, 190], "msg_alert_detail": 79, "msg_attach": 137, "msg_bodi": [17, 41, 137, 138], "msg_hdr": 137, "msg_id": [88, 137], "msg_list": 97, "msg_polling_interv": 79, "msg_subject": 41, "msi": 117, "msmpeng": 108, "msn": 150, "msndcc": 150, "msr": 137, "msrpc_admin_access_check": 43, "msrpc_alias_member_enum": 43, "msrpc_domain_controller_enumer": 43, "msrpc_group_member_enum": 43, "msrpc_loggedon_user_enum": 43, "msrpc_netsession_enum": 43, "msrpc_network_share_enum": 43, "msrpc_rdp_session_enum": 43, "msrpc_registry_enumeration_via_winreg": 43, "msrpc_scheduled_task_via_atsvc": 43, "msrpc_scheduled_task_via_itaskschedulerservic": 43, "mssp": [88, 104], "mt": 147, "mthjtq4elbp": 74, "mtid": [31, 148], "mtp_classif": 80, "mtq": 137, "mu": 137, "much": [127, 179], "mule": 137, "mule_account": 137, "mulitpl": 68, "multi": [16, 36, 42, 60, 78, 80, 84, 87, 89, 113, 127, 183, 191], "multi_select": 36, "multicast": [72, 117], "multidomain": 67, "multipl": [5, 8, 24, 38, 41, 42, 43, 49, 55, 66, 67, 72, 80, 81, 84, 87, 89, 104, 106, 107, 108, 111, 118, 119, 129, 130, 133, 139, 147, 159, 179, 180, 181, 182, 184, 190, 191], "multiple_email_error": 43, "multiple_ftp_error": 43, "multiple_kerberos_auth_error": 43, "multiple_ldap_auth_error": 43, "multiple_smb_cifs_error": 43, "multiplemessag": 159, "multipli": [98, 111, 167], "multiselect": [36, 42, 47, 78], "murine1": 90, "music": 85, "must": [4, 11, 15, 16, 17, 18, 19, 21, 25, 30, 33, 34, 36, 37, 38, 39, 41, 42, 43, 47, 48, 49, 53, 56, 58, 64, 67, 74, 76, 77, 85, 87, 88, 89, 103, 107, 110, 111, 113, 114, 117, 119, 120, 121, 125, 129, 130, 133, 135, 136, 137, 138, 142, 145, 146, 148, 155, 157, 163, 172, 180, 182, 183, 184, 190, 192], "mutabl": 153, "mute": 49, "mute_initi": 49, "mutex": [129, 173], "mutual": [111, 157], "mwg": 77, "mwg_trust_level": 77, "mwi": 137, "mx": [13, 83, 144], "mxtbwhob7aoowbhvvrw8hva6m1g": 98, "mxtoolbox": 156, "my": [7, 18, 19, 22, 24, 25, 31, 33, 35, 38, 51, 59, 64, 66, 72, 74, 78, 85, 88, 90, 91, 92, 98, 101, 111, 113, 116, 117, 119, 122, 127, 130, 131, 137, 146, 147, 150, 154, 185], "my_custom_field": 21, "my_domain_nam": 113, "my_domain_url": 113, "my_logstor": 39, "my_snow_column_nam": 119, "my_sqlite_fe": 182, "my_url": 58, "myanmar": 137, "myapphost": 146, "myaxoniu": 18, "mydatabas": 87, "mydomain": [102, 160], "myfqdn": 25, "myhost": [15, 16, 43, 49, 102, 116, 119, 146], "mylaptop": [18, 107], "mylaptopl": 18, "mylastnam": 113, "myorg": [106, 146, 184], "mypass": 160, "mypassword": [20, 87], "myriad": 142, "mys3group": 16, "myscript": 85, "myservic": 157, "mysit": 116, "mysoar": 131, "mysql": [87, 179, 182], "mysql_fe": 182, "mysupport": [8, 11, 13, 15, 16, 18, 19, 21, 24, 29, 35, 41, 42, 43, 49, 59, 64, 69, 74, 75, 76, 77, 78, 79, 80, 82, 85, 91, 99, 102, 103, 106, 107, 108, 110, 113, 114, 116, 117, 125, 126, 130, 131, 137, 146, 152, 153, 155], "myt": 137, "myuser": 160, "myusernam": [87, 93], "n": [10, 11, 13, 15, 16, 17, 19, 25, 31, 34, 35, 36, 37, 38, 41, 42, 43, 44, 46, 55, 60, 63, 64, 66, 67, 69, 74, 77, 78, 79, 80, 81, 84, 85, 86, 88, 89, 90, 91, 96, 98, 99, 102, 103, 104, 108, 111, 113, 116, 117, 119, 120, 124, 125, 127, 130, 131, 133, 137, 144, 147, 148, 150, 151, 153, 159, 167, 188, 191, 192], "n02": 85, "n05": 85, "n07": 85, "n08": 85, "n0obryntfk3odjsj5a7ax": 85, "n11": 85, "n1gwp3bejsnktswcmc4fc8amoetalmgaaayyvhnn6aaaeawbhmeucias3": 85, "n2": 79, "n5kgh4cp3n3": 117, "n8zgyexq83sdqlfiruytdktmkhiwuegr7qvxfxkf": 98, "nOS": 108, "na": [13, 18, 21, 116, 146, 188], "naaggl4ttzqaabamarjbeaibswmmk4qfredfn3uoa": 85, "naccount": 150, "naction": [35, 78], "nadd": 153, "nadmin": 188, "nageambmga1udjqqmmaogccsgaqufbwmbmawga1udeweb": 85, "nagio": 90, "nagios_inbound_integration_refer": 90, "naicscod": 113, "naicsdesc": 113, "nalert": 78, "nalso": 80, "naltern": 79, "nam": 137, "name": [1, 3, 4, 5, 7, 9, 10, 11, 12, 13, 14, 17, 22, 23, 27, 28, 29, 31, 32, 34, 39, 46, 47, 48, 50, 51, 52, 53, 54, 57, 58, 60, 61, 62, 63, 65, 66, 68, 70, 72, 75, 76, 79, 81, 83, 84, 85, 86, 89, 90, 91, 92, 93, 94, 95, 97, 100, 101, 105, 111, 113, 115, 118, 120, 121, 122, 123, 126, 127, 128, 131, 132, 133, 136, 138, 139, 140, 141, 143, 144, 145, 147, 148, 149, 150, 151, 153, 154, 156, 157, 159, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 190, 191, 192], "name_filt": 155, "name_of_artifact": 59, "name_of_cloud_funct": 48, "name_of_consumer_key_in_jira_ui": 64, "name_serv": 149, "named_tim": 90, "nameinternation": 131, "namelist": 127, "namespac": [39, 49, 104, 116], "namespacelabel": 116, "namibia": 137, "namor": 153, "namprd08": 42, "namvjdc5uzxquy26ceyouyw1wchjvamvjdc5uzxquy26cf2dvb2dszs1hbmfsexrp": 85, "nan": [108, 152], "nanaconda": [84, 85], "nand": 188, "nano": [10, 12, 29, 52, 55, 95, 100, 101, 123, 128, 132, 141, 143, 145, 161], "nare": 188, "narrow": 24, "nartifact": 78, "nassign": 78, "natdestinationaddress": 79, "natdestinationport": 79, "nation": 38, "nativ": [43, 107, 182, 184], "nativetyp": 152, "natsourceaddress": 79, "natsourceport": 79, "natur": [13, 18, 25, 46, 71, 79, 91, 116, 130, 131, 146, 168, 189], "nauru": 137, "nauthor": 111, "nautomationaccountnam": 19, "nav_to": 119, "navig": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 61, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 141, 142, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 168, 180, 183, 185, 187, 188, 189, 190, 191, 192], "nawnhdglvbi1jbi5jb22cfmfwcc1tzwfzdxjlbwvudc1jbi5jb22cgcouyxbwlw1l": 85, "nawnrlmnughqqlmzscy5kb3vibgvjbgljay5jboiski5nlmrvdwjszwnsawnrlmnu": 85, "nb": [46, 147], "nb22cbxl0lmjlggcqlnl0lmjlghphbmryb2lklmnsawvudhmuz29vz2xllmnvbyib": 85, "nb29nbguuy29tghgqlmrhdgfjb21wdxrllmdvb2dszs5jb22ccyouz29vz2xllmnh": 85, "nb29nbgvhchbzlwnulmnvbyimz2tly25hchbzlmnugg4qlmdrzwnuyxbwcy5jboi": 85, "nb2tpzs5jb22ccyouexrpbwcuy29tggthbmryb2lklmnvbyinki5hbmryb2lklmnv": 85, "nbcc": 88, "nbguuaxsccyouz29vz2xllm5sggsqlmdvb2dszs5wbiilki5nb29nbguuchscei": 85, "nbgzngqwbagewdaykkwybbahweqifaza8bgnvhr8entazmdggl6athitodhrwoi8v": 85, "nbill": 188, "nbodi": [41, 91], "nbreach": 57, "nbsp": 102, "nbt": 43, "nbt_ns_poison": 43, "nbtstat": 165, "nbxicdyouz29vz2xllmnvbs50coipki5nb29nbguuy29tlnzuggsqlmdvb2dszs5k": 85, "nby9jzxj0cy9ndhmxyzmuzgvymiijzqydvr0rbiijxdccccccdcouz29vz2xllmnv": 85, "nbyinki55b3v0dwjllmnvbyiuew91dhvizwvkdwnhdglvbi5jb22cfiouew91dhvi": 85, "nbyitki5mbgfzac5hbmryb2lklmnvbyiezy5jboigki5nlmnuggrnlmnvggyqlmcu": 85, "nbyiwki5hchblbmdpbmuuz29vz2xllmnvbyijki5izg4uzgv2ghuqlm9yawdpbi10": 85, "nc": [46, 56], "nc2fuzgjvec1jbi5jb22cdsouz3n0yxrpyy5jb22cfcoubwv0cmljlmdzdgf0awmu": 85, "ncc": [88, 150], "ncgtplmdvb2cvz3rzmwmzmdegccsgaqufbzachivodhrwoi8vcgtplmdvb2cvcmvw": 85, "nchmuy26cesouz29vz2xly25hchbzlmnughfnb29nbgvhchbzlwnulmnvbyitki5n": 85, "ncl": 137, "nclassif": 78, "nclose": 21, "ncnzpy2vzlwnulmnvbyizki5nb29nbgvhzhnlcnzpy2vzlwnulmnvbyirz29vz2xl": 85, "ncommand": 117, "ncomment": [77, 78], "ncommerci": 188, "nconsequ": 35, "ncontact": [150, 188], "ncpu": 108, "ncreat": [64, 144], "ncreation": 188, "ncreationtim": 19, "ncve": 34, "ncy1jbi5jb22cggdvb2dszxrhz3nlcnzpy2vzlwnulmnvbyiaki5nb29nbgv0ywdz": 85, "ndata": 36, "nddity24uy29tgg0qlmd2ddity24uy29tggsybwrulwnulm5ldiinki4ybwrulwnu": 85, "ndescrib": 153, "ndescript": 19, "ndetermin": 78, "ndhjhdmvsywrzzxj2awnlcy1jbi5jb22chyouz29vz2xldhjhdmvsywrzzxj2awnl": 85, "ndmfkcy1jbi5jb22ceyouz29vz2xldmfkcy1jbi5jb22cewdvb2dszwfwaxmty24u": 85, "ndnssec": [144, 188], "ndocument": 188, "ndomain": [108, 144, 188], "ndownload": 117, "ndx": 98, "ndyouz29vz2xllmnvbs5icoipki5nb29nbguuy29tlmnvgg8qlmdvb2dszs5jb20u": 85, "ne": [46, 79, 147], "nearest": 70, "neatli": [41, 49], "neccessari": 137, "necessari": [1, 11, 21, 30, 35, 40, 43, 49, 59, 61, 64, 78, 79, 80, 90, 97, 98, 101, 106, 107, 111, 113, 114, 115, 123, 124, 128, 130, 131, 133, 134, 135, 141, 143, 146, 152, 168, 180, 181, 182, 183, 184, 186, 188, 192], "necessit": 111, "need": [1, 2, 4, 7, 8, 9, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 30, 31, 32, 33, 35, 36, 38, 39, 41, 42, 43, 46, 47, 48, 49, 51, 53, 56, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 110, 111, 113, 114, 115, 116, 117, 119, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 140, 142, 143, 144, 146, 147, 148, 149, 150, 152, 153, 154, 155, 157, 158, 159, 168, 169, 174, 176, 179, 180, 182, 183, 184, 189, 190, 191, 192], "needsattentionccs_set": 21, "neg": 161, "negat": 103, "negative_pr_lik": [60, 70, 127], "negoti": 43, "neighbor": 70, "neighbor_influ": 72, "neither": [72, 191], "nelectron": 188, "nenabl": 188, "nendpoint": 108, "nenviron": 19, "nepal": 137, "nepali": 147, "neqieagsb9asb8qdvahua6d7q2j71bjuy51covilryqpty9era": 85, "ner": 137, "nerror": 81, "nest": [13, 18, 25, 36, 46, 53, 64, 72, 79, 91, 111, 116, 130, 131, 146, 167, 189], "net": [13, 14, 19, 29, 64, 88, 94, 96, 102, 106, 116, 117, 128, 144, 146, 149, 150, 155, 173, 174, 176], "netaddress": 74, "netbasx": 99, "netbios_nam": 43, "netbios_protect": 117, "netbiosnam": 79, "netcraft": [144, 188], "netdevic": 84, "netdevice1": 84, "netdevice_config_cmd": 84, "netdevice_id": 84, "netdevice_send_cmd": 84, "netdevice_use_textfsm": 84, "netflix": 63, "netherland": [21, 137], "netmask": 89, "netmiko": 156, "netscreen": 117, "netwit": 156, "network": [8, 14, 19, 24, 35, 43, 48, 79, 81, 84, 91, 102, 103, 105, 106, 107, 108, 117, 121, 129, 144, 146, 147, 150, 156, 165, 167, 186, 188, 191], "network_address": 24, "network_ev": 59, "network_info": 24, "network_interfac": 18, "network_object": 25, "network_object_descript": 25, "network_object_group": 25, "network_object_kind": 25, "network_object_nam": 25, "network_object_row": 25, "network_object_valu": 25, "network_privilege_escal": 43, "network_trafficfromunrecommendedip": 79, "network_utilities_domain_list": 85, "network_utilities_domain_nam": 85, "network_utilities_https_url": 85, "network_utilities_remote_comput": 85, "network_utilities_resilient_url": 85, "network_utilities_send_sudo_password": 85, "network_utilities_shell_command": 85, "network_utilities_shell_commandshell_command": 85, "network_utilities_shell_param": 85, "networkconnect": 79, "networkinterfac": 116, "networkobj": 25, "networkobject": 25, "networkquarantineen": 116, "networkstatu": 116, "neural": 147, "neutral": [99, 152], "nevi": 137, "new": [3, 10, 15, 16, 17, 18, 19, 20, 21, 23, 24, 27, 29, 30, 33, 35, 36, 37, 38, 42, 43, 46, 47, 49, 50, 53, 55, 64, 66, 67, 69, 73, 74, 75, 76, 77, 79, 80, 85, 87, 88, 89, 90, 99, 102, 103, 104, 106, 107, 108, 109, 110, 113, 114, 116, 117, 118, 119, 120, 121, 124, 125, 127, 129, 130, 131, 132, 137, 138, 143, 146, 150, 152, 155, 158, 168, 169, 177, 178, 180, 181, 182, 183, 184, 185, 186, 188, 189, 190, 191], "new_adws_act": 43, "new_artifact_count": 102, "new_case_own": 137, "new_case_titl": 137, "new_device_ind": 137, "new_dhcp_act": 43, "new_doh_act": 43, "new_external_connect": 43, "new_external_db_connect": 43, "new_external_iiop_connect": 43, "new_external_ldap_connect": 43, "new_external_nfs_connect": 43, "new_external_rdp_connect": 43, "new_external_rmi_connect": 43, "new_external_ssh_connect": 43, "new_external_telnet_connect": 43, "new_external_vnc_connect": 43, "new_incident_filt": [78, 80], "new_iot_connect": 43, "new_local_dns_serv": 43, "new_message_id": 42, "new_not": [109, 131], "new_playbook_nam": 119, "new_row": [33, 103, 117], "new_smb_cifs_file_transf": 43, "new_statu": 152, "new_telnet_act": 43, "new_text": 18, "new_tupl": 98, "new_valu": 64, "new_web_link": 42, "new_york": [32, 64, 114], "new_zealand_risk_assess": 127, "newalert": 79, "newer": [11, 15, 25, 33, 36, 42, 43, 66, 67, 74, 78, 81, 88, 89, 90, 91, 99, 103, 104, 108, 114, 117, 118, 121, 125, 129, 133, 144, 153, 172, 183], "newest": 41, "newev": 103, "newincidentown": [137, 191], "newli": [70, 72, 107, 111, 130, 152, 179, 183, 190, 191], "newlin": [43, 46], "newreporterinfo": 137, "newreput": 77, "newrow": [15, 16, 20, 24, 43, 117, 155], "newslett": 153, "newus": [121, 192], "newvalu": 124, "nexampl": 99, "nexecut": 117, "nexist": 188, "nexpir": [74, 78], "next": [4, 18, 24, 30, 33, 49, 64, 86, 87, 103, 114, 115, 116], "next_run_tim": 114, "next_step": 49, "nextcursor": 116, "nextrun": 19, "nextrunoffsetminut": 19, "nf": [43, 46], "nfa": 16, "nfail": [74, 117], "nfdrgztolsrvak9gbpxmagiek8vqgmb8ga1udiwqymbaafip0f6": 85, "nfigur": 37, "nfile": [77, 78], "nfk": 137, "nfkdnb59pocxtehvyo616rj": 98, "nfl04q0d": 85, "nfm": 24, "nfor": [150, 188], "nfpnxnr0nmgogccsgaqufbwebbf4wxdanbggrbgefbqcwayybahr0cdovl29jc3au": 85, "nfrom": 91, "nfs_file_access_failur": 43, "nfyouz29vz2xlb3b0aw1pemuty24uy29tghjkb3vibgvjbgljay1jbi5uzxscfc": 85, "ng": [29, 66], "nga": 137, "nggp1cmnoaw4uy29tggwqlnvyy2hpbi5jb22cchlvdxr1lmjlggt5b3v0dwjllmnv": 85, "nggsqlmdvb2dszs5jbiioki5nb29nbguuy28uaw6cdiouz29vz2xllmnvlmpwgg4q": 85, "nghfhbxbwcm9qzwn0lm9yzy5jboitki5hbxbwcm9qzwn0lm9yzy5jboiryw1wchjv": 85, "nghfkyxj0c2vhcmnolwnulm5ldiitki5kyxj0c2vhcmnolwnulm5ldiidz29vz2xl": 85, "nghiqlnjly2fwdgnoys1jbi5uzxscc3dpzgv2aw5llmnugg0qlndpzgv2aw5llmnu": 85, "ngive": 153, "ngroup": 153, "nguarante": 188, "nhash": 77, "nheader": 91, "nhello": [41, 80], "nhkjopqmbbwncaatt1q07surf52v6u8asj0jpgiwyerlwd36wunuhzdu8mcantreo": 85, "ni": 24, "nibm": [43, 108], "nic": [137, 188], "nicaragua": 137, "nice": 49, "nicknam": [22, 133], "nif": [80, 88], "nigel": 99, "niger": 137, "nigeria": 137, "night": 114, "nin": 37, "ninclud": 150, "nindic": [78, 153], "ninput": 98, "nioc": 72, "nir": 150, "nissrv": 108, "nist": [49, 133], "nist_attack_vector": [60, 127, 133], "niu": 137, "niue": 137, "nj5yevonypzxlebcfforybvikcnsckbwledotwu85ucgczixvlswisy2yxfndmmoo9cyhetemc5tqswc3": 98, "njl7fvcmz": 98, "njobcount": 19, "njson": 151, "nk": 85, "nkey2": 168, "nki5ny3auz3z0mi5jb22cecoudxjslmdvb2dszs5jb22cfiouew91dhvizs1ub2nv": 85, "nksycd0q1hai8xiroac1hkaik4s64fcat0emod0bwpadk78grbbkocg4q3nvgn5": 98, "nl": 147, "nlastmodifiedbi": 19, "nlastmodifiedtim": 19, "nld": 137, "nli": 91, "nlm5ldiiuz29vz2xlzmxpz2h0cy1jbi5uzxscfiouz29vz2xlzmxpz2h0cy1jbi5u": 85, "nlmdvb2dszs5jby51a4ipki5nb29nbguuy29tlmfygg8qlmdvb2dszs5jb20uyxwc": 85, "nlmnvbyimki5nc3rhdgljlmnughaqlmdzdgf0awmty24uy29tgg9nb29nbgvjbmfw": 85, "nlmnvbyiuki5nb29nbgvjb21tzxjjzs5jb22ccgdncgh0lmnuggoqlmdncgh0lmnu": 85, "nlocat": 19, "nlogprogress": 19, "nlogverbos": 19, "nltk": 71, "nltkdownload": 71, "nmachin": 78, "nmdqzndi5wjaxmruwewydvqqddawqlmdvb2dszs5jb20wwtatbgcqhkjopqibbggq": 85, "nmember": 127, "nmicrosoft": 150, "nmiid": 16, "nmiioozccdsogawibagiraotkts1t8xblemgt": 85, "nmove": 117, "nmqigzp8jeedbzesopeaauuhych4tisuh5jxybbivv": 85, "nn": [147, 187], "nname": [19, 144, 188], "nno": 11, "nnone": [13, 18, 25, 41, 46, 79, 91, 108, 116, 130, 131, 146], "nnote": 131, "nnoth": 78, "nnuic": 98, "no_action_taken": 43, "no_reason": 146, "no_such_ent": 16, "no_such_entity_cert": 16, "no_such_entity_cr": 16, "no_such_entity_group": 16, "no_such_entity_kei": 16, "no_such_entity_mfa": 16, "no_such_entity_polici": 16, "noah": 153, "noc": 144, "nocooki": 96, "nocss": 106, "node": [43, 89, 102, 105, 106, 116, 186], "node_id": [19, 43, 46], "node_report": 19, "nodenam": 74, "nodetextpath2": 74, "nodetyp": 35, "nodrop": 130, "nofil": 192, "nogui": 108, "nois": 52, "non": [18, 43, 98, 102, 104, 107, 113, 116, 124, 133, 137, 142, 179, 183, 187, 191], "non_compli": 117, "non_null_item": 18, "non_pe_rul": 117, "non_toxic_count": 102, "nonc": 80, "none": [9, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 33, 35, 36, 38, 39, 41, 42, 43, 46, 47, 48, 49, 50, 53, 55, 56, 57, 58, 59, 60, 63, 64, 65, 67, 69, 70, 72, 74, 76, 77, 78, 79, 80, 82, 84, 86, 88, 89, 90, 91, 92, 95, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 140, 142, 144, 146, 148, 151, 152, 153, 154, 155, 159, 161, 167, 173, 183, 186, 187, 188, 189, 191, 192], "noneditablereason": 64, "nonetheless": 111, "nonroot": 38, "nonzero": 85, "noopen": [57, 117, 185], "nor": [137, 150], "norcross": 41, "norepli": 102, "norfolk": 137, "norganis": 144, "normal": [33, 35, 42, 53, 60, 78, 88, 113, 119, 133, 137, 146, 190], "normalis": 59, "normalizedact": 130, "nortel": 117, "north": 13, "northern": [7, 137], "norwai": 137, "norwegian": 147, "noshad": 88, "nosuchent": 16, "not_aft": [144, 188], "not_applic": [107, 116], "not_assess": 146, "not_befor": [144, 188], "not_begins_with": 106, "not_contain": [80, 103, 106, 107, 108, 113, 116, 117, 119, 124, 146, 152], "not_contained_bi": 106, "not_deleted_list": 42, "not_en": 24, "not_ends_with": 106, "not_equ": [15, 16, 19, 106, 116, 117], "not_found": 88, "not_has_a_valu": [81, 113, 119], "not_has_kei": 106, "not_icontain": 106, "not_in": 106, "not_isol": 24, "not_mitig": 116, "not_support": 116, "not_suspici": 145, "notabl": 99, "notable_event_statu": 129, "notaft": 91, "notapplic": 116, "notavail": 78, "notbefor": 91, "note": [0, 4, 30, 33, 34, 38, 40, 44, 45, 48, 50, 54, 56, 62, 70, 120, 121, 132, 138, 139, 149, 156, 159, 162, 168, 170, 178, 180, 181, 183, 185, 186, 187, 188, 189, 190, 191, 192], "note_data": [91, 106], "note_err_text": 99, "note_id": 180, "note_info": 78, "note_json_format": 146, "note_obj": 43, "note_str": 102, "note_test": 18, "note_text": [15, 16, 18, 22, 33, 36, 38, 43, 47, 49, 54, 60, 84, 85, 91, 103, 104, 107, 113, 117, 119, 127, 130, 131, 138, 146, 155, 192], "note_text_artifact": 38, "note_text_attach": 38, "note_text_end": 38, "note_text_start": 38, "note_top": 181, "notebook": 133, "notes_count": [60, 127], "notes_cr": 116, "notes_result": 152, "notes_str": 55, "notes_sync": 109, "notetext": [20, 21, 24, 28, 39, 41, 50, 59, 62, 67, 69, 76, 88, 91, 93, 96, 99, 110, 116, 117, 119, 125, 131, 139, 145, 149, 153], "notetyp": 148, "notexecut": 8, "notflag": 42, "notfound": 25, "noth": [121, 142, 163], "notic": [11, 15, 25, 36, 42, 43, 66, 67, 74, 78, 81, 88, 89, 90, 91, 99, 103, 104, 108, 114, 117, 118, 119, 125, 129, 133, 136, 144, 150, 153, 185], "notif": [43, 46, 111, 117], "notifi": [69, 85, 88, 98, 103, 133, 162], "notificationbodi": 78, "notificationid": 78, "notifications_url": 46, "notifyseverityoverrid": 103, "noutput": 188, "nov": [45, 104, 114], "noverview": 153, "now": [4, 10, 13, 18, 19, 21, 22, 25, 33, 35, 36, 37, 38, 41, 47, 51, 55, 57, 59, 64, 78, 79, 80, 81, 91, 96, 99, 102, 103, 104, 106, 107, 108, 111, 116, 117, 118, 119, 121, 124, 125, 129, 130, 133, 136, 137, 139, 146, 148, 152, 157, 178, 180, 181, 182, 184, 192], "nparamet": [11, 19], "npeopl": 153, "npl": 137, "nplaybook": 117, "npleas": [150, 188], "nproduct": [34, 150], "nprotect": 153, "npwd": 84, "nqj3maz06wksoip5ol6q0jyth11c60kakaiea38nxuv9irb6fmwn2fqlla4dumnso": 85, "nqueri": 108, "nreaqta": 108, "nreason": [78, 117, 120], "nrecommend": 153, "nredmond": 150, "nrefer": 153, "nregistr": 188, "nregistrar": [144, 188], "nregistri": [144, 188], "nremedi": 117, "nreput": 77, "nreserv": 188, "nresolut": 64, "nresourcegroupnam": 19, "nresult": [11, 84], "nreturn": 117, "nripe": 150, "nrjelmakga1uebhmcvvmxijagbgnvbaotgudvb2dszsbucnvzdcbtzxj2awnlcybm": 85, "nrow": 36, "nru": 137, "nrunbooktyp": 19, "ns1": [13, 149, 188], "ns2": [13, 188], "ns3": [13, 188], "ns4": [13, 188], "nsever": 78, "nshare": 153, "nslookup": [85, 192], "nsourc": 144, "nspm": 91, "nstandard": 85, "nstart": 78, "nstate": 19, "nstatu": [78, 117], "nstaxx": 10, "nsubject": 91, "nsuccess": 85, "nsuccessfulli": 117, "nsuch": 35, "nsuspici": 43, "nsx_distributed_firewall_polici": 146, "nsx_enabl": 146, "nsync": 119, "nsystem": 117, "nt": [35, 108, 131, 146, 187], "ntag": 19, "ntech": 188, "ntemxezarbgnvbamtckduuybdqsaxqzmwhhcnmjmwmja4mdqzndmwwhcnmjmwntaz": 85, "ntest": [42, 85], "nthat": 188, "nthe": 117, "nthere": 117, "nthi": [35, 78], "ntitl": 78, "ntkxioisqwfcukytlih9rm0q2jfkhgwzvltn1a03qiijcoiykmiqrt1g1p6hthr3hss0rlxabbuuo4muorhvpragiwsd7hou5ui0u6uw": 98, "ntlm": [35, 43, 67, 85, 143, 160], "ntlm_relai": 43, "ntlmv1": 43, "ntlmv1_authent": 43, "nto": [80, 91, 150], "ntop": 98, "ntp": 117, "ntr": 117, "ntraffic": 150, "ntype": 78, "nu": 37, "null": [7, 8, 11, 13, 15, 18, 19, 20, 21, 24, 25, 28, 35, 36, 38, 39, 41, 42, 43, 46, 49, 51, 59, 60, 64, 65, 66, 67, 72, 74, 76, 78, 79, 80, 81, 85, 86, 87, 88, 89, 90, 91, 92, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 120, 122, 124, 126, 127, 129, 130, 131, 133, 136, 137, 138, 146, 148, 150, 152, 153, 154, 159, 167, 185, 186], "null_group": 16, "num": [37, 159], "num_aggreg": 146, "num_artifact": [131, 146, 179], "num_asset": 18, "num_avail": 146, "num_complet": 146, "num_data_gath": 104, "num_featur": 71, "num_found": 146, "num_observ": 146, "num_of_casefil": 153, "num_of_each_typ": 37, "num_of_result": 59, "num_proc": 38, "num_report": 99, "num_row": 146, "num_rows_upd": 137, "num_sign": 130, "num_tot": 146, "num_typ": [13, 18, 25, 46, 79, 91, 116, 130, 146], "num_work": [103, 136], "number": [1, 3, 5, 7, 8, 10, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 48, 49, 55, 56, 57, 59, 60, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 78, 79, 80, 81, 85, 86, 87, 88, 90, 91, 92, 93, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 120, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 139, 144, 145, 146, 148, 150, 152, 161, 166, 167, 168, 179, 182, 183, 185, 187, 188, 191, 192], "number_devices_found": 69, "number_of_el": 104, "number_of_report": 7, "number_of_total_form": 13, "number_of_total_input_field": 13, "numberofattempt": 37, "numberofel": 117, "numberofemploye": 113, "numberoffailedlogin": 113, "numberoflocations__c": 113, "numberofphysicalcomput": 117, "numberofregisteredus": 117, "numberofresourc": 19, "numdistinctus": 7, "numer": [42, 43, 117, 119, 143], "numerous_email": 43, "numofconnectedlowrepapp": 37, "numofcpu": 74, "numpi": [70, 71, 86], "nunit": 150, "nunsuccess": 117, "nupdat": [144, 188], "nurl": 188, "nvarchar2": 182, "nvendor": 34, "nvrugcpny6": 85, "nw": 187, "nw_log_serv": 112, "nw_log_server_password": 112, "nw_log_server_url": 112, "nw_log_server_us": 112, "nw_log_server_usernam": 112, "nw_log_server_verifi": 112, "nw_packet_serv": 112, "nw_packet_server_password": 112, "nw_packet_server_url": 112, "nw_packet_server_us": 112, "nw_packet_server_usernam": 112, "nw_packet_server_verifi": 112, "nwa": 150, "nwcitybscnhkglc7c8ho1rla": 85, "nwhoi": 188, "nww": 85, "nx": 111, "ny2": 85, "ny24uy29tghyqlmdvb2dszxnhbmrib3gty24uy29tgh4qlnnhzmvudxauz29vz2xl": 85, "ny29tggoqlmd2ddeuy29tgheqlmdjcgnkbi5ndnqxlmnvbyikki5ndnqylmnvbyio": 85, "ny29tghmqlmdvb2dszwfwaxmty24uy29tghvnb29nbgvvchrpbwl6zs1jbi5jb22c": 85, "ny2hhlm5ldc5jboiski5yzwnhchrjageubmv0lmnughbyzwnhchrjagety24ubmv0": 85, "ny3jscy5wa2kuz29vzy9ndhmxyzmvzlzkegjwlut0bwsuy3jsmiibawykkwybbahw": 85, "ny3mty24uy29tghkqlmdvb2dszs1hbmfsexrpy3mty24uy29tghdnb29nbgvhzhnl": 85, "ny_impact_lik": [60, 127], "nya": 153, "nyc": 15, "nynorsk": 147, "nypo9zvlttttx6luqq7fm9pmxkanbxf3c4g8xo4imhdccdbgwdgydvr0paqh": 85, "nyxn1cmvtzw50lwnulmnvbyilz3z0ms1jbi5jb22cdsouz3z0ms1jbi5jb22cc2d2": 85, "nz": 187, "nz29vz2xlc3luzgljyxrpb24ty24uy29tgiqqlnnhzmvmcmftzs5nb29nbgvzew5k": 85, "nz29vz2xllmnughhzb3vyy2uuyw5kcm9pzc5nb29nbguuy24wiqydvr0gbbowgdai": 85, "nz29vz2xllwfuywx5dgljcy5jb22ccmdvb2dszs5jb22cemdvb2dszwnvbw1lcmnl": 85, "nz29vz2xlywrhcglzlmnvbyipki5nb29nbgvhcglzlmnugheqlmdvb2dszxzpzgvv": 85, "nz29vz2xlzg93bmxvywrzlmnughqqlmdvb2dszwrvd25sb2fkcy5jboiqcmvjyxb0": 85, "nzg91ymxly2xpy2sty24ubmv0ghgqlmzscy5kb3vibgvjbgljay1jbi5uzxscfi": 85, "nzgv2zwxvcgvylmfuzhjvawquz29vz2xllmnughxkzxzlbg9wzxjzlmfuzhjvawqu": 85, "nzl": 137, "nzwvkdwnhdglvbi5jb22cd3lvdxr1ymvrawrzlmnvbyirki55b3v0dwjla2lkcy5j": 85, "nzxj2awnlcy1jbi5jb22cf2dvb2dszxrhz21hbmfnzxity24uy29tghkqlmdvb2d": 85, "nzxn0lmjkbi5kzxaceiouy2xvdwquz29vz2xllmnvbyiyki5jcm93zhnvdxjjzs5n": 85, "nzxrhz21hbmfnzxity24uy29tghhnb29nbgvzew5kawnhdglvbi1jbi5jb22cgi": 85, "nzxscdgfkbw9ilwnulmnvbyioki5hzg1vyi1jbi5jb22cfgdvb2dszxnhbmrib3gt": 85, "nzy5kb3vibgvjbgljay1jbi5uzxscdmrvdwjszwnsawnrlmnughaqlmrvdwjszwn": 85, "nzy8amdhh7zboa0": 85, "nzyilki5nb29nbguuzxoccyouz29vz2xllmzyggsqlmdvb2dszs5odyilki5nb29n": 85, "o": [4, 15, 18, 35, 42, 43, 54, 58, 70, 74, 79, 85, 86, 98, 103, 108, 116, 117, 119, 130, 144, 146, 157, 188], "o3eqg6aaaap": 187, "oa": 187, "oaa": 19, "oalivacvd": 98, "oasu7xqwqqhmwi": 98, "oauth": [32, 113, 125, 133, 152, 168], "oauth2": [19, 33, 42, 79, 88, 111, 113, 133, 139, 157], "oauth2_generate_refresh_token": [133, 148], "oauth_access_token": [111, 168], "oauth_client_id": [111, 168], "oauth_client_secret": [111, 168], "oauth_cod": [111, 168], "oauth_grant_typ": 111, "oauth_redirect_uri": [111, 168], "oauth_refresh_token": [111, 168], "oauth_scop": [111, 168], "oauth_token_typ": [111, 168], "oauth_token_url": [111, 168], "obdc": 87, "obfusc": [44, 91, 108], "obj": [91, 98], "obj_cnt": 43, "obj_create_d": 127, "obj_creator_id": 127, "obj_id": [127, 178], "obj_list": 98, "obj_nam": 127, "objc_class_prefix": 53, "object": [7, 8, 9, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 28, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 48, 49, 50, 51, 53, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 139, 140, 144, 145, 146, 147, 149, 150, 151, 152, 153, 154, 155, 156, 159, 164, 167, 168, 178, 179, 180, 181, 183, 184, 186, 187, 191, 192], "object_ad": [24, 72, 80, 103, 107, 108, 113, 116, 124, 130, 131, 146, 152, 167, 168], "object_dt": 99, "object_id": [25, 43, 74, 81, 98, 99, 114], "object_is_delet": 98, "object_list": 98, "object_nam": [74, 98, 99], "object_not": 74, "object_rel": 81, "object_stat": 98, "object_threat": 99, "object_typ": [43, 98, 99], "object_type_id": 114, "object_valu": 43, "objectcategori": 67, "objectclass": [67, 160], "objectclassif": 130, "objectguid": 67, "objectid": [25, 74, 80], "objectnam": 74, "objectnot": 74, "objectsid": 67, "objectslist": 124, "objecttyp": 130, "objstm": 91, "obp": 98, "obser": 102, "observ": [10, 35, 37, 42, 78, 99, 142, 152, 153, 154, 177, 186], "observablecount": 37, "observation_descript": 146, "observation_detail_job_result": 146, "observation_id": 146, "observation_typ": 146, "observer": 102, "obtain": [19, 33, 38, 41, 42, 71, 80, 102, 107, 111, 116, 131, 133, 139, 157], "occasion": 88, "occur": [10, 12, 15, 16, 25, 27, 29, 33, 35, 37, 52, 59, 61, 68, 73, 77, 79, 85, 95, 100, 101, 104, 115, 123, 128, 130, 132, 133, 137, 141, 143, 161, 180, 181, 183, 184, 191], "occurr": [15, 127], "occurrenceid": 42, "ocean": 137, "ocn": 133, "ocr": 156, "ocr_artifact_id": 86, "ocr_attachment_id": 86, "ocr_base64": 86, "ocr_confidence_threshold": 86, "ocr_incident_id": 86, "ocr_languag": 86, "ocr_parse_imag": 86, "ocr_parse_image_attach": 86, "ocr_parse_image_base64": 86, "ocr_result": 86, "ocr_task_id": 86, "ocrjh": 159, "ocsp": [144, 188], "oct": [91, 114], "octet": 127, "octob": [57, 185], "od": 89, "odata": [42, 78, 79, 133], "odbc": [98, 156, 179, 192], "odbc_connect": 182, "odbcfe": 183, "odbcinst": 182, "oddiz6akinr2x9ulugmbhynna2neyayxosgl3bj6fwiodl8aqbgyb4uyb9ae2c6hqbpw": 98, "odonnel": 99, "odzmqnqmo7hu1eogmnswqlv": 98, "oeddsh0rpcg": 111, "oej7": 98, "oem": 159, "off": [46, 64, 76, 77, 79, 100, 106, 107, 113, 114, 116, 119, 130, 131, 137, 140, 146], "offend": 43, "offens": [35, 98, 106, 107, 108, 113, 146], "offense_analysis_period": 102, "offense_analysis_timeout": 102, "offense_id": 104, "offense_sourc": 104, "offense_sum": 103, "offense_tim": 103, "offense_typ": 104, "offenseannot": 103, "offenseasset": 103, "offenseid": 103, "offensemap": 103, "offensesourc": 103, "offensesummari": 103, "offensetyp": 103, "offer": [111, 121, 133], "offic": [21, 42, 78, 88, 133, 157], "office16": 78, "office365": [42, 91, 157], "officephon": 117, "offici": [1, 8, 16, 24, 79, 96, 102, 103, 110, 111, 117, 124, 130, 146, 150, 155], "offlin": [41, 117, 124], "offline_access": [19, 111, 133, 157], "offlinepdatrialexpirationd": 113, "offlinetrialexpirationd": 113, "offset": [24, 33, 36, 39, 43, 90, 153], "offsit": 146, "often": [43, 75, 86, 88, 106, 108, 127, 192], "ohwgydcj9vkmjolt": 98, "oidc": 133, "ok": [15, 16, 19, 20, 28, 111, 117, 120, 137, 155, 190, 192], "okai": 190, "old": [33, 43, 53, 81, 96, 188], "old_valu": 64, "oldcopyright": 106, "older": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 142, 144, 146, 147, 148, 150, 152, 153, 154, 155, 159, 167, 183, 191], "oldest": 41, "oldfullpath": 117, "oldpathnam": 117, "oldreput": 77, "oman": 137, "omg": 98, "omgdc": 98, "omgdi": 98, "omi_configurationdocu": 19, "omigod": 43, "omit": [13, 18, 25, 42, 46, 79, 91, 97, 116, 121, 130, 131, 146, 189], "omit_kei": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "omn": 137, "omsagentid": 80, "on_watchlist": 43, "ona": 69, "onboard": 78, "onboardingstatu": 78, "onc": [4, 21, 30, 40, 41, 42, 49, 56, 64, 67, 70, 71, 80, 81, 82, 97, 106, 110, 111, 113, 114, 118, 121, 123, 128, 133, 137, 141, 148, 159, 172, 180, 182, 183, 184, 185, 186, 187, 188, 192], "onclick": 117, "oncontextlost": 187, "oncontextrestor": 187, "oncrpc": 43, "ondemand_scan_dis": 146, "one": [1, 8, 11, 16, 18, 34, 35, 37, 38, 41, 42, 46, 49, 50, 53, 54, 57, 62, 64, 66, 67, 68, 69, 70, 74, 78, 80, 81, 83, 85, 86, 87, 88, 89, 93, 96, 97, 102, 103, 104, 105, 106, 107, 108, 111, 113, 115, 117, 121, 125, 128, 129, 131, 133, 136, 137, 139, 146, 148, 149, 153, 157, 168, 176, 178, 179, 180, 181, 182, 183, 184, 186, 190, 191], "onedr": 85, "onenot": 133, "oneperc": 43, "onepercent_ml": 43, "ones": [67, 71, 102, 107, 119, 130, 132], "onetim": 19, "ongo": [11, 15, 25, 36, 42, 43, 66, 67, 74, 78, 81, 88, 89, 90, 91, 99, 103, 104, 108, 114, 117, 118, 125, 129, 133, 144, 153, 183], "ongoing_outli": 56, "onionoo": 105, "onli": [0, 1, 2, 4, 7, 11, 15, 16, 17, 23, 24, 35, 38, 41, 42, 43, 47, 49, 53, 56, 58, 59, 60, 62, 64, 67, 74, 78, 79, 80, 81, 82, 84, 85, 87, 89, 90, 91, 95, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 111, 113, 116, 117, 118, 119, 125, 126, 127, 129, 131, 133, 137, 139, 143, 145, 146, 148, 151, 152, 155, 158, 162, 163, 166, 168, 176, 180, 183, 184, 191, 192], "onlin": [41, 57, 72, 106, 117, 137, 145, 150, 156, 185, 187], "online_meet": 41, "onlinegam": 122, "onlinemeet": 42, "onlinemeetingprovid": 42, "onlinemeetingurl": 42, "onlinestatu": 117, "onmicrosoft": [42, 78, 79, 133], "onpremisesdomainnam": 133, "onpremiseslastsyncdatetim": 133, "onpremisesnetbiosnam": 133, "onpremisesprovisioningerror": 133, "onpremisessamaccountnam": 133, "onpremisessecurityidentifi": [79, 133], "onpremisessyncen": 133, "onto": [25, 29, 43, 113, 115, 164, 173], "op": [107, 118, 130], "open": [7, 8, 9, 10, 12, 16, 21, 23, 29, 38, 45, 52, 55, 75, 86, 88, 91, 95, 100, 101, 106, 107, 109, 110, 114, 115, 117, 119, 120, 121, 123, 128, 132, 141, 143, 145, 146, 152, 161, 163, 178, 180, 181, 182, 183, 184, 189, 190, 191, 192], "open_issu": 46, "open_issues_count": 46, "open_ssh_port": 49, "openact": 91, "openblad": 79, "opencv": 86, "opendn": [26, 27], "opendxl": [77, 156, 172], "openid": 19, "openldap": 67, "openphish": [13, 72, 144, 188], "openport": 49, "openresolv": 167, "openslp": 43, "opensmtpd": 43, "openssl": [88, 172], "oper": [10, 11, 12, 15, 16, 24, 29, 30, 35, 36, 38, 41, 43, 47, 48, 49, 52, 58, 61, 64, 67, 68, 74, 78, 84, 85, 87, 95, 100, 101, 103, 106, 113, 114, 115, 117, 118, 123, 128, 129, 130, 132, 133, 141, 143, 148, 151, 152, 157, 161, 168, 179, 181, 182, 183], "operand": 43, "operand_1": 131, "operating_system": [24, 103], "operatingsystem": [117, 152], "operationalerror": 183, "operationalinsight": 80, "operationalst": 116, "operationalstateexpir": 116, "operationalstatu": 78, "operator_1": 131, "opportun": [38, 179], "oppos": 86, "opppvtp8kyrdbtqwppdppjhock": 117, "opt": [30, 38, 116, 192], "optic": 86, "optim": [71, 152], "option": [1, 5, 10, 12, 13, 15, 16, 18, 20, 21, 23, 25, 29, 30, 31, 33, 35, 36, 39, 41, 42, 43, 44, 45, 46, 47, 48, 49, 52, 53, 56, 60, 61, 64, 66, 68, 70, 71, 74, 75, 78, 79, 82, 85, 88, 89, 95, 98, 100, 101, 103, 104, 106, 107, 111, 112, 113, 114, 115, 116, 117, 118, 119, 123, 125, 127, 128, 130, 131, 132, 133, 136, 137, 141, 142, 143, 145, 146, 147, 148, 151, 152, 155, 157, 161, 167, 168, 178, 180, 181, 182, 183, 184, 190], "optional1": 41, "optional_attende": 41, "optional_incident_id": 40, "optionalfield": 120, "or_address": 105, "or_impact_lik": [60, 127], "ora": 182, "oracl": [43, 87, 117, 179, 182], "oracle_fe": 182, "oracledialect": 182, "oracleodbc": 182, "orang": 120, "orbit": 24, "orchestr": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 121, 122, 124, 125, 126, 129, 130, 131, 133, 136, 137, 143, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167, 183, 185, 187, 188, 192], "orclcdb": 182, "orclpdb1": 182, "order": [4, 7, 13, 18, 25, 30, 33, 34, 35, 36, 37, 38, 43, 46, 47, 49, 69, 74, 79, 82, 83, 88, 91, 97, 98, 103, 108, 111, 116, 117, 127, 130, 131, 133, 136, 137, 146, 148, 155, 182, 183, 189], "org": [2, 7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 62, 63, 64, 65, 66, 67, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 136, 137, 140, 141, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 163, 167, 175, 183, 188], "org1": 183, "org1_dep_type_id": 183, "org1_dep_type_nam": 183, "org1_inc_id": 183, "org1_type_id": 183, "org2": 183, "org2_inc_id": 183, "org2_type_id": 183, "org_handl": [60, 127], "org_id": [49, 60, 81, 98, 106, 127, 146, 180, 183], "org_kei": 146, "organ": [4, 15, 21, 22, 30, 37, 42, 49, 52, 72, 74, 81, 91, 96, 106, 110, 113, 115, 121, 133, 137, 146, 148, 155, 163, 167, 180, 183, 185, 186, 187, 188, 189, 190, 191], "organis": [38, 81], "organiz": 67, "organization_id": [107, 146], "organization_nam": [106, 146], "organization_to_us": 70, "organizationalperson": 67, "organizationheaderspreserv": 91, "organizationid": 49, "organizations_url": 46, "orgc": 81, "orgc_id": 81, "orgid": [88, 130], "orgnam": 81, "origin": [0, 8, 10, 13, 16, 18, 25, 36, 43, 46, 50, 74, 79, 80, 85, 88, 91, 98, 103, 109, 111, 113, 116, 119, 130, 131, 137, 138, 146, 147, 150, 182, 183, 187, 190, 192], "origin_countri": 96, "original_devic": 35, "original_msg": 88, "original_workflow_nam": 120, "originalarrivaltim": 91, "originalattributedtenantconnectingip": 91, "originaldomain": 37, "originalendtimezon": 42, "originalnam": 124, "originalproductcomponentnam": 80, "originalproductnam": 80, "originals": 131, "originalstarttimezon": 42, "originalsubmit": 91, "originaltraff": 8, "originatororg": 91, "originatorprocess": 116, "orion": 90, "orlando": 118, "orm": 152, "orr": 1, "os_info": 192, "os_major_vers": 146, "os_support": 24, "os_typ": 24, "os_us": 56, "os_vers": [24, 33, 146], "osarch": 116, "osarchitectur": 78, "osbit": 117, "osbitmod": 74, "osbuild": 78, "osbuildnum": 74, "oscsdvers": 74, "oselamstatu": 117, "osflavornumb": 117, "osfunct": 117, "osinfo": 54, "osint": 72, "oslanguag": 117, "osmajor": 117, "osmajorvers": 54, "osminor": 117, "osminorvers": 54, "osnam": [69, 116, 117], "osoemid": 74, "osplatform": [74, 78], "osprocessor": 78, "osreleas": 54, "osrevis": 116, "osservicepack": [69, 117], "osstarttim": 116, "ostyp": [74, 108, 116], "osusernam": 116, "osvers": [69, 74, 78, 117], "osx": 117, "other": [4, 15, 16, 21, 27, 30, 33, 34, 41, 43, 48, 49, 53, 58, 59, 69, 72, 78, 80, 81, 85, 86, 87, 89, 91, 96, 99, 101, 102, 103, 104, 106, 111, 113, 114, 117, 119, 127, 129, 130, 133, 134, 137, 144, 146, 150, 152, 162, 164, 166, 173, 178, 179, 180, 181, 182, 183, 184, 187, 188, 189, 190, 191], "other_count": 102, "other_observ": 102, "other_sect": 72, "other_us": 46, "otheraddress": 113, "otherattribut": 139, "otherbusinessnam": 191, "otherc": 113, "othercountri": 113, "othergeocodeaccuraci": 113, "otherlatitud": 113, "otherlongitud": 113, "otherphon": 113, "otherpostalcod": 113, "otherst": 113, "otherstreet": 113, "otherwis": [21, 30, 38, 46, 99, 111, 119, 125, 137, 144, 149, 167, 178, 179, 180, 181, 182, 183, 184, 188, 191], "otx": 156, "ou": [42, 192], "ouput": 48, "our": [4, 9, 11, 59, 80, 88, 89, 102, 103, 107, 118, 119, 121, 122, 129, 139, 184, 188], "out": [10, 11, 12, 21, 24, 29, 32, 33, 35, 41, 43, 45, 48, 49, 52, 56, 65, 66, 70, 72, 75, 80, 85, 88, 95, 97, 98, 100, 101, 103, 104, 107, 111, 115, 117, 118, 120, 121, 123, 125, 128, 131, 132, 133, 137, 141, 143, 145, 147, 152, 155, 157, 161, 183, 186, 190, 191, 192], "out_of_d": 117, "outbound": [25, 43, 98, 137, 156, 190, 191], "outbound_cobalt_strike_connect": 43, "outbound_email_reply_to_messag": 88, "outbound_email_result": 88, "outbound_socks_connect": 43, "outbound_tor_connect": 43, "outcom": 124, "outer": 104, "outer_kei": 104, "outgo": [24, 88, 98, 117, 152], "outli": 137, "outlier_t": 56, "outlin": [39, 88, 109, 142, 156], "outlook": [42, 88, 133], "outlook2016": 41, "outofofficemessag": 113, "output": [0, 4, 7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 135, 136, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 165, 167, 185, 186, 187, 188, 192], "output_data": 34, "output_exchange_create_meet": 41, "output_exchange_email": 41, "output_exchange_get_mailbox": 41, "output_exchange_send_email": 41, "output_scheduled_rule_cr": 114, "output_scheduled_rule_list": 114, "output_scheduled_rule_modifi": 114, "output_scheduled_rule_paus": 114, "output_scheduled_rule_remov": 114, "output_scheduled_rule_resum": 114, "output_scheduled_rule_run": 114, "output_text": 86, "outputdetail": 17, "outputtyp": 19, "outsid": 114, "outside_support_hour": 90, "ova": 192, "over": [4, 18, 21, 35, 43, 53, 59, 66, 98, 110, 111, 115, 117, 125, 130, 133, 146, 179, 184, 185], "overal": [35, 117, 179, 187], "overall_command_st": 117, "overcom": [179, 183], "overdu": 114, "overhead": 130, "overlap": [43, 97, 191], "overrid": [35, 43, 49, 64, 69, 80, 88, 90, 99, 106, 107, 108, 113, 115, 124, 125, 130, 131, 152, 157, 187], "overridden": 119, "override_list": 146, "override_reput": 146, "override_reputation_result": 146, "override_typ": 146, "overview": 156, "overwhelm": 43, "overwhelmed_citrix_data_transf": 43, "overwhelmed_data_transf": 43, "overwhelmed_database_data_transf": 43, "overwhelmed_email_data_transf": 43, "overwhelmed_ftp_data_transf": 43, "overwhelmed_http_data_transf": 43, "overwhelmed_kerberos_data_transf": 43, "overwhelmed_ldap_data_transf": 43, "overwhelmed_memcache_data_transf": 43, "overwhelmed_redis_data_transf": 43, "overwrit": [35, 78, 120, 125, 168, 183, 189, 190, 191, 192], "overwritten": [25, 43, 119], "ovh": 72, "owa": 42, "owasp": 38, "own": [0, 1, 6, 11, 15, 22, 23, 30, 38, 49, 64, 67, 69, 72, 77, 79, 86, 87, 88, 89, 97, 103, 104, 121, 129, 133, 134, 137, 138, 151, 163, 164, 168, 180, 182, 184, 188, 190, 191, 192], "owner": [8, 15, 17, 18, 21, 22, 43, 46, 78, 80, 103, 111, 113, 116, 124, 127, 131, 133, 143, 153, 157, 168, 183], "owner_fnam": [60, 127], "owner_id": [43, 60, 78, 80, 90, 107, 113, 127, 130, 133, 146], "owner_lnam": [60, 127], "ownerid": [113, 183], "ownership": [69, 113, 183], "ownertyp": 80, "ozzbaukwkdpb": 122, "p": [4, 21, 22, 25, 26, 34, 41, 43, 46, 76, 82, 85, 88, 102, 110, 111, 116, 127, 131, 142, 143, 144, 147, 152, 155, 157, 162, 186, 187, 192], "p0kv9nx": 90, "p1": 90, "p11txuyw": 39, "p12_signing_cert": 88, "p12_signing_cert_password": 88, "p12_signing_encrypting_cert": 88, "p1658330688241129": 125, "p1658330751752819": 125, "p2": 90, "p2p_auth": 117, "p2ust1dhddra2tjy2fxnwdk5oxd3eobm5rq6usfhx7cwsgslrzw8pl6": 187, "p3": 90, "p4": 90, "p4wg9mk": 90, "p7uz4a8": 90, "p7v7saj": 90, "p7zt80yqstm": 111, "p8021bt": 90, "p8ws4ha": 90, "p94irvl": 90, "p9zplkcb": 108, "pa": [24, 89, 147, 150], "paa": 64, "pack": 4, "packag": [0, 4, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 39, 41, 42, 43, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 72, 73, 74, 75, 76, 77, 79, 80, 81, 82, 83, 84, 85, 86, 87, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 136, 137, 138, 139, 141, 143, 144, 145, 146, 147, 148, 149, 150, 152, 153, 154, 155, 156, 159, 160, 161, 162, 163, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 189, 190, 191], "package_nam": 53, "package_vers": [7, 8, 10, 11, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 31, 33, 35, 36, 38, 41, 42, 43, 46, 47, 49, 51, 55, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 80, 81, 84, 85, 86, 87, 88, 89, 91, 92, 96, 97, 98, 103, 104, 106, 107, 108, 109, 111, 113, 114, 116, 117, 119, 122, 124, 126, 127, 129, 130, 131, 133, 136, 137, 138, 146, 148, 150, 152, 153, 154, 159, 185, 186], "packagenam": 37, "packer": 122, "packet": [85, 103, 117], "packet_captur": 117, "pad": [13, 18, 25, 46, 79, 91, 116, 130, 131, 142, 146, 150, 189], "page": [7, 8, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 37, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 73, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 120, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 142, 144, 146, 147, 148, 150, 152, 153, 154, 155, 156, 167, 183, 187], "pagenumb": 69, "pager": 92, "pagerduti": 156, "pages": [69, 103], "pagin": [33, 43, 113, 116], "pai": [13, 41], "paid": 136, "pair": [1, 4, 12, 13, 16, 18, 21, 36, 43, 46, 49, 60, 67, 79, 91, 103, 110, 111, 115, 116, 119, 120, 124, 127, 130, 131, 137, 146, 189], "pak": [118, 120, 121, 183, 185, 187, 188, 190], "pakistan": [137, 147], "palau": 137, "palestin": 137, "palo": 156, "paloalto_panorama_adapt": 18, "pam": 111, "pam_credenti": 111, "pamsqlsv": 80, "pan": 137, "panama": 137, "panda": [70, 71, 86], "pane": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167], "panel": [85, 107, 120, 121, 130, 192], "pango": 58, "pano": 89, "panorama": 156, "panorama_api_kei": 89, "panorama_device_group": 89, "panorama_host": 89, "panorama_label": 89, "panorama_label1": 89, "panorama_loc": 89, "panorama_name_paramet": 89, "panorama_request_bodi": 89, "panorama_user_group_nam": 89, "panorama_user_group_xml": 89, "panorama_user_group_xpath": 89, "panorama_users_list": 89, "panorama_vsi": 89, "panorama_xml": 89, "papua": 137, "paraguai": 137, "parallel": [127, 136, 180, 181, 183, 184], "parallel_execut": [180, 181, 183, 184], "param": [13, 16, 18, 24, 25, 27, 34, 38, 43, 46, 69, 76, 79, 91, 103, 111, 116, 117, 130, 131, 137, 146, 152, 155, 160, 182, 187, 192], "param1": [103, 104, 129], "param2": [103, 104, 129], "param3": [85, 103, 104, 129], "param4": 103, "param5": 103, "param6": 103, "paramet": [11, 12, 13, 14, 15, 16, 18, 19, 24, 25, 27, 30, 31, 34, 42, 43, 44, 46, 53, 59, 64, 67, 69, 72, 73, 76, 79, 80, 83, 85, 87, 91, 96, 99, 103, 104, 106, 107, 108, 110, 113, 114, 116, 117, 119, 121, 129, 130, 131, 133, 136, 137, 138, 142, 143, 146, 152, 153, 155, 156, 157, 160, 161, 167, 168, 173, 180, 182, 184, 187, 189, 191, 192], "parameter_nam": 182, "parameterset": 19, "paramiko": [38, 56, 85], "paramiko_expect": 56, "parent": [24, 46, 49, 53, 64, 98, 118, 119, 121, 146, 151, 156, 163, 183], "parent_artifact_result": 109, "parent_cmdlin": 146, "parent_display_nam": 49, "parent_effective_reput": 146, "parent_effective_reputation_sourc": 146, "parent_guid": 146, "parent_handl": 150, "parent_hash": 146, "parent_id": [43, 60, 108, 109, 127], "parent_incid": 109, "parent_issu": 146, "parent_md5": 146, "parent_nam": [49, 146], "parent_pid": 146, "parent_publish": 146, "parent_publisher_st": 146, "parent_reput": 146, "parent_sha256": [24, 146], "parent_user_id": 146, "parent_usernam": 146, "parentcommandlin": 103, "parentfolderid": 42, "parentgroupid": 108, "parenthes": [49, 85, 113], "parentid": [74, 108, 113], "parentimagenam": 103, "parentmessageid": 133, "parentprocesscreationtim": 78, "parentprocessfilenam": 78, "parentprocessfilepath": 78, "parentprocessid": 78, "pari": 118, "park": 37, "park_rocki": 39, "pars": [11, 25, 34, 49, 59, 81, 84, 85, 86, 97, 98, 102, 117, 119, 125, 127, 134, 140, 146, 151, 155, 156, 159, 190], "parsabl": 134, "parse_utilities_artifact_id": 91, "parse_utilities_attachment_id": 91, "parse_utilities_base64cont": 91, "parse_utilities_certif": 91, "parse_utilities_email_attach": 91, "parse_utilities_filenam": 91, "parse_utilities_incident_id": 91, "parse_utilities_parse_email_attach": 91, "parse_utilities_task_id": 91, "parse_utilities_xml_sourc": 91, "parse_utilities_xml_stylesheet": 91, "parsed_device_id": 137, "parser": [91, 130, 156, 187], "part": [15, 32, 38, 57, 82, 89, 91, 104, 105, 106, 111, 114, 127, 132, 133, 137, 148, 152, 180, 181, 183, 184, 191], "parti": [72, 113, 137, 148, 157], "partial": [8, 60, 69, 117], "partial_match": 117, "partialdevicenam": 69, "partiallyrout": 8, "partialphonenumb": 69, "partialusernam": 69, "particip": [41, 42, 43, 46, 148], "particular": [9, 24, 38, 41, 102, 111, 155, 182, 184, 186, 191], "particularli": 35, "partit": [15, 180, 184], "partner": [24, 159], "partnerloc": 117, "parton": 91, "pass": [4, 16, 38, 42, 47, 49, 53, 58, 64, 66, 67, 72, 80, 87, 88, 89, 90, 102, 103, 104, 114, 117, 119, 129, 145, 150, 152, 167, 183], "pass_len": 67, "pass_result": 67, "passcodecompli": 69, "passiv": [92, 106], "passive_dn": 9, "passive_mod": 146, "passivetot": [127, 156], "passivetotal_account_api_url": 92, "passivetotal_actions_class_api_url": 92, "passivetotal_actions_tags_api_url": 92, "passivetotal_api_kei": 92, "passivetotal_artifact_typ": 92, "passivetotal_artifact_valu": 92, "passivetotal_base_url": 92, "passivetotal_community_url": 92, "passivetotal_enrich_subdom_api_url": 92, "passivetotal_passive_dns_api_url": 92, "passivetotal_site_lookup": 92, "passivetotal_tag": 92, "passivetotal_usernam": 92, "passw0rd": 93, "password": [0, 8, 12, 16, 19, 20, 21, 22, 25, 29, 31, 32, 38, 39, 41, 43, 46, 54, 55, 56, 57, 59, 64, 66, 69, 70, 74, 75, 76, 80, 84, 85, 88, 89, 99, 103, 104, 110, 111, 114, 115, 117, 119, 121, 127, 129, 130, 131, 148, 153, 154, 155, 160, 161, 162, 163, 173, 180, 182, 183, 184, 185, 189, 191, 192], "password_chang": [60, 127], "password_field_pres": 13, "passwordlastus": 16, "passwordpolici": 131, "passwordpolicyviol": 16, "past": [28, 30, 37, 43, 47, 64, 78, 82, 93, 98, 110, 111, 120, 121, 140, 151, 155, 192], "pastebin": 156, "pastebin_api_dev_kei": 93, "pastebin_api_user_nam": 93, "pastebin_api_user_password": 93, "pastebin_cod": 93, "pastebin_expir": 93, "pastebin_format": 93, "pastebin_link": 93, "pastebin_nam": 93, "pastebin_privaci": 93, "patch": [46, 109, 111, 117, 143, 167, 168], "path": [4, 8, 9, 10, 11, 12, 13, 16, 20, 23, 24, 25, 30, 35, 39, 43, 46, 47, 49, 53, 55, 56, 59, 64, 65, 66, 70, 71, 74, 76, 77, 78, 79, 80, 81, 85, 88, 90, 91, 103, 104, 107, 108, 111, 113, 114, 115, 116, 117, 124, 127, 129, 130, 131, 135, 137, 146, 152, 154, 155, 173, 178, 182, 183, 184], "path2": 74, "path_list": 106, "path_of_the_saved_model": 71, "path_to_cert": [46, 137], "path_to_cert_private_kei": 46, "path_to_config_fil": 157, "path_to_dir": 53, "path_to_kei": 137, "path_to_private_rsa_kei": 64, "paths_data": 106, "paths_data_cont": 106, "paths_list_list": 106, "pathto": 85, "pattern": [11, 15, 27, 36, 102, 137, 182, 184, 191], "patternidx": 117, "paus": [103, 136, 168, 190], "payload": [11, 15, 16, 17, 19, 21, 22, 25, 34, 38, 43, 46, 57, 59, 66, 76, 78, 81, 102, 110, 111, 113, 116, 117, 133, 180, 181, 183, 184], "pb": [8, 11, 15, 19, 24, 25, 36, 42, 43, 66, 67, 74, 78, 80, 81, 85, 88, 89, 90, 91, 99, 103, 104, 108, 109, 111, 114, 116, 117, 118, 119, 125, 129, 131, 133, 144, 153], "pb2": 53, "pb_extrahop_rx_assign_tag": 43, "pb_extrahop_rx_get_activitymap": 43, "pb_extrahop_rx_get_devic": 43, "pb_extrahop_rx_get_tag": 43, "pb_extrahop_rx_get_watchlist": 43, "pb_extrahop_rx_search_detect": 43, "pb_extrahop_rx_search_devic": 43, "pb_extrahop_rx_search_packet": 43, "pb_extrahop_rx_update_detect": 43, "pb_extrahop_rx_update_setect": 43, "pb_extrahop_rx_update_watchlist": 43, "pb_id": 98, "pb_max_incident_d": 98, "pb_max_incident_data": 98, "pb_max_incident_id": 98, "pb_max_incient_data": 98, "pb_min_incident_d": 98, "pb_min_incident_data": 98, "pb_min_incident_id": 98, "pb_name": 43, "pb_object_nam": 98, "pb_object_typ": 98, "pb_scheduler_list_job": 114, "pb_scheduler_modify_job": 114, "pb_scheduler_pause_job": 114, "pb_scheduler_resume_job": 114, "pb_scheduler_run_job_now": 114, "pb_scheduler_schedule_job": 114, "pb_scheduler_schedule_job_artifact": 114, "pb_scheduler_schedule_job_task": 114, "pbid": 35, "pbk": 97, "pbm_activation_field": 97, "pbm_activation_typ": 97, "pbm_add_to_same_playbook": 97, "pbm_app_nam": 97, "pbm_base64_cont": 98, "pbm_bodi": 98, "pbm_function_nam": 97, "pbm_id": 98, "pbm_name": 98, "pbm_name_contain": 98, "pbm_name_prefix": 97, "pbm_playbook_nam": 97, "pbm_playbook_typ": 97, "pbm_script_nam": 97, "pbm_type": [97, 98], "pbutil": 98, "pc": [88, 113, 116], "pc9icg1uzgk6qlbntkvkz2u": 127, "pc9icg1uzgk6qlbntkxhymvspjwvynbtbmrpokjqtu5fzgdlpjxicg1uzgk6qlbntlnoyxbligjwbw5fbgvtzw50pvwivgv4defubm90yxrpb25fmhbmcjy4n1wiiglkpvwivgv4defubm90yxrpb25fmhbmcjy4n19kavwipjxvbwdkyzpcb3vuzhmgagvpz2h0pvwimzbciib3awr0ad1ciji4nlwiihg9xcixotdciib5pvwintfcii8": 127, "pc9icg1uzgk6qlbntlbsyw5lpjwvynbtbmrpokjqtu5eawfncmftpjwvzgvmaw5pdglvbnm": 127, "pc9icg1uzgk6qlbntlnoyxblpjxicg1uzgk6qlbntkvkz2ugynbtbkvszw1lbnq9xcjbc3nvy2lhdglvbl8xc3czowxtxcigawq9xcjbc3nvy2lhdglvbl8xc3czowxtx2rpxci": 127, "pca": [108, 146], "pcap": [43, 112], "pci": [49, 108], "pcn": 137, "pcy5861": 90, "pd": [21, 90, 187], "pd_descript": 90, "pd_escalation_polici": 90, "pd_incident_escalation_policy_id": 90, "pd_incident_escalation_policy_nam": 90, "pd_incident_id": 90, "pd_incident_kei": 90, "pd_incident_prior": 90, "pd_incident_service_id": 90, "pd_incident_service_nam": 90, "pd_incident_statu": 90, "pd_incident_url": 90, "pd_poller_filt": 90, "pd_prioriti": 90, "pd_search_dat": 90, "pd_servic": 90, "pd_statu": 90, "pd_sync_not": 90, "pd_test": 90, "pd_titl": 90, "pda": 113, "pdf": [73, 91, 145, 150, 156], "pdfid": 127, "pdfid_result": 91, "pdns_first_seen": 92, "pdns_hit_numb": 92, "pdns_last_seen": 92, "pdpyra": 90, "pdt": [43, 117], "pe32": 122, "peer": 150, "pehash": [122, 173], "pem": [46, 64, 78, 80, 88, 91, 116, 117, 137], "pend": [10, 12, 16, 29, 52, 60, 61, 68, 69, 95, 100, 101, 115, 117, 123, 127, 128, 132, 137, 141, 143, 146, 161], "pending_act": 90, "pending_confirm": 137, "pending_scan_result": [108, 109, 127], "pending_sourc": [60, 108, 109, 127], "pendingact": 116, "peopl": [96, 137, 192], "pepipost": 88, "peponoff": 117, "per": [1, 11, 53, 56, 66, 78, 80, 82, 86, 106, 107, 111, 121, 137, 138, 168, 178, 179, 180, 182, 183, 184], "percentag": [147, 187], "perform": [1, 2, 3, 8, 13, 16, 18, 25, 30, 34, 38, 39, 41, 42, 43, 46, 48, 52, 59, 61, 67, 69, 71, 72, 78, 79, 83, 87, 88, 91, 98, 101, 102, 104, 106, 111, 112, 113, 114, 115, 116, 117, 123, 126, 128, 129, 130, 131, 132, 133, 134, 137, 141, 142, 143, 144, 146, 148, 151, 167, 168, 178, 180, 181, 182, 183, 184, 186, 188, 189, 190, 191], "perhap": 179, "period": [35, 38, 55, 56, 102, 117, 136, 155, 183], "perl": 91, "perm": [60, 74, 108, 109, 127], "perm_set": 74, "permalink": 188, "perman": [13, 41, 119, 137], "permanent_user_id": 137, "permgroup": 74, "permiss": [1, 4, 7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 25, 28, 29, 31, 32, 35, 36, 38, 39, 41, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 71, 72, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 117, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 136, 140, 141, 144, 147, 148, 150, 151, 153, 154, 167, 168, 182, 183, 189, 190, 191, 192], "permission_set_nam": 74, "permit": [8, 25, 91, 99, 136], "permset": 74, "permsetnam": 74, "permut": 38, "persian": 147, "persist": [78, 82, 116, 182, 183, 192], "person": [21, 41, 46, 47, 67, 74, 82, 110, 113, 124, 125, 127, 155, 160, 186], "person_attribute_to_name_map": 96, "person_list": 96, "personal_profil": 96, "perspect": 106, "perspective_nam": 106, "persuad": 78, "peru": 137, "perviou": [74, 88], "pf390zgrvt09ererevfrvlzwfdw8pv7": 187, "pfa4bvu": 90, "pfivegdvbnn0bdwlhk": 98, "pg7t8ir": 90, "pg9tz2rjokjvdw5kcybozwlnahq9xcixm1wiihdpzhropvwimfwiihg9xciynjvciib5pvwimtg0xcivpjwvynbtbmrpokjqtu5mywjlbd48l2jwbw5katpcue1orwrnzt48ynbtbmrpokjqtu5fzgdligjwbw5fbgvtzw50pvwiu2vxdwvuy2vgbg93xzblmdfxatbciibpzd1cilnlcxvlbmnlrmxvd18wztaxcwkwx2rpxci": 127, "pg9tz2rpondhexbvaw50ihg9xci0mzjciib4c2k6dhlwzt1cim9tz2rjolbvaw50xciget1cijiwnlwilz48b21nzgk6d2f5cg9pbnqged1ciju4m1wiihhzatp0exblpvwib21nzgm6ug9pbnrciib5pvwimja2xcivpjxicg1uzgk6qlbntkxhymvspjxvbwdkyzpcb3vuzhmgagvpz2h0pvwimtnciib3awr0ad1cijbciib4pvwinta3ljvciib5pvwimtg0ljvcii8": 127, "pg9tz2rpondhexbvaw50ihg9xciznzbciib4c2k6dhlwzt1cim9tz2rjolbvaw50xciget1cije2nlwilz48b21nzgk6d2f5cg9pbnqged1cijm0nvwiihhzatp0exblpvwib21nzgm6ug9pbnrciib5pvwiodfcii8": 127, "phase": [98, 183, 190], "phase_id": [60, 109, 127], "phid": 35, "philip": 192, "philippin": 137, "phish": [7, 13, 37, 60, 63, 72, 95, 99, 103, 113, 117, 127, 139, 144, 153, 156, 183, 187, 188], "phish_tank_api_kei": 95, "phish_tank_api_url": 95, "phishai_api_kei": 94, "phishai_scan_id": 94, "phishai_scan_output": 94, "phishfe": 13, "phishfort": [144, 188], "phishing_attempt": 37, "phishing_databas": 72, "phishlab": [144, 188], "phishstat": [13, 72], "phishtank": [13, 72, 144, 156, 188], "phishtank_valid_onlin": 72, "phl": 137, "phoenix": 54, "phoenixbio": 117, "phone": [17, 21, 60, 62, 69, 74, 96, 113, 127, 131, 138, 150, 188], "phone_numb": [17, 74, 138], "phoneandvideosystempassword": 148, "phonenumb": [69, 74], "photourl": 113, "php": [13, 24, 31, 57, 63, 117, 148, 185], "phrase": 130, "phsical": 41, "physic": [41, 116, 117], "physicalcpu": 117, "pi": 24, "picker": [34, 38, 190], "pictur": [85, 86], "pid": [35, 108, 130, 146], "pids_stat": 38, "pierr": 137, "pii": [47, 60, 127, 183], "piix": 116, "pika": [58, 59], "pin": [35, 39, 53, 142, 143, 150], "ping": [7, 33, 43, 83, 117, 165], "ping_scan": 43, "pinpoint": 156, "pip": [4, 9, 10, 11, 12, 14, 16, 23, 26, 27, 29, 30, 34, 40, 44, 45, 52, 55, 56, 57, 61, 64, 68, 70, 71, 73, 75, 83, 95, 96, 100, 101, 105, 112, 115, 121, 123, 128, 132, 134, 135, 138, 141, 142, 143, 145, 157, 159, 160, 161, 162, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 180, 181, 182, 183, 184, 192], "pip3": 2, "pipe": 43, "pipl": 156, "pipl_api_kei": 96, "pipl_artifact_typ": 96, "pipl_artifact_valu": 96, "pipl_inf": 96, "pipl_infer_person": 96, "pipl_match": 96, "pipl_max_no_possible_per_match": 96, "pipl_minimum_match": 96, "pipl_minimum_prob": 96, "pipl_person_data": 96, "pipl_possible_match_no": 96, "pipl_properti": 96, "pipl_respons": 96, "pipl_timestamp": 96, "pipl_valu": 96, "pitcairn": 137, "pj3nzc29vb66ursdawpb29uxl5yodg42njbi4ukqqqh4ehmnjy09pt2ml235": 187, "pjge9x": 90, "pk": 147, "pk723d4": 90, "pkcs12": 88, "pki": 188, "pkpqsnfetj": 98, "pl": 147, "place": [4, 11, 15, 25, 36, 42, 43, 66, 67, 74, 78, 81, 85, 86, 87, 88, 89, 90, 91, 99, 103, 104, 108, 114, 115, 116, 117, 118, 125, 126, 129, 131, 133, 144, 153, 183, 190, 191, 192], "placehold": [15, 19, 21, 43, 55, 64, 67, 78, 79, 80, 81, 82, 87, 88, 99, 102, 103, 104, 106, 107, 108, 109, 113, 116, 119, 124, 130, 131, 137, 146, 152], "plaform": 29, "plai": [111, 183, 192], "plain": [57, 66, 88, 107, 111, 137, 185], "plain_bodi": 91, "plain_text": 91, "plaintext": [66, 137, 153], "plan": [8, 38, 47, 88, 94, 133, 168, 182], "plan_statu": [15, 20, 35, 43, 49, 60, 64, 66, 78, 79, 80, 88, 90, 106, 107, 113, 116, 119, 127, 129, 130, 131, 137, 146, 152, 183], "planet": 96, "planetexpress": 192, "plannedtraff": 8, "planner": 133, "platform": [4, 9, 10, 12, 23, 26, 27, 29, 30, 33, 34, 37, 40, 45, 48, 54, 56, 61, 68, 69, 70, 71, 73, 75, 76, 95, 100, 101, 112, 115, 118, 119, 120, 123, 128, 135, 138, 140, 141, 142, 143, 145, 151, 160, 161, 162, 168, 173, 177, 178, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191], "platform_": 98, "platform_id": 33, "platform_nam": 33, "platformnam": 69, "platformtyp": 51, "platinum": 108, "playbook": [2, 4, 13, 32, 49, 56, 79, 86, 87, 88, 109, 118, 136, 156, 179, 182, 183, 189, 191], "playbook1": 124, "playbook2": [11, 124], "playbook3": 124, "playbook4": 124, "playbook_3072ad5a": 98, "playbook_3072ad5a_2848_4c47_9667_acc5c44e941d": 98, "playbook_8dd7415a": 98, "playbook_8dd7415a_fb33_4144_ba51_491356741607": 98, "playbook_9d1969c7": 98, "playbook_9d1969c7_8f69_494d_b720_f09a9e37d125": 98, "playbook_cont": 98, "playbook_data": 98, "playbook_display_nam": 98, "playbook_exchange_create_meet": 41, "playbook_exchange_delete_email": 41, "playbook_exchange_find_email": 41, "playbook_exchange_get_mailbox_info": 41, "playbook_exchange_move_email": 41, "playbook_exchange_send_email": 41, "playbook_handl": [109, 127], "playbook_mak": 97, "playbook_map": 124, "playbook_nam": [97, 98], "playbook_result": 11, "playbook_ve_and_delete_fold": 41, "playlist": [57, 185], "pleas": [3, 4, 7, 8, 9, 10, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 69, 70, 71, 72, 74, 75, 76, 77, 79, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 119, 122, 124, 125, 127, 129, 130, 131, 133, 135, 136, 137, 140, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 160, 167, 168, 177, 179, 188, 191], "plr8wee7j": 98, "plugin": [35, 106, 107, 108, 113, 146, 156, 179, 182, 183], "plugin_license_error": 64, "plurin": 137, "plw": 137, "pm": [19, 85, 117], "pmbp": 66, "pmtnprv": 90, "pmv0lfg": 90, "png": [4, 48, 57, 64, 102, 119, 126, 137, 142, 168, 185, 186, 187], "png_base64cont": [142, 187], "png_url": [142, 187], "pnkfz": 152, "pnl36c8": 90, "po3k5pi": 90, "po7k0vzd1dzhnuuigouv7du3ujf3qvce4zqsaespallstamkclfj1sfizhjd4cysvkksgu1xqtiqarassbihrb0ktct8jlzawoiuojsauwanyvoccdodn1sbrtxnba3ltt29agpwt": 98, "poc_email": 106, "poc_id": 106, "pod": 116, "podlabel": 116, "podman": [1, 4, 30], "poehali": 153, "poffzlfoltof4": 98, "point": [3, 23, 64, 70, 97, 98, 102, 108, 112, 117, 136, 143, 183, 186, 191], "pointer": 41, "poison": 43, "pol": [16, 137], "pol_stat": 16, "poland": 137, "polic": 16, "polici": [24, 33, 43, 56, 73, 90, 104, 113, 116, 131, 146, 188], "policiesresult": 74, "policy_appli": 146, "policy_blob": 49, "policy_category_count": 104, "policy_deni": 146, "policy_h": 108, "policy_id": [33, 146], "policy_list": 16, "policy_match": 108, "policy_nam": [16, 21, 24, 146], "policy_overrid": 146, "policy_support": 24, "policy_typ": [21, 33], "policy_url": 108, "policy_xml": 24, "policyarn": 16, "policycompliancest": 69, "policyd": 117, "policydescript": 108, "policygroupid": 131, "policygroupnam": 131, "policyid": [74, 108, 131], "policyinheritanceen": 117, "policynam": [16, 131], "policyobjectid": 74, "policyserialnumb": 117, "policytitl": 108, "policytyp": 117, "policyvers": 131, "policyviol": 133, "polish": 147, "poll": [15, 20, 35, 43, 49, 55, 64, 75, 79, 90, 99, 100, 106, 107, 108, 113, 115, 116, 124, 131, 144, 146, 152], "poller": [49, 66, 79, 99, 116, 124, 131], "poller_filt": 64, "poller_interv": [35, 64, 107, 108, 113, 146, 152], "poller_timezon": 124, "polling_add_case_url_comment_in_rapid7": 107, "polling_add_case_url_comment_in_sumo_log": 130, "polling_filt": [43, 106, 107, 108, 113, 130, 146], "polling_filters_criteria_1": 146, "polling_filters_criteria_2": 146, "polling_filters_criteria_3": 146, "polling_h": 108, "polling_interv": [35, 43, 49, 64, 73, 78, 80, 90, 99, 100, 103, 106, 107, 108, 113, 115, 116, 124, 130, 131, 146, 152], "polling_interval_sec": 144, "polling_lookback": [35, 43, 49, 64, 78, 80, 90, 103, 106, 107, 108, 113, 116, 124, 130, 131, 146, 152], "polling_record_type_nam": 113, "poloatm": 102, "polynesia": 137, "pomf": 185, "pong": 117, "ponmocup": 72, "pool": 43, "poor": [43, 117], "poor_aaa_perform": 43, "poor_dhcp_perform": 43, "poor_http_perform": 43, "pop": [82, 106, 116, 129, 137], "popul": [26, 27, 35, 81, 98, 103, 106, 107, 108, 121, 137, 152, 160, 166, 179, 186, 191], "popular": [72, 86, 88, 139], "popular_infra": 72, "popular_web": 72, "popularity_rank": 144, "popup": [22, 31, 42, 115, 116, 120, 121, 148], "port": [4, 7, 13, 15, 19, 20, 21, 22, 24, 28, 38, 43, 45, 49, 53, 55, 56, 59, 66, 67, 70, 71, 79, 81, 83, 84, 87, 88, 103, 106, 107, 108, 110, 111, 114, 117, 121, 123, 124, 129, 130, 155, 157, 160, 173, 179, 180, 182, 183, 184, 192], "port_scan": 117, "portal": [35, 37, 79, 80, 155, 157], "portalurl": 152, "portion": [85, 98, 108, 126, 180, 184], "portnumb": 21, "portug": 137, "portugues": 147, "pose": 103, "posit": [19, 60, 104, 116, 127, 130, 146, 188], "possess": 111, "possibl": [29, 30, 35, 38, 44, 66, 69, 77, 80, 83, 85, 86, 87, 96, 98, 99, 104, 106, 107, 108, 113, 114, 117, 119, 125, 126, 130, 133, 137, 139, 146, 148, 152, 153, 179, 184, 191], "possible_person_count": 96, "possibli": [106, 111, 183, 191], "post": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 47, 48, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 73, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 101, 102, 103, 104, 106, 108, 109, 110, 111, 112, 114, 115, 116, 117, 119, 122, 123, 124, 126, 127, 128, 129, 130, 131, 132, 136, 137, 140, 141, 143, 144, 147, 148, 150, 151, 152, 153, 154, 155, 159, 161, 167, 168, 185, 186, 187, 188, 192], "post_attachment_result": 113, "post_comment_result": 107, "post_device_action_result": 146, "post_exploit": 106, "post_messag": 133, "post_msg": 49, "post_note_to_alert_result": 146, "post_tags_result": 146, "postal": [21, 62, 131, 188], "postal_cod": 150, "postalcod": [60, 113, 127], "postfix": 38, "postgr": [87, 182, 183, 192], "postgres_fe": 182, "postgresql": [87, 114, 182, 192], "postgresql96dialect": 182, "postgresql_acct": 183, "postgresql_connect": 183, "postgresql_pwd": 183, "postgresql_uid": 183, "postgressql": 183, "postman": 111, "postressql": 182, "postur": 80, "potenti": [15, 51, 82, 102, 103, 106, 107, 118, 131, 139, 188, 191], "potential_covert_channel": 43, "potentialliability__c": 113, "power": [107, 116, 179], "powered_bi": 33, "powershel": [19, 43, 78, 108, 143, 165], "powershell7": 19, "pp": 84, "pp4e6u59zqbjujzs9z1wz6hxfrb5hqennun12of2f6zpzqucdsmkcufnbz8fq7s4vul6uaq7jlxazaherz1z": 98, "pp_campaign_id": 99, "ppbutil": 98, "ppid": 108, "ppl000000000118": 21, "pptp": 117, "pqnvil9": 90, "practic": [11, 98, 153, 182], "pragma": 192, "prc": 137, "prd861l": 90, "pre": [7, 10, 11, 12, 16, 17, 20, 21, 22, 25, 27, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 56, 58, 59, 60, 61, 63, 64, 65, 68, 69, 70, 76, 77, 78, 81, 84, 85, 86, 87, 88, 90, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 103, 104, 106, 109, 111, 114, 115, 118, 122, 123, 125, 126, 127, 128, 129, 132, 133, 136, 137, 140, 141, 143, 144, 147, 148, 151, 153, 154, 155, 160, 161, 180, 185, 186, 187, 188, 190, 192], "pre_msg": 49, "pre_packag": 114, "pre_processing_script": 98, "pre_processing_script_languag": 98, "preattack": [79, 80], "preauth": 107, "prebyt": [144, 188], "preced": [21, 53, 82, 133, 190], "precend": [49, 53], "precis": [136, 182], "precisionsec": [13, 144, 188], "preconfigur": 87, "precpu_stat": 38, "precrim": [144, 188], "predefin": [79, 87, 88, 92, 111, 131], "predetermin": 133, "predict": [70, 71, 115], "preexist": [91, 137], "prefer": [4, 113, 117, 130, 135, 138, 184], "preferreddataloc": 133, "preferredlanguag": 133, "prefix": [10, 12, 15, 19, 21, 29, 35, 43, 45, 49, 52, 55, 64, 67, 75, 78, 79, 80, 81, 82, 88, 95, 97, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 113, 115, 116, 119, 121, 123, 124, 128, 130, 131, 132, 137, 141, 143, 145, 146, 152, 161, 180], "preform": 64, "prem": [41, 76], "premis": [65, 107], "premium": [49, 64], "prepar": [59, 70, 72, 87, 103, 139, 187], "prepare_city_countri": 187, "prepend": 119, "preprocess": 111, "preread": 38, "prereleas": 46, "prerequisit": [23, 156, 160, 168, 174, 176, 189, 190, 191], "present": [4, 11, 13, 16, 18, 21, 24, 25, 36, 41, 42, 43, 46, 49, 68, 74, 79, 80, 86, 88, 91, 98, 103, 108, 111, 114, 116, 117, 129, 130, 131, 133, 137, 146, 148, 149, 157, 159, 168, 182, 183, 189], "preserv": [35, 88, 98, 102, 106, 107, 108, 113, 125, 130, 146, 152, 190], "preserved_imag": 1, "press": [16, 56, 192], "pretty_result": 144, "pretty_str": 42, "preval": 77, "prevent": [33, 49, 65, 72, 88, 99, 115, 116, 117, 167], "preventorprotectstatusid": 131, "preview": [80, 168], "previou": [11, 13, 15, 16, 25, 30, 36, 42, 43, 45, 48, 59, 64, 66, 67, 72, 74, 78, 80, 81, 87, 88, 89, 90, 91, 99, 103, 104, 108, 114, 117, 118, 119, 125, 129, 133, 142, 144, 153, 169, 180, 184, 190, 191, 192], "previous": [21, 22, 30, 85, 108, 110, 176, 185, 192], "previous_hpd_ci_reconid": 21, "previous_serviceci_reconid": 21, "previousid": 35, "pri": 137, "primari": [19, 72, 111, 148, 179], "primary_event_id": 146, "primary_internal_dir": 38, "primary_output_dir": 38, "primarydomain": 92, "primarygroupid": 67, "primaryrequest": 187, "princip": [15, 119, 137, 181], "principal_id": 15, "principalid": [15, 19], "principalnam": 74, "principalusernam": 42, "print": [13, 25, 28, 41, 43, 47, 64, 69, 78, 79, 93, 117, 121, 131, 140, 144, 151, 192], "print_funct": 192, "printabl": 16, "printer": 43, "prior": [17, 35, 56, 63, 64, 67, 87, 89, 99, 103, 104, 107, 126, 129, 137, 182, 183, 190], "priorit": 111, "prioriti": [21, 35, 64, 74, 82, 88, 90, 102, 106, 113, 124, 137, 138, 144, 161, 186], "priority_impact_factor": 106, "priority_lookup": 124, "priority_map": [64, 107], "priority_scor": 106, "priority_status_factor": 106, "priority_tags_factor": 106, "privaci": [46, 111, 168, 188], "privat": [1, 11, 15, 21, 30, 46, 49, 64, 88, 93, 97, 110, 117, 125, 133, 153, 168, 170, 176, 187], "private_dns_nam": 15, "private_ip": 15, "private_rsa_key_file_path": 64, "private_weak": 106, "privateendpointconnect": 19, "privateipaddress": 79, "privileg": [43, 67, 74, 108, 109, 127, 186, 192], "privilege_level": 108, "privileged_us": 56, "privilegelevel": 108, "prk": 137, "pro": [3, 10, 15, 22, 25, 31, 42, 60, 63, 76, 77, 78, 84, 98, 106, 107, 113, 138, 186], "proactiv": 117, "probabl": [96, 182], "problem": [83, 183, 191], "problemsolv": 107, "probo": 108, "proce": [189, 190, 191], "procedur": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 30, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 140, 143, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 167, 178, 181, 182], "proces": 146, "process": [4, 7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 101, 102, 103, 104, 106, 107, 109, 110, 111, 112, 113, 114, 115, 116, 117, 119, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 140, 141, 143, 144, 147, 148, 150, 151, 152, 153, 154, 155, 157, 159, 160, 161, 162, 165, 167, 168, 173, 178, 179, 180, 181, 182, 184, 185, 186, 187, 188, 191, 192], "process_access_kei": 16, "process_access_key_id": 16, "process_cmdlin": 146, "process_cmdline_length": 146, "process_det": 43, "process_dev": 43, "process_effective_reput": 146, "process_effective_reputation_sourc": 146, "process_group": 16, "process_guid": 146, "process_hash": 146, "process_id": 24, "process_insight": 102, "process_intel": 129, "process_issu": 146, "process_md5": 146, "process_nam": [108, 146], "process_num": 108, "process_path": 108, "process_pid": [108, 146], "process_polici": 16, "process_publish": 146, "process_publisher_st": 146, "process_reput": 146, "process_sha256": 146, "process_start_tim": 146, "process_tag": 16, "process_user_id": 146, "process_usernam": 146, "processattach": 137, "processcommandlin": 78, "processcreationtim": 78, "processid": 78, "processingendtim": 80, "processnam": 108, "processor": [64, 88, 98, 116, 137, 165, 179, 187, 191], "processorclock": 117, "processortyp": 117, "processus": 116, "prod": [42, 64, 89], "produc": [4, 13, 15, 18, 25, 46, 66, 79, 88, 91, 116, 127, 130, 131, 146, 159, 189, 192], "product": [7, 18, 21, 24, 25, 32, 34, 35, 39, 41, 43, 46, 49, 51, 54, 59, 61, 66, 72, 74, 86, 92, 99, 101, 102, 106, 107, 108, 113, 115, 116, 117, 119, 122, 123, 124, 125, 128, 130, 131, 133, 134, 137, 143, 144, 146, 152, 155], "product__c": 113, "product_id": 74, "product_nam": [59, 74], "product_type_desc": 33, "productcomponentnam": 80, "productfamili": 124, "productid": 74, "productionteam": 133, "productnam": [74, 80], "profession": [96, 118], "professional_and_busi": 96, "professor": 192, "profil": [18, 19, 38, 46, 73, 80, 85, 133], "profilechecksum": 117, "profiledbehavior": 15, "profileid": 113, "profilephoto": 113, "profileserialno": 117, "profilevers": 117, "program": [74, 78, 91, 107, 108, 111, 126, 146, 192], "program_path": 108, "programdata": 108, "programmat": [15, 16, 155, 163, 178, 179, 192], "programmatic_nam": 98, "programpath": 108, "progress": [10, 12, 16, 29, 52, 61, 64, 68, 95, 100, 101, 113, 115, 116, 117, 119, 120, 123, 128, 130, 132, 141, 143, 146, 161], "progressdetailsresolut": 103, "project": [11, 12, 26, 49, 51, 64, 162, 163], "project1": 152, "project_display_nam": 49, "project_id": [49, 152], "project_nam": [49, 152], "project_name1": 64, "project_name2": 64, "projectid": 49, "projectnumb": 49, "projectshield": 187, "projecttypekei": 64, "prolong": 111, "prometheu": 90, "promot": 78, "prompt": [15, 31, 64, 85, 106, 114, 148, 192], "proof": 106, "proofpoint": 156, "proofpoint_aggregate_flag": 99, "proofpoint_campaign_id": 99, "proofpoint_malicious_flag": 99, "proofpoint_tap_campaign_id": 99, "proofpoint_tap_campaign_object_dt": 99, "proofpoint_tap_object_id": 99, "proofpoint_tap_object_nam": 99, "proofpoint_tap_object_subtype_of_threat": 99, "proofpoint_tap_object_threat": 99, "proofpoint_tap_object_threat_tim": 99, "proofpoint_tap_object_timestamp": 99, "proofpoint_tap_object_typ": 99, "proofpoint_tap_object_type_of_threat": 99, "proofpoint_threat_id": 99, "prop": [43, 187], "propag": 43, "proper": [78, 136, 167], "properli": [4, 39, 49, 53, 85, 88, 111, 119, 133, 179], "properti": [9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 29, 31, 32, 33, 34, 36, 42, 46, 48, 52, 55, 58, 59, 60, 61, 64, 66, 67, 68, 69, 74, 77, 78, 79, 80, 81, 82, 84, 86, 87, 88, 90, 91, 94, 95, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 121, 123, 124, 125, 127, 128, 129, 130, 131, 132, 136, 137, 138, 141, 143, 146, 148, 152, 155, 161, 168, 182, 186, 189, 190], "property_nam": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "propertyself": 43, "proposal_email_lock": 81, "proscript": 115, "protect": [13, 24, 46, 56, 74, 78, 80, 81, 87, 91, 99, 102, 104, 111, 116, 127, 131, 133, 137, 153, 156], "protectedresourceid": 79, "protection_url": 46, "protectmanag": 131, "proto": [53, 111], "proto3": 53, "protocol": [15, 21, 24, 43, 53, 64, 66, 79, 88, 103, 104, 106, 111, 117, 150, 173, 181, 182, 187], "protocol_id": 117, "protocolid": [103, 104], "protocolnam": [103, 104], "protocolname_protocolid": 104, "protocolstat": 187, "protonmail": 185, "prototyp": 97, "provid": [1, 2, 4, 7, 8, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 29, 31, 32, 35, 36, 39, 40, 41, 42, 43, 44, 46, 47, 49, 51, 53, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 100, 102, 103, 104, 106, 107, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 122, 124, 125, 126, 127, 129, 130, 131, 132, 133, 134, 136, 137, 140, 142, 144, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 159, 162, 164, 167, 168, 170, 174, 176, 178, 180, 181, 182, 183, 184, 185, 188, 189, 191, 192], "provider_unknown": 116, "provideralertid": [78, 80], "providerid": [77, 152], "providerincidentid": 80, "providernam": 80, "provideruniqueid": 152, "providervers": 79, "provinc": [21, 188], "provis": [33, 76, 172], "provision_statu": 33, "provisionconfig": 76, "provisioningoverview": 76, "provisioningst": 19, "proxi": [9, 10, 26, 27, 29, 34, 37, 45, 56, 57, 58, 61, 69, 75, 76, 95, 100, 109, 118, 123, 128, 140, 142, 145, 149, 151, 184], "proxy_command": 56, "proxy_host": [45, 183], "proxy_serv": [56, 126], "proxyaddress": 133, "proxyend": 187, "proxyhost": [82, 100], "proxystart": 187, "prt": 137, "pry": 137, "ps1": [19, 85, 143], "psazureadvisorconfigurationdata": 19, "psc1": 85, "pse": 137, "psexec_act": 43, "pskversion": 117, "pslist": 38, "psm1": [85, 143], "psql": 192, "psqlodbcw": 182, "psscan": 85, "pst": 174, "pstarttim": 108, "pstest": 85, "pt": 147, "ptponoff": 117, "ptr": [83, 91], "ptwbpyxmxoqcav1mw": 98, "pua": [78, 122], "pub": [0, 96], "pubdt": 34, "public": [7, 10, 13, 15, 19, 24, 35, 42, 43, 46, 62, 64, 72, 88, 91, 93, 104, 106, 107, 111, 125, 146, 153, 176, 182, 187], "public_dns_nam": 15, "public_ip": 15, "public_kei": [91, 144, 188], "public_network_access": 19, "public_weak": 106, "publicapi": 78, "publicexploit": 78, "publicipaddress": 79, "publickei": 117, "publicli": [72, 118, 121], "publicmeet": 148, "publicnetworkaccess": 19, "publicnetworkaccess_account": 19, "publictraffictyp": 91, "publicvulnerabilitydto": 78, "publish": [1, 19, 34, 37, 49, 78, 81, 102, 120, 146, 156, 178, 179, 180, 181, 182, 183, 184], "publish_timestamp": 81, "published_at": 46, "published_d": 34, "publishedon": 78, "publishernam": 116, "publishtim": 80, "puerto": 137, "puid": 137, "pujxxhtcellpkj6vnujvoqltxgttgy19izb0a1hqhlegr2w5dvtlglqixul": 98, "pull": [1, 7, 19, 35, 43, 46, 99, 100, 103, 107, 131, 146, 162, 169, 179], "pulls_url": 46, "puls": [43, 104], "pulse_import": 104, "pulsed": 156, "pulsedive_api_kei": 101, "pulsedive_api_url": 101, "punjabi": 147, "pup": 146, "purebas": 122, "purg": 41, "purpos": [36, 49, 53, 72, 80, 81, 90, 103, 111, 163, 188, 191], "push": [1, 3, 4, 30, 41, 46, 74, 89, 103, 113, 181], "pushed_at": 46, "pushend": 187, "pushstart": 187, "pushto": 147, "put": [13, 24, 25, 47, 70, 79, 111, 131, 167, 168, 192], "putbucketpolici": 15, "pvpw6eo": 90, "pw": 122, "pw8amda4cagozs7kysrf1dxvbqulw0ti": 187, "pwd": [32, 74, 84, 87, 182, 183, 192], "pwdlastset": 67, "pwncount": [57, 185], "pwned": 156, "pwnedlogo": 185, "px": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "py": [4, 23, 26, 27, 30, 38, 39, 40, 46, 48, 57, 67, 70, 71, 73, 84, 85, 88, 105, 112, 135, 138, 142, 157, 160, 162, 170, 173, 177, 182, 192], "py2": [13, 18, 25, 46, 74, 79, 91, 116, 130, 146], "py3": [13, 18, 25, 46, 79, 91, 116, 130, 146], "pyamd55": 90, "pyclamd": 28, "pycryptodom": 67, "pydoc": 76, "pyenv": 3, "pyenv_virtualenv_nam": 3, "pyeti": [154, 177], "pyf": 137, "pyimpl": 15, "pyinvestig": 27, "pyjwt": [64, 111, 167], "pylh7tb": 90, "pylint": [162, 182, 192], "pymisp": 81, "pymsteam": 133, "pyodbc": [87, 182], "pyopenssl": [85, 91, 157], "pypdf2": 47, "pypi": [4, 64], "pypostgresql": 114, "pytesseract": 86, "pytest": 163, "pytest_resilient_circuit": 163, "python": [2, 3, 4, 10, 12, 23, 26, 27, 29, 33, 38, 40, 44, 48, 52, 57, 61, 68, 70, 71, 73, 76, 93, 95, 100, 101, 105, 112, 115, 119, 123, 128, 132, 134, 135, 138, 141, 143, 151, 156, 159, 160, 161, 162, 163, 164, 170, 172, 173, 177, 179, 185, 186, 187, 188, 189, 190, 191], "python2": [42, 53, 81], "python3": [2, 3, 4, 13, 16, 19, 20, 24, 30, 42, 47, 53, 60, 66, 69, 79, 81, 96, 98, 99, 102, 104, 110, 112, 117, 124, 154, 155, 157], "python_vers": [11, 41, 81, 114, 150], "pytz": [30, 32, 42, 55, 114, 124], "pywinrm": [11, 85], "pz82": 187, "pzgchb1tbw": 187, "q": [24, 37, 44, 56, 187, 190], "q043": 187, "q046": 187, "q050": 187, "q0jc5fkzb7qkwa": 90, "q1i8e2p0cjsiib": 90, "q3eksaxm": 98, "q4odouli6kiomdnz0ljsdxv1ymqeodg4jqamt7e3": 187, "q9mwgdxxk6sp5kr3wdgfmwb3hd1ufpsiz0v3x1cojhxrsgfbplaf2vgpcyjwb": 98, "q_radar_block_group": 56, "qa": 153, "qaam": 78, "qat": 137, "qatar": 137, "qc": 85, "qeiivjj1": 98, "qemu": 116, "qhyjausilo": 111, "qid": 103, "qidnam": 103, "qmc92zdkqnfzkgnayycqsamrcbgatpssydmifkdtpmuxmj": 99, "qmra9djtfqgctnfazqsqb5fu6kaubeyvh56czj3ioeaz9w": 99, "qmrmd1jbn8ftfusy1lzcc3g3qjyccnryo9cgxqlng5guax": 99, "qr_asset": 103, "qr_assign": 103, "qr_categori": 103, "qr_credibl": 103, "qr_destination_ip_count": 103, "qr_event_count": 103, "qr_flow": 103, "qr_flow_count": 103, "qr_last_updated_tim": 103, "qr_magnitud": 103, "qr_offense_domain": 103, "qr_offense_index_typ": 103, "qr_offense_index_valu": 103, "qr_offense_last_updated_tim": 103, "qr_offense_sourc": 103, "qr_offense_start_tim": 103, "qr_offense_statu": 103, "qr_offense_top_ev": 103, "qr_relev": 103, "qr_sever": 103, "qr_source_ip_count": 103, "qr_top_destination_ip": 103, "qr_top_source_ip": 103, "qr_triggered_rul": 103, "qradar": [7, 8, 11, 13, 15, 16, 18, 19, 20, 21, 24, 25, 32, 35, 36, 39, 41, 42, 43, 46, 49, 51, 59, 64, 65, 66, 67, 72, 74, 78, 79, 80, 81, 82, 85, 86, 87, 88, 89, 90, 91, 92, 96, 97, 99, 106, 107, 109, 110, 111, 113, 114, 116, 117, 118, 120, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 148, 150, 152, 153, 154, 155, 158, 164, 167, 180, 183], "qradar_1_1_1_1_1103": 103, "qradar_4": 103, "qradar_9_21_118_173_1110": 103, "qradar_add_reference_set_item_result": 104, "qradar_advisor_app_id": 102, "qradar_advisor_descript": 102, "qradar_advisor_full_search": 102, "qradar_advisor_map_rul": 102, "qradar_advisor_observ": 102, "qradar_advisor_observable_for_artifact": 102, "qradar_advisor_offense_analysi": 102, "qradar_advisor_quick_search": 102, "qradar_advisor_relev": 102, "qradar_advisor_result_stag": [102, 186], "qradar_advisor_search_valu": 102, "qradar_advisor_token": 102, "qradar_advisor_tox": 102, "qradar_advisor_typ": 102, "qradar_analysis_restart_if_exist": [102, 186], "qradar_destin": [103, 104], "qradar_ev": [103, 104], "qradar_find_reference_set_item_result": 104, "qradar_find_reference_sets_result": 104, "qradar_host": 102, "qradar_id": [102, 103, 104, 186], "qradar_instance_label": [103, 104], "qradar_label": [103, 104], "qradar_label1": 103, "qradar_not": [103, 104], "qradar_ob": 102, "qradar_offense_ev": 104, "qradar_offense_id": [102, 103, 186], "qradar_queri": [103, 104], "qradar_query_all_result": 104, "qradar_query_range_end": 104, "qradar_query_range_start": 104, "qradar_query_typ": 103, "qradar_ref_table_inner_kei": 104, "qradar_ref_table_outer_kei": 104, "qradar_ref_table_upd": 104, "qradar_reference_set": 104, "qradar_reference_set_item_valu": 104, "qradar_reference_set_nam": 104, "qradar_reference_t": 104, "qradar_reference_table_add_item_result": 104, "qradar_reference_table_delete_item_result": 104, "qradar_reference_table_get_all_tables_result": 104, "qradar_reference_table_get_table_data_result": 104, "qradar_reference_table_item_inner_kei": 104, "qradar_reference_table_item_outer_kei": 104, "qradar_reference_table_item_valu": 104, "qradar_reference_table_nam": 104, "qradar_reference_table_queried_row": 104, "qradar_reference_table_update_result": 104, "qradar_rul": 102, "qradar_rule_nam": [102, 186], "qradar_rules_and_mitre_tactics_and_techniqu": 103, "qradar_search": 104, "qradar_search_param1": [103, 104], "qradar_search_param2": [103, 104], "qradar_search_param3": [103, 104], "qradar_search_param4": [103, 104], "qradar_search_param5": [103, 104], "qradar_search_param6": 103, "qradar_search_paramx": 103, "qradar_search_result": 104, "qradar_serv": 104, "qradar_sever": 161, "qradar_siem_not": 104, "qradar_ucm_token": 102, "qradar_update_json": 104, "qradar_update_offense_result": 104, "qradarpassword": [103, 104], "qradarsoar": 88, "qradartoken": [103, 104], "qraw": [102, 186], "qraw_mitr": 186, "qraw_offense_insight": [102, 186], "qraw_rule_map": 186, "qrhost": 103, "qroc": 103, "qtyie7": 85, "quai": 1, "quali": 106, "qualifi": [8, 88], "quamara": 150, "quarantin": [24, 100, 146], "quarantine_command_st": 117, "quarantine_commandid": 117, "quarantine_ep_result": 117, "quarantinecod": 117, "quarantinedesc": 117, "quarantinestatu": 117, "quebec": 118, "queri": [9, 13, 15, 16, 19, 23, 24, 25, 27, 33, 34, 35, 37, 41, 43, 49, 62, 63, 75, 79, 82, 83, 84, 88, 89, 92, 96, 98, 99, 100, 103, 105, 106, 107, 108, 111, 112, 114, 115, 116, 117, 119, 122, 127, 128, 129, 130, 131, 134, 137, 146, 149, 154, 155, 156, 157, 158, 160, 162, 165, 166, 170, 174, 175, 176, 177, 182, 185, 187, 188, 192], "query_build": 137, "query_collections_result": 153, "query_csv": 163, "query_descript": 8, "query_execution_d": [15, 16, 20, 43, 117, 155], "query_execution_tim": [16, 24, 27], "query_filt": 155, "query_html_path": 8, "query_id": 20, "query_issue_result": 152, "query_limit": 115, "query_nam": 18, "query_param": 116, "query_result": [39, 62], "query_str": [18, 39, 146], "query_ticket_grouping_typ": 115, "query_tim": [33, 104], "query_titl": 59, "querydescript": 8, "queryendtim": 130, "queryhtmlpath": 8, "queryresult": 8, "queryrunn": 164, "querystarttim": 130, "querytyp": 92, "queryuiresult": 8, "queryvalu": 92, "question": [10, 87, 103, 113, 148, 183], "queu": 183, "queue": [30, 162, 163, 166, 178, 179, 180, 181, 182, 183, 184, 192], "quic": 187, "quick": [25, 102, 111, 130, 144, 188], "quick_scan": 117, "quicker": 192, "quickheal": 122, "quickli": [82, 97, 117, 137], "quickstart": 66, "quiet": 44, "quilliam": 18, "quit": [73, 192], "quot": [16, 36, 41, 42, 47, 57, 60, 67, 85, 104, 106, 110, 113, 125, 127, 146], "quotat": [49, 67, 80, 111], "quttera": [144, 188], "qux": 130, "qwest": 15, "qxxg": 85, "qydruesx4zu": 98, "qzldebxef7t089kvafhsjaqfvybv": 98, "r": [13, 16, 18, 19, 24, 25, 37, 41, 42, 43, 46, 79, 80, 85, 91, 98, 108, 109, 113, 116, 117, 130, 131, 137, 146, 155, 162, 187, 188, 191], "r2rpsi1n0m3c53904ck0qkva18": 90, "r3": 98, "r3silient1": 74, "r5oqsqs81s9as5ks9flx770ig4": 90, "r7": 107, "r7_alert_id": 107, "r7_alert_sourc": 107, "r7_alert_typ": 107, "r7_case": 107, "r7_create_tim": 107, "r7_created_tim": 107, "r7_detection_rrn": 107, "r7_detection_rul": 107, "r7_evid": 107, "r7_query_d": 107, "r_descript": 22, "r_from": 22, "r_subject": 22, "r_to": 22, "radar": 56, "radiu": 102, "rais": [16, 24, 43, 81, 111, 117, 144, 155], "ram": 38, "ran": [18, 20, 38, 47, 59, 62, 74, 85, 146, 149, 192], "random": [70, 74], "randori": 156, "randori_base_url": 106, "randori_comment_text": 106, "randori_data_table_nam": 106, "randori_detections_dt": 106, "randori_discovery_path_dt": 106, "randori_dt_date_ad": 106, "randori_dt_discovery_step": 106, "randori_dt_first_seen": 106, "randori_dt_hostnam": 106, "randori_dt_ip": 106, "randori_dt_last_seen": 106, "randori_dt_link": 106, "randori_dt_path": 106, "randori_dt_port": 106, "randori_not": 106, "randori_target_affiliation_st": 106, "randori_target_author": 106, "randori_target_characteristic_tag": 106, "randori_target_id": 106, "randori_target_impact_scor": 106, "randori_target_link": 106, "randori_target_nam": 106, "randori_target_perspective_nam": 106, "randori_target_statu": 106, "randori_target_tech_categori": 106, "randori_target_tempt": 106, "randori_target_user_tag": 106, "randori_target_vendor": 106, "randori_target_vers": 106, "rang": [8, 25, 34, 59, 74, 98, 104, 112, 117, 127, 129, 150, 183, 191], "rangerstatu": 116, "rangervers": 116, "rank": [116, 144, 187], "ransom": 35, "ransomewar": 92, "ransomwar": [35, 43, 92, 99, 108, 139], "ransomware_act": 43, "rapid7": 156, "rapid7_attach": 107, "rapid7_insight_idr_alert_rrn": 107, "rapid7_insight_idr_alerts_dt": 107, "rapid7_insight_idr_assigne": 107, "rapid7_insight_idr_assignee_email": 107, "rapid7_insight_idr_attach": 107, "rapid7_insight_idr_comment_text": 107, "rapid7_insight_idr_disposit": 107, "rapid7_insight_idr_incident_id": 107, "rapid7_insight_idr_investig": 107, "rapid7_insight_idr_link": 107, "rapid7_insight_idr_prior": 107, "rapid7_insight_idr_respons": 107, "rapid7_insight_idr_rrn": 107, "rapid7_insight_idr_rrn_opt": 107, "rapid7_insight_idr_sourc": 107, "rapid7_insight_idr_statu": 107, "rapid7_insight_idr_threat_command_close_reason": 107, "rapid7_insight_idr_threat_command_free_text": 107, "rapid7_insight_idr_update_case_result": 107, "rapidjson": 78, "rare": [43, 184], "rare_database_table_access": 43, "rare_or_new_behavior": 56, "rare_ssh_port": 43, "rareprofiledapisaccountprofil": 15, "rareprofiledapisuseridentityprofil": 15, "rareprofiledasnsaccountprofil": 15, "rareprofiledasnsuseridentityprofil": 15, "rareprofileduseragentsaccountprofil": 15, "rareprofileduseragentsuseridentityprofil": 15, "rareprofiledusernamesaccountprofil": 15, "rareprofiledusertypesaccountprofil": 15, "rate": [103, 113, 155, 159, 162, 168], "rated": 159, "rather": [11, 18, 38, 80, 104, 114, 119, 139], "ratingdt": 159, "ratingdtscutoff": 159, "ratio": 188, "raw": [7, 8, 10, 11, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 31, 35, 36, 38, 41, 42, 43, 46, 47, 49, 51, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 80, 81, 84, 85, 86, 87, 88, 89, 91, 92, 96, 97, 98, 102, 103, 104, 106, 107, 108, 109, 111, 113, 114, 116, 117, 119, 122, 124, 126, 127, 129, 130, 131, 133, 136, 137, 138, 146, 148, 150, 152, 153, 154, 159, 167, 185, 186], "raw_data": 96, "raw_json_str": 69, "raw_referr": 150, "raw_respons": 167, "raw_url": 46, "rawcontentst": 153, "rawerror": 19, "rbac": 49, "rbacgroupid": 78, "rbacgroupnam": 78, "rc": [11, 13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 158, 163, 169, 171, 172, 174, 175, 176, 178, 180, 181, 182, 184], "rc4": 43, "rc_data_fe": [178, 180, 181, 182, 184], "rc_data_feed_plugin_elasticfe": 180, "rc_data_feed_plugin_resilientfe": 183, "rce": 43, "rcf": [144, 188], "rd": 38, "rdap_depth": 150, "rdap_queri": 150, "rdn": 187, "rdoejswkbswhn8jc3ymm600fvj": 98, "rdp": [43, 117], "rdp_brute_forc": 43, "rdp_unusual_loc": 43, "rdqfwy3s5": 98, "re": [3, 5, 10, 12, 13, 16, 18, 25, 29, 36, 43, 46, 52, 55, 61, 68, 69, 70, 71, 72, 75, 76, 79, 84, 85, 90, 91, 95, 96, 97, 100, 101, 109, 114, 115, 116, 117, 118, 119, 121, 123, 127, 128, 130, 131, 132, 137, 140, 141, 143, 144, 145, 146, 151, 155, 161, 180, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "reach": [99, 107, 111], "reachedeventslimit": 116, "reaction": 133, "reactivationcount": 49, "read": [4, 7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 136, 137, 139, 140, 141, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 167, 179, 182, 183, 186, 188, 189, 191, 192], "read_attach": [60, 127], "read_data": 4, "read_funct": 4, "read_messag": 133, "readabl": [13, 24, 25, 79, 111, 130, 131, 137], "readableid": 130, "readablelastscantim": 117, "readablelastupdatetim": 117, "readablelastvirustim": 117, "readaclfil": 131, "readaclshar": 131, "readal": 78, "readbas": 133, "readi": [4, 91, 145, 168, 185, 186, 187, 188], "readili": 184, "readincidentsactioninvoc": [16, 101], "readm": [91, 117, 168, 181], "readmessageitem": 42, "readthedoc": [64, 66, 135, 160], "readwrit": [42, 78, 133], "readwriteal": 78, "readwritenonownerrol": 133, "real": [35, 81, 96, 137, 178, 179, 180, 181, 182, 183, 184], "realtek": 43, "realtim": [55, 118], "reaqta": [108, 124], "reaqta_alert_id": 108, "reaqta_alert_link": 108, "reaqta_artifact_typ": 108, "reaqta_create_note_result": 108, "reaqta_create_policy_result": 108, "reaqta_deisolate_machine_result": 108, "reaqta_endpoint_id": 108, "reaqta_endpoint_link": 108, "reaqta_get_alert_information_result": 108, "reaqta_get_endpoint_status_result": 108, "reaqta_get_processes_result": 108, "reaqta_group": 108, "reaqta_h": 108, "reaqta_has_incid": 108, "reaqta_id": 108, "reaqta_impact": 108, "reaqta_incident_id": 108, "reaqta_is_malici": 108, "reaqta_isolate_machine_result": 108, "reaqta_kill_process_result": 108, "reaqta_machine_info": 108, "reaqta_not": 108, "reaqta_policy_block": 108, "reaqta_policy_block_when_trigg": 108, "reaqta_policy_descript": 108, "reaqta_policy_en": 108, "reaqta_policy_excluded_group": 108, "reaqta_policy_included_group": 108, "reaqta_policy_titl": 108, "reaqta_process_list": 108, "reaqta_process_pid": 108, "reaqta_program_path": 108, "reaqta_sha256": 108, "reaqta_starttim": 108, "reaqta_suspend": 108, "reaqta_tag": 108, "reaqta_trigger_condit": 108, "reaqta_trigger_ev": 108, "reaqta_url": 108, "reason": [7, 8, 10, 11, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 28, 31, 33, 35, 36, 38, 41, 42, 43, 46, 47, 49, 51, 55, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 91, 92, 96, 97, 98, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 122, 124, 126, 127, 129, 130, 131, 133, 136, 137, 138, 146, 148, 150, 152, 153, 154, 159, 179, 183, 185, 186, 188, 191], "reason_cod": 146, "reason_id": 137, "reattempt": 111, "rebind": 43, "rebootinst": 15, "rebootnodeifneed": 19, "rebootreason": 117, "rebootrequest": 19, "rebootrequir": [116, 117], "rebuild": [30, 31, 148], "rebuilt": [3, 111], "recal": 114, "reccommend": 125, "receipi": 190, "receiv": [14, 35, 41, 42, 43, 53, 72, 88, 91, 102, 111, 117, 137, 167, 183, 191], "received_ev": 46, "received_events_url": 46, "receivedat": [107, 108], "receiveddatetim": 42, "receiveheadersend": 187, "receivesadmininfoemail": 113, "receivesinfoemail": 113, "recenc": 41, "recent": [1, 7, 15, 30, 39, 43, 57, 130, 133, 152, 180], "recent_signal_sever": 130, "recentsignalsever": 130, "recipi": [0, 13, 18, 22, 41, 42, 57, 67, 78, 81, 88, 91, 113, 117, 129, 137, 185, 190, 191], "recogn": [80, 88, 99, 191], "recognit": 86, "recommend": [4, 9, 25, 34, 42, 49, 53, 64, 70, 71, 74, 79, 81, 85, 86, 88, 113, 117, 118, 121, 136, 137, 148, 153, 179, 182], "recommended_time_window": 90, "recommendedact": [78, 79], "recon": [43, 106], "reconciliation_statu": 108, "reconfigur": 49, "reconnaiss": 43, "record": [13, 21, 32, 39, 55, 56, 57, 83, 90, 92, 98, 106, 117, 118, 121, 127, 130, 138, 142, 162, 182, 184, 185, 191], "record_st": 119, "recordcount": 130, "recordings_read": 148, "recordsearchdetail": 130, "recordsfilt": [60, 98, 127], "recordstot": [60, 98, 127], "recordsummaryfield": 130, "recordtyp": 130, "recov": 120, "recover": 41, "recreat": [114, 182, 183, 190], "recur": [19, 72, 167], "recur_frequ": 19, "recur_interv": 19, "recur_week_dai": 19, "recurr": [19, 42], "recurs": [11, 38, 72], "red": [4, 11, 25, 43, 56, 67, 96, 102, 116, 120, 144, 145], "redact": [47, 188], "redesign": 20, "redhat": [1, 54, 85, 88, 117, 192], "redi": 43, "redirect": [8, 13, 78, 85, 88, 111, 117, 133, 148, 157, 187], "redirect_uri": [88, 157], "redirecthasextrainfo": 187, "redirectincidentid": 78, "redirecturl": 8, "redis_error": 43, "redis_issu": 43, "reduc": [38, 98, 102, 117, 152, 184, 191], "redund": [72, 167], "ref": [34, 46, 82, 186], "ref_html": [82, 106, 137, 186], "ref_html_attende": 31, "ref_html_host": 31, "ref_html_room": 148, "ref_link_text": 34, "refactor": 182, "refect": 108, "refer": [1, 3, 7, 8, 9, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 30, 31, 32, 33, 34, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 65, 66, 67, 69, 70, 71, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 106, 107, 108, 109, 111, 113, 114, 116, 117, 120, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 157, 164, 168, 169, 178, 180, 181, 182, 183, 184, 186, 187, 190, 191], "referenc": [16, 36, 78, 88, 97, 98, 111, 113, 124, 125, 180], "reference_count": 102, "reference_item": 104, "reference_set": 104, "reference_t": 104, "referencedfrom": [79, 80], "referr": [67, 150], "referrerpolici": 187, "refetch": [18, 146], "refin": 16, "reflect": [21, 30, 39, 49, 51, 98, 119, 137, 152, 180, 191], "refresh": [11, 16, 19, 24, 35, 43, 49, 56, 66, 69, 78, 88, 106, 108, 111, 113, 117, 133, 141, 144, 148, 150, 152, 155, 157, 168, 192], "refresh_all_app": 3, "refresh_d": 69, "refresh_token": [19, 88, 133, 148, 157], "refreshfrequencymin": 19, "refreshmod": 19, "regard": [10, 12, 14, 16, 29, 36, 41, 52, 61, 68, 95, 100, 101, 111, 115, 123, 128, 132, 134, 138, 141, 143, 161], "regdomain": 187, "regdomainstat": 187, "regener": 142, "regex": [16, 18, 35, 78, 91, 109, 117, 151, 191], "regex_str": [16, 155], "region": [15, 16, 17, 18, 19, 21, 37, 62, 78, 96, 102, 103, 104, 130, 131, 152, 186, 187], "region_nam": 13, "region_pref": 18, "regional_internet_registri": 188, "regist": [11, 24, 78, 116, 146, 157, 170, 171, 172, 173, 174, 175, 176, 188, 192], "registered_tim": 146, "registeredat": 116, "registr": [24, 80, 83, 102, 133, 150, 168, 173, 188], "registrar": [144, 149, 187, 188], "registrar_nam": 102, "registration_info": 19, "registration_kei": 19, "registrationkei": 19, "registrationmetaconfig": 19, "registrationmetaconfig2": 19, "registrationtim": 108, "registrationurl": 19, "registri": [1, 4, 11, 20, 21, 30, 38, 43, 78, 85, 102, 108, 129, 150, 173, 188], "registry_intel": 129, "registry_value_nam": 129, "registryh": 78, "registrykei": 78, "registrykeyst": 79, "registryvalu": 78, "registryvaluenam": 78, "registryvaluetyp": 78, "regkei": 173, "regress": 70, "regul": [60, 127], "regular": [15, 16, 24, 35, 43, 117, 142, 151, 155, 163, 191], "regularli": 79, "regulator_risk": [60, 127], "reinstal": 10, "reipient": 117, "reject": [15, 152, 190], "rel": [4, 27, 35, 36, 38, 49, 57, 103, 117, 120, 121, 136, 148, 179, 185], "rel_id": 106, "relai": 43, "relat": [27, 34, 35, 39, 41, 59, 60, 67, 72, 77, 85, 87, 102, 108, 117, 118, 119, 121, 127, 133, 148, 149, 150, 152, 183, 186, 191], "related_incident_count": [60, 108, 109, 127], "related_investig": [102, 186], "related_parent_incid": 109, "relatedanalyticruleid": 80, "relatedbreach": 35, "relatedev": 81, "relatedfileinfo": 78, "relatedus": 78, "relations_assign_par": 109, "relations_auto_close_child_incid": 109, "relations_child_incident_id": 109, "relations_datat": 109, "relations_datatables_to_exclud": 109, "relations_datatables_to_sync": 109, "relations_exclude_datat": 109, "relations_incident_id": 109, "relations_incident_nam": 109, "relations_incident_statu": 109, "relations_level": 109, "relations_note_id": 109, "relations_parent_id": 109, "relations_parent_incid": 109, "relations_parent_incident_id": 109, "relations_remove_child_rel": 109, "relations_remove_not": 109, "relations_row_data": 109, "relations_send_task_to_children": 109, "relations_sync_artifact_to_parentchild": 109, "relations_sync_datatable_data_to_parentchild": 109, "relations_sync_notes_to_parentchild": 109, "relations_sync_task_notes_to_parentchild": 109, "relations_update_child_table_data": 109, "relationship": [43, 81, 96, 119, 156, 183], "releas": [30, 45, 54, 57, 119, 120, 121, 142, 156, 168, 180, 181, 188, 190, 191, 192], "release_20221202_152441": 46, "release_20221202_153917": 46, "release_20221202_171442": 46, "releases_url": 46, "relev": [20, 35, 38, 49, 64, 86, 90, 102, 103, 104, 107, 108, 113, 117, 121, 130, 131, 133, 136, 146, 152, 153, 186, 191], "relevantanalyst": 124, "relevanttag": 124, "reli": [11, 33, 49, 58, 76, 86, 91, 98, 117, 119, 181, 190], "reliabl": [111, 191], "relic": 90, "reload": [3, 178, 180, 181, 182, 183, 184], "reload_query_api_method": [180, 181, 183, 184], "reload_typ": [180, 181, 183, 184], "remain": [4, 11, 15, 25, 35, 36, 42, 43, 53, 66, 67, 74, 78, 81, 85, 88, 89, 90, 91, 97, 99, 103, 104, 106, 107, 108, 113, 114, 117, 118, 125, 129, 130, 133, 144, 146, 152, 153, 182, 183, 191], "remaind": [11, 125], "remark": 150, "remedi": [43, 49, 56, 78, 80, 87, 98, 103, 106, 109, 117, 124, 146, 152, 153, 156, 183, 190], "remediate_artifact_valu": 117, "remediate_execution_d": 117, "remediation_command_st": 117, "remediation_commandid": 117, "remediation_d": 20, "remediation_statu": 117, "remediationstatu": 78, "remediationstep": 80, "remedy_additional_data": 110, "remedy_first_nam": 110, "remedy_host": 110, "remedy_id": 110, "remedy_impact": 110, "remedy_incident_nam": 110, "remedy_last_nam": 110, "remedy_linked_incidents_reference_t": 110, "remedy_not": 110, "remedy_password": 110, "remedy_payload": 110, "remedy_port": 110, "remedy_reported_sourc": 110, "remedy_service_typ": 110, "remedy_statu": 110, "remedy_support_group": 110, "remedy_templ": 110, "remedy_urg": 110, "remedy_us": 110, "rememb": 114, "reminderminutesbeforestart": 42, "remnux": 38, "remot": [15, 24, 38, 39, 43, 56, 76, 78, 84, 106, 117, 135, 137, 143, 146], "remote_access_tool": 137, "remote_auth_transport": [85, 143], "remote_command": 85, "remote_command1": 85, "remote_command2": 85, "remote_command_linux": 85, "remote_command_powershel": 85, "remote_comput": 85, "remote_computer1": 85, "remote_computer2": 85, "remote_computer_window": 85, "remote_destination_count": 104, "remote_ip": [15, 24], "remote_port": [15, 24], "remote_powershell_extens": [85, 143], "remote_reg_setvalu": 43, "remote_script": 85, "remote_shell_command": 85, "remotedestinationcount": 103, "remoteipaddress": 187, "remoteipdetail": 15, "remoteport": 187, "remoteprofilingst": 116, "remoteprofilingstateexpir": 116, "remotestaff": [57, 185], "remov": [10, 11, 12, 17, 24, 26, 29, 30, 36, 38, 42, 43, 45, 47, 49, 52, 60, 64, 70, 75, 78, 80, 81, 82, 88, 89, 91, 95, 96, 97, 98, 100, 101, 103, 104, 106, 110, 111, 112, 113, 115, 117, 118, 119, 123, 125, 127, 128, 132, 133, 137, 141, 142, 143, 145, 146, 157, 161, 163, 182, 183, 184, 191, 192], "remove_groups_result": 67, "remove_perm": 74, "remove_result": 25, "remove_us": 74, "removefromreferencedata": 103, "removefromreferenceset": 103, "renam": [20, 35, 108, 117, 118, 182, 192], "render": [58, 80, 88, 117, 119, 126], "render_rich_text": [118, 119, 121], "renderedfield": 64, "reneweddatetim": 133, "reoccur": 114, "rep": [43, 77], "repeat": [30, 72, 98, 108, 137, 183], "repeatedli": [111, 168, 189, 190, 191], "replac": [4, 11, 13, 15, 18, 25, 27, 36, 42, 43, 46, 49, 53, 59, 64, 66, 67, 74, 76, 78, 79, 80, 81, 85, 88, 89, 90, 91, 97, 99, 103, 104, 106, 107, 108, 110, 113, 114, 116, 117, 118, 125, 129, 130, 131, 133, 144, 146, 152, 153, 158, 160, 163, 184, 188, 191, 192], "replai": 88, "repli": [88, 109, 117, 133, 173, 190, 191], "replic": [1, 4, 106], "replica": [178, 179, 180, 181, 182, 183, 184], "replyto": 42, "replytoid": 133, "repmgr": 146, "repo": [38, 46, 188, 192], "repo_quai": 1, "report": [2, 7, 13, 21, 51, 59, 60, 64, 65, 68, 69, 73, 78, 80, 91, 92, 96, 98, 102, 103, 107, 108, 110, 114, 117, 124, 127, 131, 137, 142, 144, 145, 150, 153, 156, 173, 179, 184, 187, 188], "report_categori": 155, "report_d": [78, 80, 98, 108, 124], "report_fetch_s": 55, "report_id": 19, "report_period": 55, "report_st": 55, "report_typ": 155, "report_url": [92, 142, 187], "reported_on": 114, "reported_tim": 103, "reportedat": 7, "reportercountrycod": 7, "reportercountrynam": 7, "reporterid": 7, "reportformatvers": 19, "reportid": 19, "reportingsystem": 79, "reportinguserinfo": [117, 191], "reportmanag": 19, "reportserverweb": 19, "reportstoid": 113, "reporturl": 187, "repos_url": 46, "repositori": [4, 6, 30, 74, 164, 178, 179, 180, 181, 182, 183, 184], "repres": [4, 34, 43, 60, 64, 67, 68, 72, 81, 87, 88, 89, 103, 104, 111, 125, 127, 129, 137, 152, 167, 179, 183, 184], "represent": [4, 33, 46, 67, 91, 102, 139, 147, 180, 191], "republ": 137, "reput": [7, 9, 13, 14, 37, 51, 76, 83, 102, 130, 144, 145, 188], "reputation_lookup_sever": 145, "reputationcategori": 37, "reputationscor": 37, "req": 88, "reqir": 16, "reqta": 124, "request": [2, 15, 21, 23, 24, 30, 33, 41, 42, 43, 46, 53, 55, 56, 59, 64, 67, 69, 72, 88, 89, 97, 98, 103, 110, 113, 115, 117, 119, 129, 133, 142, 146, 148, 150, 152, 155, 157, 167, 168, 173, 179, 187, 190], "request_data": 8, "request_detail": 8, "request_max_retri": 98, "request_resourcenotfound": 42, "request_retry_backof": 98, "request_retry_delai": 98, "request_snapshot": 24, "requestcreatedfromdwp": 21, "requestedpermiss": 37, "requestid": 187, "requestor": [8, 78], "requestorcom": 78, "requests_first_el": 187, "requestsourc": 78, "requesttim": 187, "requesttypepractic": 64, "requir": [0, 1, 5, 9, 23, 27, 33, 34, 37, 38, 45, 48, 50, 54, 56, 57, 62, 83, 91, 119, 120, 121, 127, 136, 138, 139, 142, 149, 156, 160, 163, 165, 166, 168, 169, 171, 178, 179, 180, 184, 185, 186, 187, 188, 189, 192], "required1": 41, "required2": 41, "required_attende": 41, "required_status_check": 46, "rerun": 10, "res_artifact_typ": 20, "res_artifact_valu": 20, "res_bigfix_action_id": 20, "res_bigfix_computer_id": 20, "res_bigfix_computer_nam": 20, "res_bigfix_query_result": 20, "res_circuits_vers": 4, "res_db": 182, "res_hibp": 185, "res_id": 119, "res_link": [38, 119], "res_object": 38, "res_qraw_mitr": 186, "res_query_execution_d": 20, "res_reference_link": 120, "res_reference_typ": 120, "res_remediation_d": 20, "res_remediation_statu": 20, "res_test": 114, "res_urlscanio": 187, "res_wf": 120, "res_wf_addcom": 120, "res_wf_addworknot": 120, "res_wf_createincid": 120, "res_wf_createtask": 120, "res_wf_updatest": 120, "resadmin": 192, "rescircuit": [4, 11, 30, 35, 43, 47, 49, 53, 64, 76, 77, 80, 90, 91, 106, 107, 113, 116, 125, 130, 146, 152, 182], "rescont": 74, "resdemo123": 192, "research": [38, 57, 106, 115, 153, 185], "resel": 117, "reserv": [13, 18, 25, 46, 56, 79, 91, 104, 116, 130, 131, 137, 144, 146], "reserve_list": 182, "reset": [3, 16, 74, 118], "reshelp": 120, "reshydradev": 42, "resid": [30, 53, 66, 109, 182], "resil": [162, 192], "resilent_datatable_column_names_list": 192, "resili": [0, 2, 3, 6, 7, 8, 9, 11, 15, 18, 19, 20, 21, 22, 24, 25, 26, 30, 32, 33, 34, 35, 36, 37, 38, 39, 40, 42, 43, 44, 45, 46, 48, 49, 50, 51, 57, 59, 60, 66, 69, 70, 71, 72, 73, 75, 76, 79, 82, 85, 86, 88, 89, 90, 91, 92, 96, 97, 98, 102, 103, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 118, 119, 120, 121, 122, 124, 125, 126, 127, 130, 134, 135, 137, 138, 140, 142, 144, 145, 146, 148, 151, 152, 154, 155, 156, 157, 159, 160, 162, 164, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 180, 181, 182, 183, 184, 189, 190], "resilient_": 180, "resilient_artifact_typ": 80, "resilient_artifact_valu": 80, "resilient_circuit": [9, 10, 11, 12, 13, 15, 16, 17, 20, 22, 23, 24, 27, 28, 29, 30, 31, 32, 34, 36, 39, 41, 42, 44, 47, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 87, 88, 89, 90, 93, 94, 95, 96, 99, 100, 101, 102, 103, 104, 114, 115, 117, 123, 125, 128, 129, 131, 133, 134, 138, 140, 141, 143, 145, 147, 150, 151, 153, 160, 161, 171, 174, 176, 192], "resilient_circuits_url": [169, 171, 174, 175, 176, 177], "resilient_cli": 90, "resilient_datetimeformat": [66, 78], "resilient_email": 163, "resilient_fe": [180, 181, 183, 184], "resilient_host": 163, "resilient_incid": [70, 180], "resilient_inv": 30, "resilient_lib": [11, 13, 16, 39, 42, 55, 78, 82, 88, 106, 107, 113, 114, 117, 129, 130, 146], "resilient_login_us": 70, "resilient_org": 163, "resilient_password": 163, "resilient_profil": 80, "resilient_reference_id": 120, "resilient_substitut": [66, 78], "resilient_to_misp_map": 81, "resilientcommun": [10, 17, 22, 28, 47, 52, 53, 55, 58, 60, 61, 63, 84, 93, 94, 95, 98, 101, 115, 123, 128, 132, 140, 141, 147, 151], "resilientcompon": 192, "resilienthighlight": 127, "resilientinv": 30, "resilientsystem": [12, 57, 68, 85, 88, 100, 192], "resilinet_login_password": 70, "resiz": 117, "resolut": [21, 23, 43, 64, 74, 90, 98, 106, 107, 108, 119, 120, 130, 131, 137, 146], "resolution_id": [35, 43, 49, 60, 64, 66, 78, 80, 90, 106, 107, 108, 113, 124, 127, 130, 131, 137, 146, 152], "resolution_map": 152, "resolution_summari": [21, 35, 43, 49, 60, 64, 66, 78, 80, 90, 106, 107, 108, 113, 124, 127, 130, 131, 146, 152], "resolutiond": 64, "resolutionnot": 120, "resolutionreason": 152, "resolutionrecommend": 152, "resolv": [11, 21, 35, 43, 49, 56, 60, 64, 66, 71, 78, 79, 80, 90, 103, 104, 106, 107, 108, 113, 115, 119, 120, 124, 127, 130, 131, 146, 152, 182], "resolve_reason": 90, "resolve_threat_result": 116, "resolved_at": 90, "resolved_benign_known_good": 146, "resolvedat": 152, "resolveddetail": 159, "resolvedtim": 78, "resolveen": 159, "resorten": 74, "resourc": [16, 19, 20, 27, 42, 43, 49, 71, 78, 79, 80, 107, 111, 113, 133, 142, 152, 153, 157, 168, 185, 186, 187, 188], "resource_display_nam": 49, "resource_group": 19, "resource_group_account": 19, "resource_group_credenti": 19, "resource_group_nam": 19, "resource_group_runbook": 19, "resource_group_schedul": 19, "resource_group_statist": 19, "resource_groupnam": 80, "resource_id": 15, "resource_nam": [27, 49], "resource_own": 49, "resource_par": 49, "resource_parent_display_nam": 49, "resource_path": 49, "resource_project": 49, "resource_project_display_nam": 49, "resource_properti": 49, "resource_rol": 15, "resource_typ": [15, 49], "resourcebehavioropt": 133, "resourcedisplaynam": 49, "resourcegroup": [19, 78, 79, 80], "resourcegroup_start": 19, "resourcegroupexternalid": 152, "resourcegroupnam": 19, "resourceid": [19, 49, 78, 80], "resourceidentifi": 80, "resourcemanag": 49, "resourcemodulemanag": 19, "resourcenam": 80, "resourcepath": 49, "resourceprovisioningopt": 133, "resourcerepositoryweb": 19, "resourcerol": 15, "resourcestat": 187, "resourcetyp": [15, 49, 79, 80], "resp": [51, 122, 154], "resp_data": [7, 24, 185], "resp_dict": 185, "resp_tim": 20, "respect": [64, 85, 98, 99, 118, 119, 183], "respond": [15, 20, 21, 43, 74, 80, 82, 108, 115, 117, 165, 190], "responder_request": 90, "respons": [8, 21, 24, 28, 32, 33, 35, 38, 41, 42, 43, 47, 53, 59, 72, 76, 77, 78, 89, 94, 96, 100, 102, 103, 107, 109, 111, 112, 113, 116, 117, 118, 119, 120, 129, 143, 146, 152, 155, 167, 173, 187, 190, 191], "response_comput": 24, "response_count": 72, "response_desc": 69, "response_group": 24, "response_head": 13, "response_mod": [88, 157], "response_msg": 117, "response_payload": 17, "response_plai": 90, "response_task": 121, "response_typ": [88, 157], "responsecod": 117, "responsemessag": 117, "responserequest": 42, "responsestatu": 42, "responsetim": 187, "resseveritymap": 120, "rest": [8, 18, 21, 43, 55, 56, 64, 80, 83, 90, 99, 102, 105, 106, 107, 110, 113, 116, 119, 121, 127, 130, 131, 133, 137, 144, 147, 148, 155, 156, 157, 158, 162, 179], "rest_api_allowed_status_cod": [111, 168], "rest_api_bodi": [111, 168], "rest_api_cooki": [111, 168], "rest_api_head": [111, 167, 168], "rest_api_method": [111, 167, 168], "rest_api_query_paramet": [111, 168], "rest_api_timeout": [111, 167, 168], "rest_api_url": [111, 167, 168], "rest_api_verifi": [111, 167, 168], "rest_bodi": 111, "rest_cooki": 111, "rest_head": [111, 143], "rest_method": 111, "rest_retry_backoff": 167, "rest_retry_delai": 167, "rest_retry_tri": 167, "rest_service_port": 55, "rest_url": 111, "restapi": 129, "restart": [4, 10, 12, 29, 35, 43, 45, 49, 52, 55, 61, 68, 95, 100, 101, 102, 108, 114, 115, 123, 128, 132, 141, 143, 145, 161, 182, 183, 186, 192], "restart_agent_result": 116, "restest": 22, "restrict": [11, 21, 27, 35, 49, 78, 87, 88, 97, 107, 108, 183, 188], "restrictcodeexecut": 78, "restrictedcont": 37, "restrictexecut": 78, "resturl": [169, 170, 171, 172, 173, 174, 175, 176, 177], "result": [4, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 21, 22, 24, 25, 26, 27, 28, 31, 32, 34, 35, 36, 37, 38, 39, 40, 41, 43, 46, 47, 48, 49, 50, 51, 53, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 69, 72, 73, 74, 76, 78, 79, 80, 81, 82, 84, 85, 86, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 119, 122, 123, 124, 125, 126, 130, 131, 133, 134, 136, 137, 138, 139, 140, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 160, 162, 164, 165, 167, 168, 176, 182, 185, 186, 187, 188], "result_cod": 146, "result_cont": 187, "result_data": [9, 187], "result_data_requests_list": 187, "result_desc": 146, "result_id": 96, "result_info": 127, "result_nam": 98, "result_not": [13, 18, 25, 46, 79, 91, 116, 129, 130, 131, 146], "result_properti": [13, 18, 25, 46, 79, 91, 116, 130, 146], "result_row": 129, "result_set": 59, "result_url": 187, "resultinxml": 117, "resultpayload": [22, 82, 186], "results_cont": [64, 129], "results_d": 77, "results_input": 129, "results_limit": [27, 117], "resulttyp": 130, "resultz": 78, "resutil": [121, 169, 170, 171, 172, 173, 174, 175, 176, 177, 192], "resync": 183, "resz": [98, 168], "retain": [1, 10, 11, 12, 16, 29, 41, 52, 61, 66, 68, 95, 98, 100, 101, 111, 114, 115, 123, 125, 128, 132, 137, 141, 143, 158, 161, 182, 183, 190], "retent": [190, 191], "retrain": 70, "retreiv": 49, "retri": [15, 24, 42, 74, 98, 103, 107, 144, 155, 167, 183], "retriev": [1, 16, 18, 19, 20, 21, 22, 24, 34, 36, 41, 43, 46, 51, 56, 59, 66, 72, 75, 80, 82, 94, 102, 103, 104, 112, 125, 127, 133, 137, 142, 150, 152, 155, 167, 186, 191], "retriv": 138, "retry2": [43, 97, 108, 111, 124], "retry_backoff": 111, "retry_cal": [111, 167], "retry_delai": 111, "retry_tri": 111, "retur": 102, "return": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 30, 31, 32, 33, 34, 35, 36, 38, 39, 42, 43, 44, 45, 46, 48, 49, 53, 56, 57, 59, 60, 64, 65, 67, 68, 69, 72, 73, 74, 76, 77, 78, 79, 81, 82, 84, 85, 86, 88, 89, 90, 91, 93, 94, 95, 96, 98, 99, 102, 103, 104, 105, 106, 107, 108, 110, 111, 112, 114, 115, 116, 117, 119, 122, 123, 124, 129, 130, 131, 134, 137, 138, 139, 140, 142, 143, 144, 145, 146, 147, 149, 150, 151, 152, 153, 155, 159, 160, 165, 167, 168, 176, 182, 183, 186, 187, 188, 192], "return_search": 102, "returned_record": 39, "reu": 137, "reunifi": 81, "reus": [80, 103, 111, 190], "reusabl": 111, "revealx": 43, "revers": [38, 43, 91, 98, 134], "reverse_dn": 117, "reverse_ssh_connect": 43, "review": [10, 12, 16, 29, 30, 34, 37, 39, 52, 59, 61, 64, 68, 73, 74, 79, 80, 95, 98, 100, 101, 102, 103, 106, 114, 115, 119, 120, 123, 128, 131, 132, 139, 141, 143, 144, 161, 162, 168, 183, 184, 191], "revil": 43, "revis": [167, 168], "revok": 43, "rewritten": 8, "rf3gczg0bn": 98, "rf9fqapytl": 98, "rf_actionplanguid": 162, "rf_example_get_host_risk": 162, "rf_example_get_user_risk": 162, "rf_example_mitigate_persistent_insider_threat": 162, "rfb_brute_forc": 43, "rfc": [91, 129, 144], "rfc822": 40, "rfind": [106, 137], "rg": 59, "rgb": 88, "rhel": [9, 11, 23, 27, 34, 38, 56, 138, 160, 177, 182, 192], "rhive": 108, "rhiveam": 108, "rhsm": 192, "rica": 137, "rich": [37, 62, 118, 119, 121, 149], "rich_text": 53, "rich_text_format": 9, "rich_text_not": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "rich_text_pipl_valu": 96, "rich_text_tmp": [9, 34], "rich_text_tmp_2": 34, "richard": [21, 74], "richmedia": 91, "richtext": [21, 38, 47, 110, 120, 125, 183], "rico": 137, "right": [13, 18, 25, 35, 38, 43, 46, 49, 56, 67, 74, 79, 88, 91, 113, 116, 120, 121, 130, 131, 133, 137, 146, 188, 192], "rigid": 53, "rijk": 21, "ripe": [102, 150], "ripe_dbm": 150, "ripencc": 150, "ripple20": 43, "ripple20_dns_rc": 43, "ripple20_icmp_scan": 43, "ripple20_icmp_treck": 43, "ripple20_ip_in_ip": 43, "ripple20_ip_in_ip_ipaddr": 43, "riseslcwmfhyfj4": 187, "risk": [43, 78, 85, 102, 106, 137, 157], "risk_fabric_integration_funct": 162, "risk_scor": [13, 24, 43, 78, 137], "risk_score_min": 43, "risk_spotter_result": 56, "riskfabr": 162, "riskiq": [92, 156], "riskprofil": 152, "riskscor": [78, 79], "risky_us": [102, 186], "rj": 187, "rjx": 98, "rmi": 43, "rname": 144, "ro": 147, "road": 188, "roam": 154, "roast": 43, "robust": [179, 183], "rocki": 39, "role": [15, 43, 49, 80, 111, 116, 119, 120, 127, 133, 150, 155, 183], "rollup": 60, "romania": 137, "romanian": 147, "ron": 96, "room": 41, "roomid": 148, "roomnam": 148, "root": [1, 3, 15, 16, 30, 38, 41, 78, 84, 85, 107, 111, 116, 124, 130], "root_component_id_list": 21, "root_incident_id_list": 21, "rootca": 155, "rotat": 86, "rou": 137, "round": 86, "rout": [8, 21, 41, 83, 110, 150, 167, 187, 191], "routing_typ": 41, "row": [8, 15, 16, 18, 19, 20, 21, 24, 25, 26, 33, 35, 37, 38, 42, 43, 49, 59, 67, 69, 74, 77, 78, 80, 82, 87, 88, 96, 98, 99, 102, 103, 106, 107, 108, 109, 110, 114, 116, 117, 119, 120, 124, 129, 130, 137, 138, 152, 163, 186, 192], "row_count": [37, 78], "row_creat": 138, "row_id": [36, 109, 114, 119], "row_to_add": 19, "row_to_delet": 36, "row_typ": 37, "rows_ad": 36, "rows_id": 36, "rows_to_delet": 36, "rows_with_error": 36, "rpc": 53, "rpc_log_deletion_srv": 43, "rpc_remote_shutdown": 43, "rpilist": 13, "rpm": [85, 116, 192], "rqlnpggz88z4uk2k": 98, "rqt": 108, "rqt_api": 108, "rqtnetsentri": 108, "rqtsentri": 108, "rr": 27, "rr_count": 27, "rrn": 107, "rroemhild": 192, "rsa": [64, 144, 146, 156, 188], "rsa2048": 0, "rte": [21, 64, 106, 107, 108, 109, 124, 152], "rtmdjmapb8egnmnd3iul604xvd2x0o": 98, "ru": [102, 137, 147, 153], "ru3": 117, "ru4": 117, "ru5": 117, "ru50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c": 153, "ru6": 117, "ru8": 117, "rule": [8, 11, 14, 15, 25, 26, 29, 30, 36, 40, 41, 42, 43, 44, 45, 61, 64, 65, 66, 67, 70, 71, 73, 74, 78, 80, 81, 83, 85, 89, 90, 91, 98, 99, 104, 105, 107, 113, 116, 117, 118, 119, 120, 123, 125, 129, 130, 132, 133, 135, 142, 143, 144, 148, 153, 156, 159, 162, 164, 165, 166, 179, 180, 183, 184, 185, 187, 188, 190, 191], "rule3": 114, "rule_activity_field1": 114, "rule_activity_field2": 114, "rule_additional_text": 125, "rule_calendar_date_tim": 22, "rule_calendar_descript": 22, "rule_calendar_extra_email_addr": 22, "rule_group": 103, "rule_id": [103, 114], "rule_identifi": 103, "rule_nam": [103, 107], "rule_rrn": 107, "rule_slack_channel": 125, "rule_slack_is_channel_priv": 125, "rule_slack_participant_email": 125, "rule_slack_text": 125, "rule_typ": [103, 114], "ruleact": 103, "rulealtermetr": 103, "ruleandscript": 191, "rulecompliancest": 69, "rulegener": 124, "ruleid": 130, "rulenam": 104, "rulename_creeventlist": 104, "rulerespons": 103, "ruleresponseev": 103, "rulest": 117, "ruletest": 103, "rulex1": 114, "run": [1, 3, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 39, 40, 41, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 55, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 115, 116, 117, 118, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 159, 160, 161, 162, 163, 164, 165, 166, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 189, 191], "run_enforcement_set_result": 18, "run_now": 73, "run_stat": 146, "run_task": 74, "run_tim": [79, 94], "runantivirusscan": 78, "runbook_delet": 19, "runbook_nam": 19, "runbook_query_d": 19, "runbook_result": 19, "runbook_st": 19, "runbook_tag": 19, "runbook_typ": 19, "runbooktyp": 19, "runner": [11, 158, 163], "runner_dir": 11, "runon": 19, "runtim": [11, 136], "runtimeconfigur": 19, "russia": [102, 137], "russian": 147, "rvision": 153, "rwa": 137, "rwanda": 137, "rwx": 192, "ryang": 38, "ryhhuzyjnyws6j33mcgatfirdxszvql648nrwsybskwuvxlgmepx661whveokw5701mynniz34l8ruvwk3m": 98, "ryz5ifau7fykmqslohtgqr1iv12rzg5": 98, "r\u00e9union": 137, "s00096": 130, "s10e18": 96, "s1ac1pi6l5l": 24, "s2gzul5ql77re4t": 98, "s3": [43, 103], "s3bucket": 15, "s3bucket_nam": 15, "s3bucket_own": 15, "s3yjrnabv4bbucobuh3fbgvtl0qzncvn6glfcbrlmkzbf1kwqhieqm4bgasb1htxac1o57dusljzg2rmkg0zcxrmokzbeqq": 98, "s3yjznabv4bbucogui3fbexxl4iz1jkz": 98, "s4j": 98, "s8hbxy": 98, "sa": [20, 80], "saa": [35, 46, 107], "saas_onli": 35, "saba": 137, "safari": [94, 187], "safe": [78, 80, 88, 98, 108, 152, 156, 168], "safe_but_noisy_import": 30, "safebrows": [51, 144, 170, 188], "safer": 91, "safeti": [80, 143], "safetoopen": [144, 188], "safrainternet": 95, "sahara": 137, "sai": 153, "said": 67, "sail": 111, "saint": 137, "sale": [99, 185], "salesforc": [107, 156], "salesforce_account": 113, "salesforce_account_id": 113, "salesforce_account_nam": 113, "salesforce_attach": 113, "salesforce_cas": 113, "salesforce_case_com": 113, "salesforce_case_data": 113, "salesforce_case_descript": 113, "salesforce_case_id": 113, "salesforce_case_internal_com": 113, "salesforce_case_link": 113, "salesforce_case_numb": 113, "salesforce_case_own": 113, "salesforce_case_payload": 113, "salesforce_case_result": 113, "salesforce_case_statu": 113, "salesforce_case_subject": 113, "salesforce_case_typ": 113, "salesforce_comment_text": 113, "salesforce_contact": 113, "salesforce_contact_email": 113, "salesforce_contact_fax": 113, "salesforce_contact_id": 113, "salesforce_contact_nam": 113, "salesforce_contact_phon": 113, "salesforce_origin": 113, "salesforce_owner_id": 113, "salesforce_statu": 113, "salesforce_supplied_compani": 113, "salesforce_supplied_email": 113, "salesforce_supplied_nam": 113, "salesforce_supplied_phon": 113, "salesforce_task": 113, "salesforce_task_data": 113, "salesforce_task_payload": 113, "salesforce_us": 113, "salesforce_user_id": 113, "salt": [43, 57, 185], "salut": 113, "salvador": 137, "samaccountnam": 67, "samaccounttyp": 67, "same": [1, 3, 4, 11, 13, 15, 18, 21, 25, 30, 36, 38, 42, 43, 53, 64, 66, 67, 71, 74, 77, 78, 79, 81, 88, 89, 90, 91, 99, 102, 103, 104, 108, 111, 114, 116, 117, 118, 119, 121, 125, 127, 129, 130, 133, 136, 137, 144, 146, 153, 157, 162, 165, 173, 179, 182, 183, 190, 191], "sameorigin": 13, "samezon": 8, "sami": 90, "saml": 111, "samoa": 137, "sampl": [25, 37, 38, 44, 46, 47, 55, 59, 60, 63, 65, 70, 71, 73, 81, 91, 93, 97, 98, 102, 104, 108, 113, 119, 122, 127, 129, 133, 134, 144, 145, 148, 166, 182, 186, 188, 190], "sample_analysis_report": 145, "sample_attach": 119, "sample_branch": 46, "sample_fil": 46, "sample_filenam": 145, "sample_final_result": 145, "sample_last_reputation_sever": 145, "sample_online_report": 145, "sample_playbook": 98, "sample_profil": 85, "sample_report": 145, "sample_reputation_report": 145, "sample_scor": 145, "sample_sever": 145, "sample_vti_scor": 145, "sample_webif_url": 145, "samplenam": 33, "sampleus": 41, "samr_domain_admin_enum": 43, "samr_domain_computer_enum": 43, "samr_domain_group_enum": 43, "samr_domain_user_enum": 43, "samr_domain_workstation_enum": 43, "samr_local_admin_enum": 43, "samr_local_user_enum": 43, "san": [41, 118, 137, 146], "sandbox": 156, "sandbox_screenshot": 48, "sandwich": 137, "sanjosemarista": 24, "sanlist": 187, "sao": 137, "sap": 43, "sara": 148, "sasl": [66, 181], "sasl_mechan": 66, "sasl_plain_password": 66, "sasl_plain_usernam": 66, "sasl_plaintext": [66, 181], "sasl_ssl": 66, "satisfi": [59, 118, 157, 183], "sau": 137, "saudi": 137, "save": [10, 11, 12, 18, 26, 29, 30, 33, 34, 37, 38, 41, 42, 43, 45, 48, 52, 55, 56, 59, 62, 64, 69, 71, 72, 75, 85, 95, 96, 99, 100, 101, 113, 114, 115, 117, 121, 123, 124, 125, 126, 128, 131, 132, 133, 137, 141, 143, 145, 149, 157, 161, 163, 180, 184, 192], "save_convers": [137, 191], "save_message_id": 137, "saved_query_nam": 18, "sayhello": 53, "sb01": 98, "sb01_for_absolute_resilience_list_devices_by_local_ip": 98, "sbin": 130, "sc": [0, 49, 96, 133, 148, 157], "scalabl": 107, "scan": [7, 13, 18, 24, 25, 38, 43, 46, 72, 79, 91, 98, 106, 130, 131, 142, 144, 146, 152, 167, 168, 176, 189], "scan_artifact_valu": 117, "scan_command_st": 117, "scan_commandid": 117, "scan_dat": 188, "scan_eoc_result": 117, "scan_error": 144, "scan_id": 94, "scan_last_action_tim": 146, "scan_last_complete_tim": 146, "scan_properti": 168, "scan_result": 117, "scan_statu": [107, 146], "scan_tim": 187, "scan_typ": 117, "scanabortedat": 116, "scandetail": 37, "scanfinishedat": 116, "scanner": 187, "scannernam": 49, "scanstartedat": 116, "scanstatu": 116, "scantitan": [144, 188], "scape": 58, "sccd": 161, "sccm_adapt": 18, "scd": 24, "scenario": [78, 111, 130, 133, 152, 162, 191], "scert_id": 16, "scg": 137, "schedul": [41, 43, 78, 109, 117, 148, 156], "schedule_delet": 19, "schedule_descript": 19, "schedule_en": 19, "schedule_expir": 19, "schedule_expiry_tim": 19, "schedule_frequ": 19, "schedule_interv": 19, "schedule_is_playbook": 114, "schedule_label": 114, "schedule_label_prefix": 114, "schedule_nam": 19, "schedule_query_d": 19, "schedule_query_row": 19, "schedule_recurr": 19, "schedule_rule_nam": 114, "schedule_rule_paramet": 114, "schedule_start_tim": 19, "schedule_time_zon": 19, "schedule_typ": 114, "schedule_type_valu": 114, "schedule_upd": 19, "scheduled_act": 90, "scheduled_task_enumer": 43, "scheduledtyp": 148, "scheduler_demo": 114, "scheduler_is_playbook": 114, "scheduler_label": 114, "scheduler_label_prefix": 114, "scheduler_rul": 114, "scheduler_rule_nam": 114, "scheduler_rule_paramet": 114, "scheduler_typ": 114, "scheduler_type_valu": 114, "schedules_read": 148, "schedules_writ": 148, "schema": [21, 39, 55, 59, 64, 67, 110, 116, 179, 182, 183], "schemavers": 15, "scheme": 13, "scherfl": [46, 133], "schiphol": 21, "school": 96, "scienc": 96, "scientificamerican": 167, "scipi": [70, 71], "scl": 91, "sco": [102, 186], "scope": [19, 32, 37, 38, 60, 78, 79, 88, 106, 108, 113, 124, 133, 148, 155, 157, 190], "score": [7, 14, 35, 37, 43, 78, 86, 96, 99, 127, 130, 137, 145, 152, 155, 162, 187], "score_threshold": 99, "scoreperc": 124, "scr_aws_iam_add_access_key_as_artifact": 16, "scr_aws_iam_add_user_as_artifact": 16, "scr_extrahop_detection_property_help": 43, "scram": 66, "scrape": 38, "scratch": 86, "screeen": 115, "screen": [113, 121, 133], "screen_sav": 117, "screeni": 117, "screenshot": [8, 12, 15, 19, 20, 21, 24, 25, 37, 41, 42, 43, 55, 64, 69, 74, 75, 77, 78, 80, 82, 86, 87, 96, 98, 99, 102, 103, 104, 107, 108, 109, 110, 115, 116, 117, 121, 124, 129, 139, 142, 152, 155, 168, 187], "screenshot_1": 168, "screenshot_uuid": 106, "screenshotid": 37, "screenshotthumbnail": 37, "screenshotthumbnailid": 37, "screenshoturl": 187, "screenx": 117, "scrip": 137, "script": [2, 7, 8, 11, 15, 17, 19, 20, 21, 22, 27, 28, 31, 32, 36, 39, 41, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 72, 73, 74, 76, 77, 80, 81, 82, 84, 86, 87, 89, 90, 92, 93, 94, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 119, 122, 124, 125, 126, 129, 133, 136, 140, 144, 147, 148, 150, 151, 152, 153, 154, 155, 159, 160, 165, 185, 186, 187, 188, 190], "script1": 97, "script2": 97, "script_input": 43, "scriptalon": 191, "scripttask": 98, "scripttask_2": 98, "scripttask_2_di": 98, "scroll": [10, 12, 29, 45, 52, 55, 75, 95, 100, 101, 115, 121, 123, 128, 132, 141, 143, 145, 161, 192], "scrollbar": 117, "scrub": 19, "sctp": 49, "scumwar": [144, 188], "scwx": 115, "sdist": [4, 26, 40, 57, 73, 105, 112, 135, 162, 177, 192], "sdk": [3, 6, 15, 30, 43, 82, 110, 119, 142, 148, 155, 168], "sdlp": 131, "sdlp_attachment_upload_typ": 131, "sdlp_close_dlp_cas": 131, "sdlp_get_not": 131, "sdlp_host": 131, "sdlp_incident_id": [127, 131], "sdlp_incident_severity_id": 131, "sdlp_incident_statu": [127, 131], "sdlp_incident_url": [127, 131], "sdlp_input": 131, "sdlp_note_text": 131, "sdlp_password": 131, "sdlp_policy_group_id": [127, 131], "sdlp_policy_group_nam": [127, 131], "sdlp_policy_id": [127, 131], "sdlp_policy_nam": [127, 131], "sdlp_resolve_incident_in_dlp": 131, "sdlp_saved_report_id": 131, "sdlp_send_soar_note_to_dlp": 131, "sdlp_update_incid": 131, "sdlp_update_severity_in_dlp": 131, "sdlp_upload_binari": 131, "sdlp_usernam": 131, "sdlp_write_incident_details_to_not": 131, "sdn": 137, "se": [37, 130], "seamless": 137, "search": [7, 8, 9, 10, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 31, 32, 35, 36, 38, 39, 41, 42, 46, 47, 49, 51, 53, 54, 55, 57, 58, 59, 63, 64, 65, 66, 72, 74, 75, 76, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 97, 98, 99, 101, 105, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 120, 121, 122, 124, 125, 126, 130, 131, 133, 134, 136, 137, 140, 144, 147, 148, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 163, 166, 167, 168, 176, 183, 184, 191], "search_column": 36, "search_detections_result": 43, "search_filt": 43, "search_packets_result": 43, "search_point": 96, "search_queri": 37, "search_ref_set": 104, "search_result": [67, 102, 192], "search_result_level": 60, "search_tabl": 56, "search_timeout": [103, 104], "search_typ": 192, "search_valu": [36, 102, 192], "search_value_typ": 102, "searchabl": [98, 146], "searchclient": 192, "searcher": 156, "searchexinputdto": 127, "sec": [43, 103, 104, 118, 130, 185], "sec_record_": 130, "seclookup": [144, 188], "second": [13, 18, 19, 20, 23, 25, 33, 35, 36, 46, 49, 55, 64, 65, 67, 69, 73, 74, 75, 78, 79, 80, 85, 87, 88, 90, 91, 94, 98, 101, 102, 103, 104, 106, 107, 108, 111, 113, 114, 115, 116, 117, 119, 121, 124, 126, 130, 131, 136, 138, 142, 143, 144, 145, 146, 152, 157, 168, 181, 183, 186, 190], "secondari": [19, 65], "secop": 121, "secret": [0, 15, 16, 17, 19, 32, 35, 42, 43, 64, 72, 78, 79, 80, 84, 88, 99, 108, 113, 121, 139, 146, 148, 152, 168], "secret_nam": 111, "secret_valu": 133, "sectigo": 146, "section": [0, 4, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 29, 30, 31, 32, 34, 35, 36, 39, 41, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 55, 56, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 77, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 121, 122, 123, 124, 125, 127, 128, 129, 130, 131, 132, 133, 135, 137, 141, 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 156, 157, 161, 162, 167, 172, 174, 175, 176, 178, 180, 181, 182, 183, 184, 190, 192], "section_nam": [180, 184], "sectors_recurs": 38, "sectorsperallocationunit": 54, "secur": [1, 4, 27, 38, 57, 61, 83, 100, 101, 112, 115, 118, 119, 120, 123, 128, 141, 143, 179, 181, 182, 183, 185, 187, 188, 190, 192], "secure_connect": 53, "secure_connection_typ": 53, "securebrain": [144, 188], "securepercentag": 187, "securerequest": 187, "securework": 156, "security_category_count": 104, "security_center_properti": 49, "security_check": 13, "security_level_pref": 18, "security_mark": 49, "security_protocol": 66, "security_tool_find": 152, "securityalert": 80, "securitycategori": 159, "securitycategoryid": 159, "securitycent": [49, 78, 79], "securitycenterproperti": 49, "securitycloud": 117, "securitydetail": 187, "securityen": 133, "securityeventcard": 124, "securityexcept": 30, "securityhealthservic": 108, "securityidentifi": 133, "securityinsight": 80, "securitymark": 49, "securitypersonnel": 78, "securityresourc": 79, "securityrisk": 117, "securityst": 187, "securitysubcategori": 152, "securitytest": 78, "securityvirtualappli": 117, "securolyt": [144, 188], "see": [0, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 44, 45, 46, 47, 48, 49, 51, 52, 53, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 73, 74, 75, 76, 77, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 136, 137, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 165, 166, 179, 181, 182, 183, 184, 185, 187, 188, 190, 191, 192], "seed_valu": 88, "seen": [15, 24, 33, 35, 43, 69, 78, 81, 92, 103, 106, 108, 185], "segasec": [144, 188], "select": [1, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 54, 55, 56, 58, 59, 60, 61, 63, 64, 65, 66, 67, 69, 70, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 114, 115, 116, 117, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 140, 141, 142, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 163, 167, 168, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "selectel": 102, "selectiveforwardingrespons": 103, "selectivewipestatu": 69, "selectresourceconfig": 15, "selenium": 126, "self": [13, 18, 21, 23, 24, 25, 46, 64, 65, 79, 85, 88, 90, 91, 103, 111, 116, 130, 131, 137, 144, 146, 182, 188, 192], "selflink": [25, 49], "selftest": [7, 10, 12, 20, 29, 39, 41, 45, 52, 53, 56, 61, 68, 81, 84, 88, 89, 95, 100, 101, 103, 104, 112, 115, 117, 121, 123, 128, 132, 134, 141, 143, 145, 161, 181], "selftest_brok": 66, "selftest_timeout": 181, "selinux": 192, "semant": 179, "semicolon": [11, 87, 114, 183], "sen": 137, "send": [9, 10, 11, 21, 22, 23, 28, 33, 35, 37, 48, 53, 64, 65, 72, 76, 89, 98, 107, 108, 109, 110, 111, 112, 113, 118, 121, 125, 133, 137, 138, 143, 146, 157, 167, 180, 181, 183, 184, 192], "send_command": 84, "send_email": [88, 97, 98], "send_file_as_bodi": 111, "send_note_result": 116, "send_result": 84, "send_soar_link_to_sentinelon": 116, "sendend": 187, "sender": [13, 14, 18, 22, 41, 42, 57, 67, 78, 81, 88, 91, 96, 99, 103, 104, 113, 117, 129, 131, 137, 185, 191, 192], "sender_address": 173, "sender_email": 41, "sender_nam": [41, 173], "senderemail": 113, "sendernam": 113, "sendstart": 187, "seneg": 137, "sensata": 99, "sensibl": 86, "sensit": [21, 25, 42, 43, 133, 180, 181, 183, 184], "sensitive_data_transf": 43, "sensitive_t": 56, "sensor": [33, 85, 116, 146], "sensor12803": 116, "sensor_act": 146, "sensor_gateway_url": 146, "sensor_gateway_uuid": 146, "sensor_hostname_or_ip": 43, "sensor_kit_typ": 146, "sensor_out_of_d": 146, "sensor_pending_upd": 146, "sensor_st": 146, "sensor_upd": 33, "sensor_vers": 146, "sensorzon": 130, "sent": [11, 21, 33, 38, 41, 42, 43, 66, 76, 80, 88, 106, 107, 108, 110, 111, 113, 116, 117, 118, 119, 120, 130, 131, 138, 146, 150, 152, 180, 181, 183, 184, 190, 191], "sentdatetim": 42, "sentinel": [78, 109, 156], "sentinel_incident_alert": 80, "sentinel_incident_assigned_to": 80, "sentinel_incident_classif": 80, "sentinel_incident_classification_com": 80, "sentinel_incident_classification_reason": 80, "sentinel_incident_com": 80, "sentinel_incident_ent": 80, "sentinel_incident_id": 80, "sentinel_incident_label": 80, "sentinel_incident_numb": 80, "sentinel_incident_statu": 80, "sentinel_incident_tact": 80, "sentinel_incident_url": 80, "sentinel_label": 80, "sentinel_profil": 80, "sentinel_user1": 80, "sentinel_user2": 80, "sentinelon": [124, 131, 156], "sentinelone_agent_id": 116, "sentinelone_agents_dt": 116, "sentinelone_classif": 116, "sentinelone_confidence_level": 116, "sentinelone_dt_agent_id": 116, "sentinelone_dt_agent_vers": 116, "sentinelone_dt_computernam": 116, "sentinelone_dt_cr": 116, "sentinelone_dt_domain": 116, "sentinelone_dt_external_ip": 116, "sentinelone_dt_is_act": 116, "sentinelone_dt_network_statu": 116, "sentinelone_dt_os_nam": 116, "sentinelone_dt_query_d": 116, "sentinelone_dt_regist": 116, "sentinelone_dt_sit": 116, "sentinelone_dt_threat_count": 116, "sentinelone_dt_upd": 116, "sentinelone_dt_uuid": 116, "sentinelone_hash": 116, "sentinelone_incident_statu": 116, "sentinelone_mitigation_statu": 116, "sentinelone_mitigation_status_descript": 116, "sentinelone_note_text": 116, "sentinelone_serv": 116, "sentinelone_threat_analyst_verdict": 116, "sentinelone_threat_id": 116, "sentinelone_threat_nam": 116, "sentinelone_threat_overview_url": 116, "sentinelone_threat_statu": 116, "sep": 98, "sep_artifact_type_scan_result": 117, "sep_auth_path": 117, "sep_base_path": 117, "sep_command_id": 117, "sep_commandid": 117, "sep_computer_id": 117, "sep_computernam": 117, "sep_critical_ev": 117, "sep_descript": 117, "sep_domain": 117, "sep_domain_id": 117, "sep_domain_nam": 117, "sep_domainid": 117, "sep_endpoint_detail": 117, "sep_endpoint_status_summari": 117, "sep_endpoints_non_compliant_detail": 117, "sep_eoc_scan_result": 117, "sep_exceptions_id": 117, "sep_file_id": 117, "sep_file_path": 117, "sep_fingerprint_list": 117, "sep_fingerprintlist_cont": 117, "sep_fingerprintlist_id": 117, "sep_fingerprintlist_nam": 117, "sep_firewall_id": 117, "sep_fullpathnam": 117, "sep_group": 117, "sep_group_id": 117, "sep_groupid": 117, "sep_hardwarekei": 117, "sep_hash_valu": 117, "sep_host": 117, "sep_incident_id": 117, "sep_lastupd": 117, "sep_matching_endpoint_id": 117, "sep_md5": 117, "sep_mod": 117, "sep_o": 117, "sep_oldpathnam": 117, "sep_ord": 117, "sep_pageindex": 117, "sep_pages": 117, "sep_password": 117, "sep_port": 117, "sep_results_limit": 117, "sep_scan_act": 117, "sep_scan_d": 117, "sep_scan_timeout": 117, "sep_scan_typ": 117, "sep_sha1": 117, "sep_sha256": 117, "sep_sort": 117, "sep_sourc": 117, "sep_statu": 117, "sep_status_detail": 117, "sep_status_typ": 117, "sep_undo": 117, "sep_usernam": 117, "separ": [8, 10, 11, 12, 13, 16, 18, 22, 25, 29, 35, 36, 38, 41, 42, 44, 46, 49, 52, 55, 59, 61, 66, 67, 68, 69, 70, 72, 74, 78, 79, 80, 81, 82, 84, 85, 87, 88, 91, 95, 97, 98, 99, 100, 101, 102, 103, 105, 106, 107, 108, 109, 113, 114, 115, 116, 123, 124, 125, 128, 130, 131, 132, 133, 137, 141, 142, 143, 146, 148, 149, 150, 152, 161, 168, 178, 179, 180, 181, 182, 183, 184, 185, 186, 189, 190, 191], "seper": [16, 41, 43, 148], "sept": [45, 114], "septemb": [27, 41, 104], "sequenc": [35, 58, 190], "sequence_cod": [60, 127], "sequenceerrorcount": 74, "sequenceerrorcountlastupd": 74, "serbia": 137, "serbian": 147, "seri": [111, 148], "serial": [16, 85, 97, 144], "serial_numb": [24, 144, 188], "serialid": 130, "serialnumb": [16, 54, 117], "seriesmasterid": 42, "serif": 41, "seriou": 13, "serv": [4, 53, 157, 190, 191], "server": [3, 9, 23, 30, 33, 34, 38, 44, 52, 56, 58, 68, 69, 70, 75, 76, 83, 95, 100, 101, 109, 118, 120, 132, 138, 140, 143, 151, 157, 160, 161, 162, 168, 169, 172, 173, 175, 178, 179, 185, 186, 187, 188, 191, 192], "server1": 85, "server2": 85, "server_detail": 13, "server_ip": [8, 55], "server_port": [43, 55], "serverauth": [88, 144, 188], "serverip": 131, "servernam": 21, "serverstat": 187, "serverurl": 19, "servic": [8, 9, 10, 12, 15, 17, 18, 20, 21, 29, 37, 41, 45, 47, 48, 49, 52, 53, 55, 56, 57, 59, 61, 68, 76, 77, 81, 83, 88, 95, 100, 101, 102, 105, 106, 107, 108, 111, 113, 115, 117, 119, 121, 123, 124, 128, 129, 130, 131, 132, 133, 141, 142, 143, 145, 146, 147, 150, 152, 155, 156, 157, 161, 167, 168, 170, 171, 172, 173, 174, 176, 181, 185, 188, 192], "service_account_kei": 47, "service_id": 106, "service_intel": 129, "service_nam": [15, 55, 182], "service_now_adapt": 18, "service_refer": 90, "service_request": 115, "service_typ": [21, 110], "serviceaccount": 152, "serviceci": 21, "serviceci_reconid": 21, "servicemanagementtag": 19, "servicenam": [15, 16], "servicenow": 156, "servicenow_statu": 120, "servicenowallowedt": 118, "servicesourc": 78, "servicespecificcredentialid": 16, "servicetask": 98, "servicetask_1": 98, "servicetask_1_di": 98, "serviceticket": 152, "serviceusernam": 16, "servlet": 106, "sesm_computersnusers_policies_password_set": 117, "session": [21, 43, 108, 112, 133, 137, 146], "session_id": 137, "session_timeout": 117, "session_uid": 59, "sessionend": 108, "sessionstart": 108, "sessiontypeid": 148, "set": [0, 3, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 25, 26, 27, 28, 29, 30, 31, 32, 34, 35, 36, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 61, 63, 64, 65, 66, 68, 69, 71, 72, 73, 75, 76, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 100, 101, 102, 105, 106, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 134, 135, 137, 140, 141, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 159, 160, 161, 162, 163, 164, 166, 167, 168, 169, 172, 174, 175, 176, 178, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192], "set_input": 117, "set_priority_result": 107, "set_seri": 88, "set_status_result": 107, "setcred": 103, "setdecod": 182, "sete": 70, "setencod": 182, "setprior": 35, "setrelev": 103, "setsever": 103, "settabl": 42, "settag": 35, "settings_hash": 33, "settyp": 35, "setup": [4, 23, 26, 27, 39, 40, 43, 52, 57, 64, 69, 73, 75, 76, 77, 88, 95, 105, 107, 112, 113, 120, 121, 132, 133, 135, 137, 138, 140, 151, 157, 160, 161, 162, 165, 168, 170, 173, 182, 184], "setuptool": [157, 178, 180, 181, 182, 184], "setvalu": 119, "sever": [10, 11, 12, 15, 16, 17, 21, 24, 29, 37, 43, 49, 52, 59, 61, 65, 66, 68, 74, 78, 79, 80, 88, 90, 95, 98, 99, 100, 101, 103, 104, 108, 111, 115, 117, 119, 120, 123, 128, 129, 130, 131, 132, 133, 141, 143, 145, 146, 148, 152, 161, 162, 183], "sever_hostnam": 55, "severity_cod": [15, 35, 43, 49, 60, 64, 66, 70, 78, 80, 88, 90, 106, 107, 108, 113, 119, 120, 127, 130, 131, 133, 137, 138, 146, 152, 183], "severity_id": 59, "severity_level": 10, "severity_map": [35, 49, 130, 152], "severityid": 131, "severitymap": 120, "seychel": 137, "sf": 91, "sf_case": 113, "sf_case_com": 113, "sf_device_group": 89, "sf_locat": 89, "sf_vsy": 89, "sftzxqytcwyxxf6biwtixqbccep5trfonyz4iedwmdp4qb": 111, "sfv": 91, "sg": [137, 159], "sgp": 137, "sgp000000000011": 21, "sh": [85, 143, 192], "sh1": 77, "sh256": 108, "sha": [24, 33, 46, 57, 77, 78, 81, 102, 108, 113, 116, 117, 122, 127, 129, 144, 146, 185, 188], "sha1": [24, 37, 46, 77, 78, 81, 102, 103, 108, 116, 117, 122, 127, 144, 155, 173, 188], "sha1_hash": 103, "sha224": [127, 173], "sha256": [24, 37, 77, 78, 81, 91, 102, 103, 108, 116, 117, 122, 127, 144, 146, 152, 155, 173, 188], "sha256_hash": [103, 108, 146], "sha256rsa": [144, 188], "sha384": [127, 173], "sha3_224": 127, "sha3_256": 127, "sha3_384": 127, "sha3_512": 127, "sha512": [122, 127, 173], "shadow": 175, "shadow_server_ct": 175, "shadow_server_threat_fe": 175, "shadowattribut": 81, "shadowserv": [127, 156], "shadowserver_artifact_typ": 122, "shadowserver_artifact_valu": 122, "shadowserver_hash_queri": 122, "shadowserver_url": 122, "shahmukhi": 147, "shake_128": 127, "shake_256": 127, "share": [10, 12, 13, 16, 18, 25, 29, 30, 35, 41, 43, 46, 52, 61, 68, 79, 86, 89, 91, 95, 100, 101, 103, 104, 111, 115, 116, 117, 123, 128, 130, 131, 132, 133, 135, 141, 143, 146, 153, 161, 168, 182, 183, 184], "shared_incid": 37, "sharedendpoint": 35, "sharepoint": [43, 133], "sharepointacl": 131, "sharepointpermiss": 131, "sharing_group_id": 81, "shell": [16, 43, 64, 97, 103, 143, 158], "shell_command": [85, 143, 192], "shell_escap": [85, 143], "shell_param1": [85, 192], "shell_param2": 85, "shell_param3": 85, "shell_remot": 192, "shellcod": 44, "shellshock": 43, "shellshock_dhcp": 43, "shellshock_http": 43, "shield": 4, "shift": 21, "ship": [25, 72], "shippingaddress": 113, "shippingc": 113, "shippingcountri": 113, "shippinggeocodeaccuraci": 113, "shippinglatitud": 113, "shippinglongitud": 113, "shippingpostalcod": 113, "shippingst": 113, "shippingstreet": 113, "shirlei": 18, "shirleyc": 18, "shn": 137, "shodan": 156, "shodan_apikei": 123, "short": [21, 24, 43, 88, 114, 119], "short_cod": 43, "short_descript": [119, 120], "shorten": [72, 85], "shorter": 86, "shortnam": 38, "should": [0, 3, 4, 11, 13, 16, 18, 19, 25, 35, 36, 38, 41, 42, 43, 44, 46, 49, 53, 55, 56, 59, 66, 70, 74, 75, 77, 79, 80, 86, 88, 91, 96, 97, 98, 103, 105, 106, 107, 111, 114, 116, 117, 118, 119, 121, 125, 130, 131, 136, 137, 138, 146, 148, 152, 158, 163, 167, 168, 173, 180, 181, 182, 183, 184, 187, 191, 192], "shoulddisplai": 64, "show": [10, 12, 15, 16, 24, 29, 30, 36, 38, 43, 49, 50, 52, 56, 61, 66, 68, 80, 81, 88, 89, 91, 94, 95, 100, 101, 102, 106, 107, 109, 114, 115, 116, 120, 123, 128, 132, 140, 141, 143, 157, 159, 161, 179, 183, 186, 187, 190, 191, 192], "show_alert_statu": 43, "show_if": 98, "show_link_head": 98, "showa": 42, "showfield": 64, "shown": [25, 43, 56, 75, 102, 111, 113, 115, 117, 133, 146, 186, 191], "shreya": 98, "shuold": 46, "shut": [76, 183], "shutdown": [43, 183], "shutdown_agent_result": 116, "si": 147, "si12345b0r8ghu8ynwe7bm3hjydczkqwhzgd0r5v4yhag": 19, "sic": 113, "sicdesc": 113, "sid": [35, 111, 182], "side": [119, 120, 157, 192], "sideload": 108, "siem": [35, 106, 107, 108, 113, 146, 156], "siem_al": 99, "siem_api": 99, "siem_event_typ": 99, "siem_issu": 99, "siempifi": 124, "siemplfi": 124, "siemplifi": 156, "siemplify_add_playbook": 124, "siemplify_addupdate_entity_to_blocklist": 124, "siemplify_addupdate_entity_to_customlist": 124, "siemplify_alert_id": 124, "siemplify_artifact_id": 124, "siemplify_artifact_typ": 124, "siemplify_artifact_valu": 124, "siemplify_assigne": 124, "siemplify_assigned_us": 124, "siemplify_attachment_id": 124, "siemplify_case_id": 124, "siemplify_case_link": 124, "siemplify_case_url": 124, "siemplify_categori": 124, "siemplify_close_cas": 124, "siemplify_com": 124, "siemplify_create_cas": 124, "siemplify_create_case_templ": 124, "siemplify_entity_id": 124, "siemplify_entity_list": 124, "siemplify_entity_typ": 124, "siemplify_entity_valu": 124, "siemplify_environ": 124, "siemplify_get_blocklist_ent": 124, "siemplify_get_customlist_ent": 124, "siemplify_host": 124, "siemplify_incident_id": 124, "siemplify_is_import": 124, "siemplify_limit": 124, "siemplify_limit_result": 124, "siemplify_list_categori": 124, "siemplify_list_entri": 124, "siemplify_m_sync_cas": 124, "siemplify_playbook_nam": 124, "siemplify_prior": 124, "siemplify_reason": 124, "siemplify_remove_list_entri": 124, "siemplify_root_caus": 124, "siemplify_run_playbook_automat": 124, "siemplify_search": 124, "siemplify_search_term": 124, "siemplify_soar_task_id": 124, "siemplify_stag": 124, "siemplify_sync_artifact": 124, "siemplify_sync_attach": 124, "siemplify_sync_cas": 124, "siemplify_sync_com": 124, "siemplify_sync_task": 124, "siemplify_tag": 124, "siemplify_task_assigne": 124, "sierra": 137, "siggen": 122, "sigmavirus24": 46, "sign": [23, 52, 57, 64, 65, 78, 85, 91, 103, 111, 133, 146, 157, 185], "sign_cert_id": 16, "sign_in_to_your_microsoft_account": 94, "signal_id": 130, "signal_row": 130, "signatur": [13, 28, 38, 46, 88, 108, 113, 122, 144, 188], "signature_algorithm": [91, 144, 188], "signedcertificatetimestamplist": 187, "signeddeleg": [144, 188], "signer": [78, 108, 146], "signerhash": 78, "signifi": 117, "signific": [81, 87, 89, 129, 136], "signing_encrypting_cert": 88, "signup": [52, 123], "sigr": 43, "silver": 43, "similar": [11, 13, 18, 25, 27, 30, 46, 49, 71, 72, 79, 85, 88, 91, 111, 116, 130, 131, 137, 167, 182, 183, 186, 189, 190, 192], "similar_devic": 35, "similar_devices_list": 35, "similar_devices_output": 35, "similarcas": 124, "similari": 86, "similarli": [72, 113, 121, 191], "simpl": [1, 11, 27, 67, 98, 123, 127, 136, 138, 160, 192], "simple_custom_detect": 24, "simpleasynctaskexecutor": 59, "simplejson": [78, 80, 124], "simpli": [21, 82, 110, 111, 119, 142, 155, 184], "simplifi": [64, 86, 88, 103, 112, 143, 147, 191], "simul": [72, 183], "simultaneousinterpret": 148, "sinc": [30, 39, 43, 46, 58, 77, 85, 95, 96, 108, 118, 119, 121, 133, 157, 159, 179], "singapor": [15, 137], "singapore_risk_assess": 127, "singl": [8, 19, 23, 28, 30, 35, 42, 43, 53, 106, 107, 111, 113, 114, 117, 131, 133, 179, 182, 184, 185, 186, 187, 188, 191], "singleinst": 42, "sinhala": 147, "sinkhol": 72, "sint": 137, "sip": 43, "sip_brute_forc": 43, "sipaddress": 148, "siph0n": [57, 185], "sir": [118, 119, 120], "sir0010024": 119, "sir0010025": 119, "site": [21, 30, 43, 51, 92, 113, 116, 117, 126, 133, 157, 176, 185, 186, 192], "site_admin": 46, "site_categori": 13, "site_id": 116, "site_url": 111, "sitecategori": 37, "sitecheck": [144, 188], "siteid": 116, "sitenam": 116, "siteurl": 148, "situat": [80, 117, 179], "sivi": 122, "six": [30, 55, 56, 88, 157], "size": [35, 41, 46, 55, 56, 58, 60, 64, 69, 78, 88, 107, 108, 117, 127, 144, 155, 182, 187, 188], "sjf3xoyoomfo0wq8wiwfczlgienubqgrntso": 111, "sjm": 137, "sk": 147, "skeleton": 97, "skip": [21, 43, 74, 98, 103, 110, 111, 133, 167, 192], "sklearn": [70, 71], "sku": 19, "sl": [91, 147], "sla__c": 113, "slack": [127, 156], "slack2": 127, "slack_as_us": 125, "slack_channel": 125, "slack_channel_id": 125, "slack_conversations_db": 125, "slack_db_channel": 125, "slack_db_channel_typ": 125, "slack_db_permalink": 125, "slack_db_res_id": 125, "slack_db_tim": 125, "slack_is_channel_priv": 125, "slack_mrkdwn": 125, "slack_participant_email": 125, "slack_templ": 125, "slack_text": 125, "slack_usernam": 125, "slackclient": 125, "slaexpirationdate__c": 113, "slaexpirationtim": 124, "slaserialnumber__c": 113, "slash": [77, 108, 151], "slaviolation__c": 113, "slb": 137, "sld": 37, "sle": 137, "sleep": [42, 136, 143, 168], "slightli": [41, 87], "slovakia": 137, "slovakian": 147, "slovenia": 137, "slovenian": 147, "slow": [130, 179], "slow_changing_modified_timestamp": 33, "slr9jmnlshxgtt5scvaphvtwyi": 111, "slug": 152, "slv": 137, "slz3dlxu1woqtj6vwn9x9wru3ykmf": 98, "sm": 156, "smail": 88, "small": [58, 64, 183], "smallbannerphotourl": 113, "smallphotourl": 113, "smallvil": 96, "smart_dhcp": 117, "smart_dn": 117, "smart_win": 117, "smartphon": [69, 113], "smb": [35, 43], "smb2": 35, "smb_autostart_path": 43, "smb_cifs_access_denied_error": 43, "smb_cifs_brute_forc": 43, "smb_cifs_error": 43, "smb_cifs_file_access_failur": 43, "smb_cifs_privileged_pip": 43, "smb_cifs_share_enumer": 43, "smb_cifs_valid_login_error": 43, "smb_named_pipe_beacon": 43, "smbmovesuccess": 35, "smbv1": 43, "smbv3": 43, "smbwritesummari": 35, "sme9584a564764db7c4d24f612d6928b18": 138, "smime": 88, "smime_us": 88, "smith": 67, "smr": 137, "smss": 108, "smtp": [22, 37, 41, 43, 72, 83, 88, 91, 133], "smtp_certif": 88, "smtp_conn_timeout": 88, "smtp_helo_ehlo_buffer_overflow": 43, "smtp_mailer": 88, "smtp_password": 88, "smtp_port": 88, "smtp_processing_spik": 43, "smtp_server": 88, "smtp_ssl_cafil": 88, "smtp_ssl_mode": 88, "smtp_syntax_error": 43, "smtp_user": 88, "smtpservic": 88, "sn": [67, 119, 120, 160], "sn_api_uri": [119, 121], "sn_assignment_group": 119, "sn_attachment_sys_id": 119, "sn_close_cod": 119, "sn_close_not": 119, "sn_close_work_not": 119, "sn_host": [119, 121], "sn_init_work_not": 119, "sn_initial_not": 119, "sn_note_text": 119, "sn_note_typ": 119, "sn_optional_field": 119, "sn_password": [119, 121], "sn_query_field": 119, "sn_query_valu": 119, "sn_record_link": 119, "sn_record_st": 119, "sn_records_dt": 119, "sn_records_dt_link": 119, "sn_records_dt_nam": 119, "sn_records_dt_res_id": 119, "sn_records_dt_res_statu": 119, "sn_records_dt_sn_parent_ref_id": 119, "sn_records_dt_sn_ref_id": 119, "sn_records_dt_snow_statu": 119, "sn_records_dt_snow_t": 119, "sn_records_dt_tim": 119, "sn_records_dt_typ": 119, "sn_ref_id": 119, "sn_res_id": 119, "sn_resilient_statu": 119, "sn_severity_map": 119, "sn_si": 121, "sn_si_incid": [118, 119, 121], "sn_si_task": [119, 121], "sn_snow_record_id": 119, "sn_snow_record_link": 119, "sn_snow_table_nam": 119, "sn_sys_id": 119, "sn_table_nam": 121, "sn_time_cr": 119, "sn_time_upd": 119, "sn_update_field": 119, "sn_urgenc": 119, "sn_usernam": [119, 121], "snaclicenseid": 117, "snapshot": [77, 156, 179], "snapshot_full_screen_captur": 126, "snapshot_fullpag": 126, "snapshot_incident_id": 126, "snapshot_result": 126, "snapshot_timeout": 126, "snapshot_url": 126, "snapshot_url_load_timeout": 126, "snare": 130, "sni": 91, "snippet": [37, 97], "snlink": 120, "snmp": 117, "snort": [144, 165, 188], "snow": [118, 121], "snow_integr": 121, "so": [4, 7, 13, 18, 21, 24, 25, 35, 38, 49, 53, 67, 72, 74, 79, 81, 91, 97, 98, 102, 103, 106, 107, 110, 111, 113, 114, 115, 116, 118, 127, 130, 131, 133, 135, 137, 142, 147, 166, 168, 179, 182, 183, 188, 191, 192], "so_input": 116, "soa": [83, 144, 173], "soap": 131, "soar": [3, 17, 28, 31, 47, 53, 55, 58, 63, 77, 78, 84, 93, 94, 118, 120, 141, 147, 157, 168, 180, 181, 182, 184], "soar2_list": 124, "soar3_list": 124, "soar_app": 2, "soar_case_url": 113, "soar_categori": 124, "soar_close_cas": [90, 124, 130, 152], "soar_close_case_templ": [35, 43, 49, 64, 106, 107, 108, 113, 116, 124, 130, 146, 152], "soar_create_cas": [90, 130, 152], "soar_create_case_templ": [35, 43, 49, 64, 106, 107, 108, 113, 116, 130, 146, 152], "soar_datetimeformat": [49, 80, 90, 106, 107, 113, 130, 131, 137, 146, 152], "soar_inc_owner_id": 43, "soar_inc_plan_statu": 43, "soar_inc_resolution_id": 43, "soar_incident_id": 103, "soar_label": 80, "soar_list": 124, "soar_plugin_destination_name1": [103, 104], "soar_profil": 80, "soar_search_queri": 127, "soar_search_templ": 127, "soar_sever": 137, "soar_splitpart": 80, "soar_substitut": [35, 43, 49, 80, 90, 106, 107, 113, 130, 131, 146, 152], "soar_table_nam": 103, "soar_task_id": 21, "soar_update_cas": [90, 130, 152], "soar_update_case_cas": 124, "soar_update_case_templ": [35, 49, 64, 106, 107, 113, 116, 124, 130, 146, 152], "soar_update_task_templ": 64, "soar_user1": [43, 78, 80, 90, 107, 130, 146], "soar_user2": [43, 78, 80, 90, 107, 130, 146], "soar_utils_artifact_file_typ": 127, "soar_utils_base64cont": 127, "soar_utils_close_field": 127, "soar_utils_content_typ": 127, "soar_utils_create_field": 127, "soar_utils_descript": 127, "soar_utils_extract_file_path": 127, "soar_utils_file_nam": 127, "soar_utils_file_path": 127, "soar_utils_filter_condit": 127, "soar_utils_search_field": 127, "soar_utils_sort_field": 127, "soar_utils_string_to_convert_to_attach": 127, "soar_utils_zip_password": 127, "soar_utils_zipfile_password": 127, "soarcommun": [7, 20, 25, 31, 32, 36, 39, 46, 51, 65, 66, 67, 72, 78, 81, 86, 87, 88, 89, 90, 92, 96, 97, 104, 109, 122, 124, 126, 127, 129, 133, 136, 143, 144, 148, 150, 154, 157, 167, 168], "soarmailbox": 133, "soarmessag": 133, "soarsupport": 111, "soarteam": 133, "soartest": 42, "soarus": 148, "sobject": 113, "soc": [21, 25, 115, 161], "social": [96, 137, 187], "social_engin": 137, "sock": 43, "soft": [41, 82], "soft_row": 82, "softlay": 15, "softwar": [35, 38, 43, 64, 74, 78, 88, 106, 107, 117, 137, 152], "software_descript": 82, "software_id": 82, "software_nam": 82, "software_platform": 82, "software_techniqu": 82, "software_typ": 82, "softwareloopback": 78, "solarwind": 90, "sold": [57, 185], "sole": [96, 188], "solicit": 188, "solid": 58, "solomon": 137, "solr": 43, "solut": [11, 13, 35, 43, 64, 68, 77, 88, 90, 106, 107, 113, 130, 146, 152, 183], "solv": 119, "som": 137, "somali": 147, "somalia": 137, "some": [4, 10, 33, 38, 41, 43, 46, 60, 64, 69, 70, 78, 80, 88, 90, 91, 97, 103, 113, 117, 119, 124, 126, 127, 136, 166, 179, 182, 183, 185, 187, 190, 191, 192], "some_ext": 88, "some_extens": 88, "someapikei": 81, "someon": 179, "somepass": 10, "someregex": 35, "someth": [19, 21, 60, 103, 124, 127], "somethingnew": 74, "sometim": [102, 121], "someus": 10, "somewhat": 179, "somewher": 53, "sonar": 117, "soon": [15, 43], "sophist": 107, "sopho": [122, 144, 188], "soql": 113, "sort": [13, 18, 25, 36, 41, 43, 46, 56, 60, 69, 74, 79, 91, 98, 107, 116, 117, 127, 130, 131, 142, 146, 168, 189], "sort_bi": 116, "sort_kei": [13, 18, 25, 46, 79, 91, 116, 130, 131, 144, 146], "sort_list": 98, "sort_object_stat": 98, "sort_ord": 116, "sort_wf_stat": 98, "sortdat": 37, "sorted_object": 98, "sospechoso": 159, "sourc": [2, 4, 8, 10, 21, 24, 35, 36, 37, 38, 41, 43, 57, 60, 72, 79, 81, 86, 88, 97, 98, 99, 102, 104, 106, 107, 108, 109, 110, 113, 116, 117, 122, 124, 127, 129, 130, 131, 135, 137, 146, 147, 150, 152, 154, 161, 162, 172, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 192], "source_address_id": 104, "source_byt": 103, "source_count": [72, 104], "source_data": 107, "source_id": [49, 96], "source_ip": [103, 130], "source_lang": 147, "source_nam": 72, "source_network": 104, "source_packet": 103, "source_port": [103, 130], "source_program": 56, "source_properti": 49, "source_ref": 146, "source_typ": 184, "sourceaddress": 79, "sourcebyt": 103, "sourcecount": 103, "sourced": 37, "sourceid": 69, "sourceinfo": 19, "sourceip": 103, "sourceip_count": 103, "sourceloc": 79, "sourcemateri": 79, "sourcepacket": 103, "sourceport": [79, 103], "sourceref": 98, "sourcerul": 152, "sourcesystemnam": 124, "sourcezon": 8, "south": [137, 147], "southern": 137, "sp": 24, "spa": 86, "space": [16, 25, 74, 85, 105, 130, 183, 192], "spain": 137, "spam": [7, 72, 88, 99, 103, 104, 150, 159], "spam404": [13, 144, 188], "spamhau": [13, 156], "spamhaus_dqs_kei": 128, "spamhaus_wqs_url": 128, "spamhausdbl": 13, "spamscop": 91, "span": [13, 18, 25, 35, 41, 43, 46, 49, 79, 91, 102, 116, 130, 131, 144, 146], "span_formatt": [35, 49], "spanid": 59, "spanish": [86, 147], "spec": 98, "spec_vers": [102, 186], "special": [13, 25, 72, 78, 81, 152, 183, 191], "specif": [7, 8, 11, 12, 13, 15, 17, 18, 19, 20, 21, 22, 24, 25, 28, 30, 31, 32, 34, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 68, 69, 71, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 139, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 165, 167, 179, 182, 183, 184, 190, 191], "specifi": [4, 8, 10, 11, 12, 13, 16, 18, 19, 22, 25, 26, 27, 30, 35, 36, 38, 39, 41, 42, 43, 44, 46, 49, 53, 54, 55, 58, 59, 60, 64, 66, 68, 70, 74, 76, 77, 78, 79, 80, 82, 84, 85, 86, 87, 88, 89, 90, 91, 97, 98, 103, 106, 107, 108, 111, 113, 114, 116, 117, 124, 127, 129, 130, 131, 133, 136, 139, 147, 148, 151, 152, 155, 157, 161, 168, 173, 178, 179, 180, 181, 182, 183, 184, 189, 190, 191], "specific_data": 18, "specifiec": 55, "speed": 125, "spell": [21, 119], "spf": [83, 91], "spf1": 144, "spike": 43, "spike_in_email_traffic_volum": 43, "spike_in_ldap_request": 43, "spike_in_rdp_sess": 43, "spike_in_rfb_sess": 43, "spike_in_round_trip_tim": 43, "spike_in_ssh_sess": 43, "spike_in_telnet_connect": 43, "spin": 4, "split": [24, 25, 43, 70, 74, 78, 80, 85, 106, 117, 120, 127, 136, 137, 155], "split_at": [49, 106, 107, 113, 130, 137, 146, 152], "split_email": 85, "splunk": [90, 156, 158, 164, 166, 179], "splunk_add_artifact": 129, "splunk_delete_an_intel_entri": 129, "splunk_hec_fe": 184, "splunk_instance_label": 129, "splunk_intel_result": 129, "splunk_label": 129, "splunk_label1": 129, "splunk_max_count": 129, "splunk_max_return": 129, "splunk_notable_event_id": 129, "splunk_queri": 129, "splunk_query_param1": 129, "splunk_query_param10": 129, "splunk_query_param2": 129, "splunk_query_param3": 129, "splunk_query_param4": 129, "splunk_query_param5": 129, "splunk_query_param6": 129, "splunk_query_param7": 129, "splunk_query_param8": 129, "splunk_query_param9": 129, "splunk_query_parame2": 129, "splunk_search_for_an_artifact": 129, "splunk_serv": [129, 166], "splunk_system": 166, "splunk_threat_intel_kei": 129, "splunk_threat_intel_typ": 129, "splunk_update_notable_ev": 129, "splunk_user_login": 166, "splunkfe": 184, "splunkhf1": 116, "splunkpassword": 129, "spm": 137, "spn": 43, "spoof": [7, 43, 85], "spoofed_self_signed_ssl_certif": 43, "spooler": 43, "spoolsv": 108, "spreadsheet": 41, "spring": 43, "spring4shel": 43, "spywar": 117, "sq": 147, "sql": [7, 43, 56, 80, 152, 179, 182, 183, 192], "sql_artifact_valu": [87, 192], "sql_autocommit": 87, "sql_column_1": [87, 192], "sql_column_2": [87, 192], "sql_column_3": [87, 192], "sql_column_4": [87, 192], "sql_column_5": [87, 192], "sql_column_6": 87, "sql_condition_value1": [87, 192], "sql_condition_value2": 87, "sql_condition_value3": 87, "sql_connection_str": [87, 192], "sql_database_typ": 87, "sql_dialect": 182, "sql_mode": 182, "sql_number_of_records_return": 87, "sql_queri": [87, 192], "sql_query_results_dt": [87, 192], "sql_query_timeout": 87, "sql_restricted_sql_stat": 87, "sql_timestamp": [87, 192], "sql_wchar": 182, "sqlalchemi": 114, "sqlexecdirectw": 87, "sqli": 43, "sqli_attack": 43, "sqlinjectionmitig": 152, "sqlite": [114, 179, 182], "sqlite3": 182, "sqlite_fold": 114, "sqlite_sync_fil": 183, "sqllib": 182, "sqlprepar": 183, "sqlpreparew": 183, "sqlserver": [179, 182], "sqlserver_fe": [180, 181, 182, 183, 184], "sqlserverdialect": 182, "sqol": 113, "squar": [87, 102, 146, 186], "squat": 153, "sr": 147, "sr0011439ccad4ec8uqwckolaqlqaa": 21, "srattach": 21, "srb": 137, "src": [81, 102, 106, 117, 173, 186], "src_folder": 41, "src_name": [60, 127], "src_user": 129, "srcdevice_ip": 130, "srcdevice_ip_ipv4intvalu": 130, "srcdevice_ip_isintern": 130, "srcdevice_ip_vers": 130, "srcport": 130, "sri": 137, "srid": 21, "srinstanceid": 21, "srm": 21, "srmsaoiguid": 21, "srv": 91, "srv_specific_cred_id": 16, "ss": [33, 78, 114, 131], "ssc_id": 16, "ssd": 137, "ssdeep": [155, 173], "ssdp": 117, "ssh": [7, 10, 12, 29, 43, 45, 49, 52, 55, 56, 61, 68, 75, 84, 85, 95, 100, 101, 115, 121, 123, 128, 130, 132, 141, 143, 145, 161, 167, 192], "ssh2": [107, 130], "ssh_brute_forc": 43, "ssh_dispatch": 84, "ssh_kei": 11, "ssh_key_id": 16, "ssh_unusual_loc": 43, "ssh_unusual_location_c2": 43, "ssh_url": 46, "ssh_version": 130, "sshd": [107, 130], "sshk_id": 16, "sshpublickeyid": 16, "ssl": [8, 12, 13, 39, 43, 53, 55, 56, 64, 66, 67, 71, 111, 116, 129, 167, 168], "ssl_check_hostnam": 66, "ssl_result": 91, "ssl_scan": 43, "sslend": 187, "sslstart": 187, "ssmphh_11": 56, "ssrf": 43, "ssw0rd": 85, "ssword1": 111, "st": 144, "stack": [30, 43], "stage": [29, 43, 78, 124, 130], "stage1": [102, 186], "stage2": [102, 186], "stage3": [102, 186], "stage3_insight": [102, 186], "stai": 99, "stall": 43, "stalled_data_transf": 43, "standalon": [56, 60, 72, 111, 127, 132], "standard": [13, 18, 21, 22, 25, 33, 42, 43, 49, 79, 83, 91, 103, 108, 111, 113, 116, 117, 130, 133, 146, 148, 167, 168, 182], "standards_list": 49, "star": 46, "stargaz": 46, "stargazers_count": 46, "stargazers_url": 46, "starred_url": 46, "start": [4, 11, 13, 15, 18, 19, 23, 24, 25, 26, 27, 29, 30, 31, 35, 36, 39, 40, 41, 42, 43, 45, 46, 49, 55, 56, 59, 64, 66, 67, 69, 72, 73, 74, 78, 79, 80, 83, 85, 87, 89, 91, 96, 97, 99, 102, 103, 104, 106, 107, 108, 113, 116, 117, 120, 124, 129, 130, 131, 135, 136, 137, 139, 146, 148, 155, 157, 184, 186, 191], "start_address": 150, "start_dat": [24, 35, 43, 49, 60, 66, 78, 80, 90, 98, 106, 107, 113, 127, 130, 131, 133, 136, 137, 146, 152], "start_filt": 79, "start_po": [82, 186], "start_t": 79, "start_tim": [41, 43, 90, 98, 102, 104, 108, 186], "startat": 64, "startdat": [17, 99], "startdatetim": 37, "startedbi": 19, "startev": 98, "startevent_aqhlb25": 98, "startevent_aqhlb25_di": 98, "startevent_xkqtum": 98, "startevent_xkqtume_di": 98, "startinst": 15, "startswith": [43, 88, 155], "starttim": [19, 103, 104, 108, 124], "starttimeoffsetminut": 19, "starttimeunixtimeinm": 124, "starttimeutc": 80, "starttl": 88, "startup": [15, 25, 99], "startup417": 94, "startup_interv": [99, 100], "startxref": 91, "stat": [19, 38, 46, 98, 144, 187], "state": [4, 13, 15, 17, 19, 21, 23, 37, 49, 60, 62, 64, 74, 79, 88, 96, 98, 100, 106, 108, 113, 117, 119, 120, 127, 137, 146, 148, 150, 157, 188], "state_chang": 49, "state_machine_async": 17, "state_machine_nam": 17, "state_machine_payload": 17, "stateid": 117, "statemachinearn": 17, "statement": [10, 11, 12, 16, 29, 52, 61, 68, 87, 95, 100, 101, 107, 113, 115, 123, 128, 130, 132, 141, 143, 146, 161, 182, 183, 192], "statetocolormap": 120, "static": [36, 89, 91, 116, 119], "staticincidentdetail": 131, "staticmethod": 137, "station": 21, "statist": [74, 96, 98, 144], "statistic_counter_properti": 19, "statistic_counter_valu": 19, "statistic_query_d": 19, "statu": [8, 11, 13, 15, 17, 18, 19, 21, 24, 25, 28, 31, 33, 35, 36, 38, 39, 41, 42, 43, 46, 49, 51, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 78, 79, 80, 81, 83, 84, 88, 89, 90, 91, 94, 98, 99, 102, 103, 104, 105, 109, 110, 111, 114, 119, 120, 121, 124, 125, 126, 127, 129, 131, 133, 136, 137, 138, 139, 144, 146, 148, 149, 150, 153, 155, 167, 168, 183, 187, 188, 190, 192], "status": [46, 90, 107, 117, 139, 146, 152], "status_cod": [42, 102, 104, 111, 133, 148], "status_colour_map": 41, "status_id": 59, "status_incid": 21, "status_map": [107, 146], "status_messag": 20, "status_not": 20, "status_reason": [21, 110], "status_reason2": 21, "status_result": 152, "status_set": 102, "status_str": 102, "status_text": 25, "status_thread_nam": 59, "status_typ": 117, "statuscategori": 64, "statuscategorychanged": 64, "statuschangedat": 152, "statuscod": 38, "statusdetail": 19, "statuses_url": 46, "statusid": 130, "statusmessag": 192, "statusretentiontimeindai": 19, "statustext": 187, "statvoo": 144, "staxx": 156, "staxx_auto_approv": 10, "staxx_confid": 10, "staxx_ind": 10, "staxx_indicator_typ": 10, "staxx_ip": 10, "staxx_max_result": 10, "staxx_password": 10, "staxx_port": 10, "staxx_sever": 10, "staxx_tlp": 10, "staxx_us": 10, "stayintouchnot": 113, "stayintouchsignatur": 113, "stayintouchsubject": 113, "stderr": [11, 85], "stderr_json": 85, "stderr_lin": 11, "stdin": 11, "stdin_add_newlin": 11, "stdout": [11, 85, 192], "stdout_json": 85, "stdout_lin": 11, "ste_soln0002844": 21, "steal": 99, "stealth_web": 117, "step": [2, 14, 16, 30, 43, 49, 56, 61, 64, 79, 80, 83, 86, 87, 88, 90, 98, 101, 103, 104, 105, 106, 115, 117, 123, 128, 133, 134, 141, 143, 148, 157, 177, 178, 180, 181, 182, 184], "step_label": 98, "steven": 91, "still": [3, 43, 85, 88, 89, 111, 113, 117, 121, 130, 152], "sting": [16, 155], "stix": [82, 102, 186], "stix2": [82, 102, 186], "stock": 21, "stolen": [88, 103, 108, 113, 137, 154], "stolen_devic": 137, "stomp": [30, 111], "stomp_prefetch_limit": 136, "stop": [24, 29, 41, 56, 74, 114, 117, 152, 190, 192], "stop_tim": [102, 186], "stopandquarantin": 78, "stopandquarantinefil": 78, "stopdat": 17, "stopforumspam": [144, 188], "stopspam": 153, "storag": [113, 178, 182], "storage_stat": 38, "storagenam": 116, "storagetyp": 116, "store": [41, 43, 56, 64, 69, 81, 88, 111, 118, 119, 121, 124, 133, 148, 168, 182, 185], "storealertpublish": 80, "stori": 64, "storm": 167, "storylin": 116, "stp": 137, "str": [11, 13, 15, 16, 17, 18, 19, 21, 24, 25, 35, 36, 41, 43, 46, 55, 57, 64, 69, 72, 74, 77, 78, 79, 80, 88, 89, 90, 91, 96, 98, 102, 103, 104, 106, 108, 116, 117, 124, 125, 127, 130, 131, 133, 137, 138, 145, 146, 148, 153, 167, 182, 186, 189, 192], "strategi": [108, 111, 124], "stream": [85, 91, 107, 127], "street": [21, 96, 113, 188], "strftime": [36, 41, 43, 96, 104, 114, 144, 152], "strict": [49, 187], "strict_trans_t": 182, "strike": 43, "string": [7, 9, 11, 13, 15, 16, 17, 18, 19, 21, 24, 25, 33, 34, 35, 36, 37, 38, 40, 42, 43, 44, 46, 47, 48, 49, 50, 51, 53, 54, 57, 58, 59, 60, 62, 64, 67, 69, 72, 76, 78, 79, 80, 82, 85, 86, 87, 89, 91, 92, 98, 99, 102, 103, 104, 106, 107, 109, 111, 113, 116, 117, 119, 122, 125, 129, 130, 131, 133, 136, 137, 138, 139, 140, 143, 146, 149, 151, 152, 154, 155, 167, 168, 183, 186, 187, 188], "string_typ": 182, "string_valu": 69, "stringself": 59, "strip": [49, 88, 117, 133, 137], "strip_empty_end": 11, "striptag": [78, 80, 88], "strong": [13, 18, 25, 46, 60, 79, 80, 91, 116, 127, 130, 131, 146], "stronger": 43, "strongli": [148, 182], "strptime": [106, 137], "structur": [39, 41, 53, 59, 72, 74, 77, 85, 89, 91, 102, 111, 127, 167, 168, 178, 183, 189], "structuredclon": 187, "strung": 49, "strut": 43, "stv100": 69, "style": [13, 18, 25, 28, 41, 43, 46, 54, 67, 79, 88, 91, 102, 116, 130, 131, 144, 145, 146, 150, 186, 190], "stylesheet": [58, 91], "su": [1, 178, 180, 181, 182, 184], "sub": [0, 13, 43, 55, 74, 84, 103, 130, 137, 151, 155, 167, 168], "sub_dict": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 150], "sub_k": 55, "sub_kei": 146, "sub_resolut": 130, "sub_tag": 167, "sub_v": 55, "subcommand": 157, "subdirectori": 179, "subdomain": [38, 92, 134, 187], "subdomain_hit": 92, "subdomain_hits_numb": 92, "subfeature_nam": 59, "subfold": 41, "subj": 130, "subject": [8, 22, 41, 42, 74, 78, 81, 88, 91, 99, 113, 117, 129, 133, 137, 144, 173, 188, 191], "subject_alternative_nam": [144, 188], "subject_key_identifi": [144, 188], "subjectaltnam": 91, "subjectnam": 187, "submiss": [65, 96, 125, 141], "submit": [21, 39, 80, 81, 91, 99, 107, 120, 121, 141, 142, 145, 150, 153, 159, 176, 181], "submit_api_kei": 141, "submit_url": 141, "submitt": [21, 187], "subnet": [35, 146], "subnet_id": 43, "subnetaddress": 74, "subnetmask": [74, 117], "subplaybook": [167, 168], "subprovid": 79, "subresolut": 130, "subscrib": [46, 192], "subscribememberstocalendareventsdis": 133, "subscriber_request": 90, "subscribers_url": 46, "subscript": [11, 19, 46, 78, 79, 80, 96, 155, 192], "subscription_id": [19, 80], "subscription_url": 46, "subscriptionexternalid": 152, "subscriptionid": [78, 79, 80, 152], "subscriptionnam": 152, "subscriptions_url": 46, "subscriptiontag": 152, "subsect": [25, 72, 167], "subsequ": [49, 72, 126, 127, 137, 185], "subset": [42, 43], "substatedesc": 117, "substateid": 117, "substitut": [11, 12, 41, 80, 87, 111, 190], "subtask": 64, "subteam2": 133, "subtyp": [37, 74, 96, 99, 117], "subtype_of_threat": 99, "succe": 37, "succeed": [10, 17, 19, 74, 78, 80, 85, 89, 114, 126, 192], "success": [7, 8, 10, 11, 12, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 29, 31, 33, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 48, 49, 50, 51, 52, 54, 55, 56, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 72, 74, 76, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 91, 92, 93, 95, 96, 97, 98, 99, 100, 101, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 121, 122, 123, 124, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 138, 139, 140, 141, 143, 144, 145, 146, 148, 149, 150, 152, 153, 154, 159, 161, 167, 185, 186, 188, 192], "success_count": 129, "success_statu": 116, "success_verdict": 116, "successful": 155, "successfulli": [3, 4, 15, 16, 20, 21, 24, 33, 35, 41, 43, 55, 60, 69, 74, 88, 104, 110, 111, 117, 121, 127, 129, 133, 145, 148, 152, 155, 185, 186, 187, 188, 192], "succinct": 153, "sucuri": [144, 188], "sudan": 137, "sudden": 43, "sudden_decrease_in_application_bandwidth": 43, "sudden_decrease_in_device_bandwidth": 43, "sudden_decrease_in_network_bandwidth": 43, "sudo": [1, 11, 85, 86, 91, 121, 159, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 180, 181, 182, 183, 184, 192], "sudo_shel": 85, "suffer": [57, 185], "suffic": [15, 16], "suffici": [85, 88], "suffix": 133, "suggest": [23, 97, 152, 159, 183], "suggested_filenam": [137, 191], "suit": [6, 38, 43, 120, 138, 183], "suitabl": [72, 111, 133, 137, 155, 167, 168, 189, 190, 191], "sullivan": 96, "sum": [34, 60, 127], "summ_head": 155, "summar": 88, "summari": [11, 13, 18, 25, 34, 35, 37, 43, 46, 64, 70, 79, 88, 90, 91, 98, 100, 102, 107, 109, 116, 121, 124, 130, 131, 133, 146, 168], "summaris": 35, "summary_not": 43, "summary_str": 102, "summarytext": 37, "sumo": 156, "sumo_logic_comment_text": 130, "sumo_logic_entity_typ": 130, "sumo_logic_entity_valu": 130, "sumo_logic_incident_id": 130, "sumo_logic_insight_assigne": 130, "sumo_logic_insight_global_confid": 130, "sumo_logic_insight_id": 130, "sumo_logic_insight_link": 130, "sumo_logic_insight_readable_id": 130, "sumo_logic_insight_resolut": 130, "sumo_logic_insight_signals_dt": 130, "sumo_logic_insight_sourc": 130, "sumo_logic_insight_statu": 130, "sumo_logic_insight_sub_resolut": 130, "sumo_logic_insight_tag": 130, "sumo_logic_signal_descript": 130, "sumo_logic_signal_id": 130, "sumo_logic_signal_nam": 130, "sumo_logic_signal_rule_id": 130, "sumo_logic_signal_sever": 130, "sumo_logic_signal_stag": 130, "sumo_logic_signal_timestamp": 130, "sumolog": 130, "sumologic1": 130, "sunbelt": 122, "sunburst": 43, "super": [155, 192], "super_cat": 155, "supercategori": 155, "superceed": 53, "superman": 96, "supernova": 43, "supernova_web_shell_command": 43, "supersecret": 59, "supersed": [81, 158], "supplement": 81, "supplementari": 99, "suppli": [27, 34, 39, 43, 74, 80, 86, 87, 119, 138, 157, 191, 192], "suppliedcompani": 113, "suppliedemail": 113, "suppliednam": 113, "suppliedphon": 113, "support": [4, 14, 33, 34, 38, 44, 45, 56, 57, 70, 73, 118, 119, 121, 142, 145, 149, 156, 169, 172, 177, 178, 180, 181, 182, 184, 188, 189, 190, 191], "support_hour": 90, "support_hours_start": 90, "suppos": 111, "suppress": [74, 130], "sur": 137, "sure": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 30, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 162, 167, 183, 191], "surfac": [106, 124], "surinam": 137, "surnam": 67, "surround": [60, 67, 85, 113, 127], "suse": 117, "suspect": [47, 80, 104, 117, 150, 159, 191], "suspect_malwar": 146, "suspend": 108, "suspici": [35, 43, 78, 79, 80, 85, 91, 102, 104, 107, 108, 116, 117, 137, 144, 145, 150, 159, 168, 186, 188, 191], "suspicious_cif": 43, "suspicious_count": 102, "suspicious_file_download_extern": 43, "suspicious_file_download_intern": 43, "suspicious_ftp_data_read": 43, "suspicious_ftp_download": 43, "suspicious_hta_download": 43, "suspicious_http_fil": 43, "suspicious_http_port": 43, "suspicious_ipaddr": 43, "suspicious_ja3_fingerprint": 43, "suspicious_new_devic": 43, "suspicious_nfs_data_read": 43, "suspicious_nfs_file_read": 43, "suspicious_nfs_file_share_access": 43, "suspicious_observ": 102, "suspicious_rdp_cli": 43, "suspicious_smb_cifs_data_read": 43, "suspicious_smb_cifs_file_read": 43, "suspicious_smb_cifs_file_share_access": 43, "suspicious_smb_cifs_file_transf": 43, "suspicious_smb_named_pip": 43, "suspicious_tld": 43, "suspicious_user_ag": 43, "suspiciousact": 80, "suspiciousbutexpect": 80, "sv": 147, "svaid": 117, "svalbard": 137, "svc": 187, "svc_name": 117, "svc_uid": 117, "svchost": 108, "svg": [64, 102, 186], "svk": 137, "svm": 70, "svn": 137, "svn_url": 46, "sw_edit": 106, "swagger": 33, "swattr": 69, "swaziland": 137, "swe": 137, "sweden": 137, "swedish": 147, "sweep": 38, "switch": [178, 180, 181, 182, 184], "switchparamet": 19, "switzerland": 137, "swivrllc": [78, 133], "swname": 69, "swz": 137, "sxm": 137, "sy": [80, 182], "syc": 137, "sylink": 117, "symantec": [127, 156, 159], "symbian": 69, "syn": 43, "synacor": 43, "sync": [21, 35, 43, 49, 78, 79, 80, 90, 103, 104, 106, 108, 110, 118, 179, 182, 183, 184], "sync_not": 103, "sync_reference_field": 183, "sync_role_sourc": 183, "sync_task_result": 113, "synchron": [11, 17, 35, 49, 64, 67, 76, 78, 80, 87, 89, 103, 104, 106, 107, 108, 113, 116, 118, 119, 124, 129, 130, 131, 146, 152, 179], "syncron": [35, 78], "syncrowerror": 183, "synonym": 190, "syntax": [33, 43, 53, 85, 93, 114, 125, 183], "syr": 137, "syrian": 137, "sys_ipaddr": 192, "sys_o": 192, "sys_os_vers": 192, "sys_owner_email": 192, "sys_typ": 192, "sys_us": [119, 121], "sys_user_group": [119, 121], "sysadmin": [1, 60, 98, 127], "syslog": [103, 130], "syslog_hostnam": 130, "syslog_messag": 130, "syslog_process": 130, "syslog_process_id": 130, "syslog_timestamp": 130, "sysmon": 104, "sysparm_queri": 119, "system": [7, 8, 9, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 30, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 54, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 68, 69, 72, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 121, 122, 124, 125, 126, 127, 129, 130, 131, 132, 133, 136, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 160, 162, 164, 165, 167, 172, 173, 178, 179, 181, 182, 186, 188, 192], "system1": 74, "system32": [78, 108, 146], "system_list": 77, "system_manufactur": [33, 192], "system_product_nam": [33, 192], "system_uuid": 192, "systema": 74, "systemalertid": 80, "systemassign": 19, "systemctl": 192, "systemd": [116, 130], "systemdata": 19, "systemdjourn": 130, "systemfamili": 54, "systemmanufactur": 54, "systemmodstamp": 113, "systemproductnam": 54, "systemskunumb": 54, "systemuuid": 54, "syswow64": 78, "sz": 90, "t": [4, 13, 16, 17, 18, 19, 25, 30, 35, 38, 46, 49, 57, 59, 74, 79, 82, 86, 88, 91, 98, 102, 107, 111, 113, 116, 117, 119, 125, 130, 131, 133, 146, 157, 164, 181, 186, 187], "t0": 98, "t0042": 82, "t1053": 78, "t1059": 78, "t1078": [102, 103, 130, 186], "t1110": 130, "t1210": 43, "t1547": 116, "t1586": 130, "t3qfzhncdldh3ozosrtz0mqjhkccsrqxhapw20p": 98, "t_detect_malwar": 146, "t_detect_suspect": 146, "t_name": 186, "t_rep_viru": 146, "t_run_malwar": 146, "t_run_viru": 146, "ta": [47, 98, 147], "ta0001": [102, 103, 130, 146, 186], "ta0006": 130, "ta0008": [43, 130], "ta0011": [102, 186], "tab": [10, 11, 12, 15, 16, 18, 19, 24, 25, 26, 29, 30, 33, 34, 35, 36, 37, 38, 41, 43, 45, 47, 49, 55, 56, 61, 64, 69, 70, 75, 77, 88, 91, 98, 100, 102, 103, 106, 107, 109, 111, 113, 114, 116, 117, 119, 120, 123, 128, 130, 137, 139, 141, 142, 145, 146, 162, 166, 168, 180, 186, 189, 190, 191, 192], "tabl": [12, 48, 75, 100, 118, 120, 121, 156, 164, 166, 167, 178, 179, 182, 183, 184, 186, 190, 192], "table_addition_result": 109, "table_nam": [36, 109], "table_row": [74, 104], "table_row_object": 34, "tableau": 179, "tablet": [88, 113], "tabnam": [88, 98], "tabul": 41, "tacic": 186, "tactic": [15, 43, 80, 102, 116, 146], "tactic_cod": [82, 186], "tactic_confid": 186, "tactic_confidence_level": 103, "tactic_id": [102, 186], "tactic_nam": 186, "tactic_row": [82, 186], "tacv2": 133, "tag": [1, 4, 13, 16, 18, 19, 25, 37, 39, 46, 76, 78, 79, 80, 89, 91, 92, 98, 106, 107, 108, 116, 124, 131, 139, 144, 152, 153, 154, 167, 187, 188, 189], "tag1": 146, "tag2": 146, "tag3": 146, "tag_creat": 43, "tag_handl": 98, "tag_id": 43, "tag_list": [16, 78], "tag_nam": [16, 43, 46], "taga": 78, "tagalog": 147, "tagb": 78, "tagid": 74, "tagnam": [74, 76], "tagnot": 74, "tags_account": 19, "tags_hit": 92, "tags_hits_str": 92, "tags_result": 74, "tags_url": 46, "taiwan": 137, "tajikistan": 137, "tak": 153, "take": [19, 21, 22, 30, 36, 43, 44, 48, 49, 53, 59, 60, 62, 65, 76, 77, 80, 82, 85, 91, 101, 104, 105, 106, 114, 120, 121, 123, 127, 130, 133, 134, 136, 139, 142, 145, 146, 148, 149, 153, 168, 183, 190, 191, 192], "takedownrequestcount": 37, "taken": [33, 36, 90, 106, 139, 157], "takeov": [43, 137], "tamil": 147, "tamper": [43, 117], "tamper_fil": 117, "tamperonoff": 117, "tandem": 111, "tanium_adapt": 18, "tanium_asset_adapt": 18, "tank": 95, "tanzania": 137, "taobao": 153, "tap": 156, "tar": [4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 29, 30, 31, 32, 34, 35, 36, 39, 40, 41, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 55, 56, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 72, 73, 74, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 136, 137, 138, 141, 142, 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 157, 159, 161, 162, 167, 169, 171, 172, 174, 175, 176, 177, 178, 180, 181, 182, 183, 184, 186, 192], "tarbal": 46, "tarball_url": 46, "target": [4, 7, 13, 15, 18, 21, 25, 35, 38, 43, 46, 48, 49, 57, 60, 64, 68, 69, 74, 78, 79, 80, 85, 88, 90, 91, 94, 97, 99, 103, 107, 108, 109, 110, 113, 116, 117, 124, 127, 130, 131, 137, 139, 146, 147, 150, 173, 185, 191], "target_commitish": 46, "target_confid": 106, "target_data": 106, "target_first_seen": 106, "target_host": 56, "target_hw": 106, "target_id": 106, "target_impact_scor": 106, "target_last_seen": 106, "target_nam": 106, "target_num_detect": 106, "target_port": 56, "target_prior": 146, "target_sector": 37, "target_statu": 106, "target_sw": 106, "target_tempt": 106, "target_tim": 136, "target_valu": 146, "target_vers": 106, "target_wiki": 151, "targetdevic": 69, "targetnamespac": 98, "targetref": 98, "targetscor": 35, "targetuser_usernam": 130, "targetuser_username_raw": 130, "task": [11, 18, 21, 28, 30, 38, 43, 44, 47, 60, 63, 73, 78, 82, 86, 91, 98, 102, 110, 111, 114, 118, 119, 120, 121, 125, 127, 133, 143, 144, 146, 148, 156, 162, 178, 179, 180, 181, 182, 183, 184, 186, 187], "task1xxa2lmwlrcvtqufsutgnuidjtudc1oao": 98, "task_at_id": [60, 108, 127], "task_chang": [60, 127], "task_count_to_salesforc": 113, "task_count_to_soar": 113, "task_custom": [60, 108, 127], "task_id": [5, 21, 28, 38, 42, 47, 60, 63, 64, 73, 74, 88, 108, 109, 110, 111, 113, 119, 125, 127, 133, 180, 188], "task_json": 113, "task_memb": [60, 108, 127], "task_nam": [60, 88, 108, 110, 127], "task_prior": 113, "task_statu": 113, "task_summari": [82, 102], "task_sync_direct": 113, "task_titl": [82, 102], "task_top": 181, "task_utils_cr": 30, "taskid": [88, 98, 109, 113, 119], "taskincident_id": 110, "tasktest": 133, "taxii": [82, 186], "taxii2": 82, "tbd": 113, "tbl": 43, "tbxgjvcre1nsxao3ogs0qq": 98, "tca": 137, "tcd": 137, "tcp": [24, 38, 43, 49, 79, 83, 106, 157, 182], "tcp_null_fin_or_xmas_scan": 43, "tcp_syn_scan": 43, "tcp_urg_flag_cli": 43, "tcp_urg_flag_serv": 43, "td": [58, 88, 91], "tdadglobaldatadownloadtim": 117, "tdadglobaldataprocessingdonetim": 117, "tdadonoff": 117, "tdadstatusid": 117, "te": 147, "team": [0, 35, 46, 81, 90, 103, 108, 115, 117, 118, 119, 156, 157, 179], "teamassignedto": 130, "teamid": 133, "teammemb": 133, "teams_channel": 133, "teams_mrkdown": 133, "teams_payload": 133, "teams_url": 46, "teamsen": 133, "teamset": 133, "teamworkuserident": 133, "tech": [78, 82, 99, 106, 186, 188], "tech3": 80, "tech_categori": 106, "tech_row": [82, 186], "techdoc": 117, "technic": 150, "techniqu": [43, 49, 78, 79, 80, 99, 102, 116, 186], "technique_confidence_level": 103, "technique_descript": [82, 186], "technique_id": [82, 186], "technique_nam": [82, 186], "techniques_list": 99, "technologi": [21, 54, 144], "techzon": 108, "ted": 67, "telecom": [7, 15], "telemetri": 107, "telemetryhwid": 117, "telemetrymid": 117, "telephon": [67, 113], "telephone_numb": 67, "telephonenumb": [67, 160], "telephoni": 148, "tell": 164, "telnet": [43, 106, 137], "telnet_password": 43, "telnetd": 106, "telugu": 147, "temp": 113, "temp4": 146, "temp_dict": 137, "templat": [3, 8, 12, 14, 15, 21, 23, 26, 76, 79, 83, 84, 99, 108, 115, 116, 124, 125, 127, 153, 162, 164, 166], "template_dir": [66, 84], "template_fil": [23, 88, 125], "template_file_clos": 115, "template_file_escal": 115, "template_file_upd": 115, "template_help": 88, "template_xx": 88, "templateid": 21, "templates_common": [106, 107, 113, 130, 146], "temporari": [11, 103, 111, 148], "temptat": 106, "temptation_last_modifi": 106, "temptation_scor": 106, "ten": 92, "tenabl": 106, "tenanc": [80, 87, 89], "tenant": [19, 42, 78, 79, 80, 133, 152, 157], "tenant_id": [19, 42, 78, 79, 80, 157], "tenantid": [19, 91, 133], "tend": [41, 111, 167], "tenent": 91, "teredo": 117, "term": [35, 65, 150, 151, 153, 188], "termin": [4, 16, 36, 47, 64, 98, 124, 125, 130, 136, 146, 192], "terminateinst": 15, "terminationreason": 108, "territori": 137, "tes43": 19, "tesi": 117, "tessdata": 86, "tesseract": 86, "test": [4, 10, 12, 16, 19, 20, 21, 23, 24, 28, 29, 33, 35, 36, 38, 39, 41, 42, 43, 45, 46, 49, 51, 52, 57, 61, 64, 66, 68, 70, 74, 80, 81, 83, 85, 89, 90, 95, 98, 100, 101, 103, 104, 107, 108, 111, 112, 113, 115, 117, 118, 123, 125, 126, 127, 128, 132, 133, 134, 138, 141, 143, 145, 148, 152, 153, 155, 157, 161, 169, 171, 172, 173, 174, 175, 176, 177, 181, 182, 183, 184, 185, 187], "test1": [74, 107, 133, 153], "test123": 104, "test123456": 42, "test1254": 74, "test2": 153, "test_activity_map_1": 43, "test_clos": 66, "test_collect": 153, "test_fail": 19, "test_fold": 46, "test_for_posit": 188, "test_for_send_email": 98, "test_pol": 16, "test_pol_2": 16, "test_ref_tabe_1": 104, "test_single_request": 23, "test_tag_1": 43, "test_tag_2": 43, "test_types_utf": 36, "testbrand": 187, "testd": 90, "testdevic": 69, "tester": [42, 74, 81], "tester1324": 19, "testing352": 19, "testingv2": 125, "testit": 46, "testit_20221202_135847": 46, "testit_20221202_143109": 46, "testit_20221202_171242": 46, "testsafebrows": 187, "testservic": 90, "testus": 192, "testv2": 125, "texa": 79, "text": [7, 8, 10, 11, 15, 16, 17, 19, 20, 21, 22, 24, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 47, 49, 51, 53, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 80, 81, 82, 84, 85, 87, 88, 89, 90, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 117, 118, 119, 120, 122, 124, 125, 126, 127, 129, 133, 136, 137, 139, 140, 144, 147, 148, 149, 150, 151, 152, 153, 154, 155, 166, 167, 173, 182, 185, 186, 187, 188, 190, 191, 192], "text_area": 182, "text_quot": 47, "textarea": [8, 18, 20, 24, 25, 35, 39, 41, 42, 43, 49, 59, 64, 67, 78, 79, 80, 82, 87, 88, 89, 96, 98, 103, 104, 106, 108, 109, 110, 111, 113, 116, 117, 119, 124, 125, 127, 129, 130, 131, 137, 146, 152, 167, 168, 182], "textfsm": 84, "tfailur": [31, 41, 133, 148], "tg": 99, "tgo": 137, "th": [7, 58, 59, 91, 147], "tha": 137, "thai": 147, "thailand": [7, 137], "than": [11, 18, 19, 30, 35, 38, 43, 49, 53, 64, 67, 68, 72, 77, 78, 80, 85, 86, 87, 89, 90, 102, 103, 104, 106, 107, 111, 113, 114, 117, 119, 125, 129, 130, 133, 136, 139, 146, 148, 157, 159, 167, 168, 179, 183, 185, 186, 191], "the_head": 91, "theantisocialengin": 13, "theartifact": 191, "thei": [16, 21, 33, 35, 38, 41, 49, 60, 64, 72, 79, 81, 85, 86, 87, 88, 89, 91, 97, 99, 102, 110, 111, 115, 118, 119, 121, 127, 133, 144, 152, 163, 168, 183], "them": [1, 4, 11, 22, 24, 25, 29, 33, 35, 38, 41, 42, 48, 49, 59, 64, 67, 70, 72, 80, 82, 86, 87, 88, 89, 91, 102, 103, 104, 107, 111, 113, 115, 116, 119, 121, 127, 129, 131, 133, 148, 168, 183, 186], "theme": 133, "themselv": 70, "therebi": [103, 111, 133], "therefor": [25, 33, 72, 98, 125, 126, 157, 191], "thi": [0, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191], "thid": 35, "thing": [60, 90, 127, 192], "think": 51, "thinkwithgoogl": 187, "third": [66, 72, 104, 119, 146, 148, 186], "thorough": 41, "those": [1, 4, 6, 13, 21, 30, 35, 36, 49, 59, 64, 67, 70, 71, 72, 85, 88, 90, 102, 103, 104, 107, 113, 120, 127, 130, 142, 146, 152, 159, 182, 183, 187, 188, 191], "though": [102, 130, 152, 186], "thousand": 107, "thread": [114, 133, 136, 179, 183], "thread_max": 114, "threadgrid": 27, "threadpool": 183, "threat": [4, 9, 15, 24, 35, 37, 43, 51, 52, 63, 76, 77, 79, 81, 82, 98, 100, 102, 103, 107, 115, 117, 119, 124, 144, 146, 150, 153, 156, 174, 188], "threat_actor": [102, 186], "threat_analyst_verdict": 116, "threat_collect": 129, "threat_field_nam": 129, "threat_id": [99, 116, 146], "threat_insight_dashboard": 99, "threat_intel": 129, "threat_kei": 129, "threat_level_id": 81, "threat_notes_pres": 146, "threat_source_id": [60, 127], "threat_statu": 116, "threat_templ": 99, "threat_tim": 99, "threat_typ": 129, "threatcategori": 37, "threatcent": 13, "threatentrytyp": 51, "threatfamilynam": 78, "threatfe": 167, "threathiv": [144, 188], "threathunt": 146, "threatid": 116, "threatinfo": 116, "threatintelindicatorid": 130, "threatlog": 13, "threatmatch": 51, "threatmin": 156, "threatmind": 134, "threatnam": [78, 116], "threatrebootrequir": 116, "threatrisklevel": 159, "threatrisklevelen": 159, "threatscor": 35, "threatseek": [144, 188], "threatservicedel": [169, 173, 177], "threatserviceedit": [169, 170, 171, 172, 173, 174, 175, 176, 177], "threatservicetest": [169, 170, 171, 172, 173, 174, 175, 176, 177], "threatsourc": [144, 188], "threatstatu": 99, "threattim": 99, "threattyp": [37, 51], "three": [4, 14, 26, 61, 66, 77, 91, 101, 102, 111, 115, 121, 123, 127, 128, 131, 143, 148, 183, 186], "threshold": [3, 15, 35, 86, 130], "throttl": [35, 42], "throttled_period": 38, "throttled_tim": 38, "throttling_data": 38, "through": [4, 11, 16, 30, 35, 40, 49, 56, 64, 66, 67, 72, 73, 85, 86, 87, 88, 89, 90, 99, 103, 104, 105, 107, 111, 114, 125, 129, 130, 132, 150, 152, 155, 157, 162, 168, 183, 184, 190], "throughout": 137, "throw": [24, 43, 73, 117], "thrown": [43, 64], "thu": [13, 21, 111, 136], "thug_analysi": 135, "thug_arg": 135, "thug_dir": 135, "thug_url": 135, "thumbnail": 37, "thumbnail_token": 96, "thumbnail_uuid": 106, "thumbprint": [144, 188], "thumbprint_sha256": [144, 188], "thunderbird": 88, "ti": 78, "ti_dns_host": 43, "ti_http_host": 43, "ti_http_uri": 43, "ti_ssl_sni": 43, "ti_tcp_incom": 43, "ti_tcp_outgo": 43, "tickersymbol": 113, "ticket": [8, 21, 38, 43, 64, 74, 110, 115, 161], "ticket_id": [43, 74], "ticket_server_nam": 74, "ticket_url": 43, "ticketid": [74, 124], "ticketservernam": 74, "tickettyp": 115, "tid": [35, 78], "tidi": 192, "tie": [74, 76, 156], "tie_create_d": 77, "tie_result": 77, "tier": [21, 131], "tier1": [21, 124], "tier2": 21, "tier3": 21, "tif": 72, "tighten": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "time": [4, 11, 15, 18, 19, 20, 21, 24, 27, 31, 33, 35, 37, 38, 41, 42, 43, 49, 55, 56, 57, 59, 64, 65, 68, 69, 70, 72, 73, 74, 78, 79, 80, 85, 88, 89, 90, 94, 98, 99, 101, 102, 104, 106, 107, 108, 111, 112, 113, 114, 115, 116, 117, 118, 119, 121, 123, 124, 125, 128, 129, 130, 131, 133, 136, 137, 141, 142, 143, 144, 145, 146, 148, 152, 155, 159, 160, 166, 167, 168, 178, 179, 180, 181, 182, 183, 184, 187, 188, 190], "time_before_re_auth": 117, "time_between_auth_attempt": 117, "time_end": 70, "time_for_remote_block": 117, "time_list": 136, "time_slot": 117, "time_start": 70, "time_to_l": 104, "time_to_wait": 19, "time_window": 90, "time_zon": 90, "timed_out": 17, "timedelta": 136, "timedifflastscantim": 117, "timedifflastupdatetim": 117, "timedifflastvirustim": 117, "timedout": 117, "timeestim": 64, "timefram": [130, 138, 183], "timegener": 80, "timegenerated_m": 80, "timegm": [106, 137], "timelin": 27, "timem": 35, "timeofev": 21, "timeoriginalestim": 64, "timeout": [28, 43, 64, 65, 67, 69, 73, 74, 85, 87, 88, 90, 102, 103, 104, 108, 111, 142, 143, 144, 157, 167, 181, 188], "timeout_linux": 85, "timeout_second": 94, "timeout_typ": 104, "timer": [127, 143, 156, 183], "timer_epoch": 168, "timer_field_summarized_incident_data": [60, 127], "timer_in_parallel": 136, "timer_parallel_tim": 136, "timer_tim": [136, 168], "timesp": 64, "timestamp": [7, 8, 10, 11, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 31, 33, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 49, 51, 55, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 91, 92, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 122, 124, 126, 127, 129, 130, 131, 133, 136, 137, 138, 144, 146, 148, 150, 152, 153, 154, 155, 159, 182, 183, 185, 186, 187], "timestamp_epoch": 38, "timestamp_nanosecond": 24, "timetodetect": 130, "timetoremedi": 130, "timetorespons": 130, "timetrack": 64, "timezon": [19, 31, 32, 36, 42, 64, 74, 91, 114, 117, 121, 124, 148, 183, 187], "timezone_offset": [64, 103], "timezonesidkei": 113, "timor": 137, "tinstanc": 19, "tip": [120, 168], "titl": [13, 15, 35, 36, 37, 43, 49, 55, 57, 59, 60, 66, 72, 74, 78, 79, 80, 90, 93, 94, 96, 106, 107, 108, 113, 116, 124, 125, 127, 133, 137, 138, 146, 148, 150, 151, 153, 183, 185, 191], "tjk": 137, "tkf5x": 78, "tkl": 137, "tkm": 137, "tl": [23, 43, 53, 56, 106, 111, 137, 144, 147, 179, 187], "tl6sqj2bp": 98, "tl9wdeyh3qkr9ik9f3thb0t7kdhvclvxna6e2xgighkwuofk": 98, "tld": [37, 94, 144], "tldextract": [30, 150], "tlp": [10, 81], "tlp_color": 10, "tlp_white": 153, "tlpcolor": 153, "tlpcolorcod": 153, "tlpcolornam": 153, "tlpisuserdefin": 153, "tlsh": 122, "tlsstat": 187, "tlsv1": 172, "tm": [82, 91], "tma": 137, "tmp": [4, 11, 38, 182], "tmpdevic": 117, "tmppe_6ed00": 127, "tn0em1lfo3gntfvolxarv03qvnex3s4xi4xjesnsn3uwf5y42ysnd6s4zt0y09rbwi2jvq3bsd31ht3tfrwk98lvkmauzejacqs7kta": 98, "tns_admin": 182, "tnsname": 182, "tnt": 99, "to_domain": 91, "to_id": 81, "to_urg": 90, "tobago": 137, "toclient_certif": 116, "todai": [30, 179], "todo": [28, 78, 82, 110, 140, 151, 155], "togeth": [4, 49, 74, 104, 107, 111, 119, 146, 182, 186, 192], "toggl": [41, 86], "toggle_result": 67, "togo": 137, "tojson": [43, 78], "tokelau": 137, "token": [14, 19, 23, 24, 27, 35, 42, 43, 46, 53, 56, 62, 64, 79, 83, 90, 102, 103, 104, 106, 108, 113, 116, 125, 129, 133, 137, 139, 144, 148, 152, 155, 157, 160, 168, 183, 184], "token_ring_traff": 117, "token_typ": [88, 111], "token_url": [19, 88, 152, 157], "tokyo": 118, "told": 24, "toll": 148, "tollnumb": 148, "tolltyp": 148, "tom": 67, "tomcat": [43, 106], "tomcat_jsp_upload": 43, "tome": 137, "ton": 137, "tonga": 137, "too": [42, 99, 192], "took": [9, 37], "tool": [1, 4, 20, 30, 38, 43, 47, 53, 70, 71, 72, 79, 82, 91, 104, 107, 108, 111, 127, 133, 137, 146, 148, 150, 157, 159, 182, 183], "toolset": 11, "tooltip": [7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 167, 168, 185, 186, 187, 188], "top": [4, 41, 43, 67, 71, 72, 78, 96, 98, 120, 121, 133, 134, 137, 153, 192], "top_ev": 103, "topev": 103, "topic": [32, 66, 76, 145, 150, 181], "topic_listener_on": 76, "topic_map": 181, "topic_nam": 76, "topica": 66, "topicb": 66, "tor": [43, 156], "torecipi": 42, "torproject": 105, "tostr": 120, "total": [3, 21, 24, 35, 39, 42, 46, 60, 64, 89, 90, 102, 117, 127, 130, 153, 155, 186, 188], "total_data": 107, "total_ep_count": 117, "total_fail_remediation_count": 117, "total_item": 107, "total_match_count": 117, "total_match_ep_count": 117, "total_not_complet": 117, "total_pag": 107, "total_remediation_count": 117, "total_remediation_ep_count": 117, "total_search": 166, "total_space_of_drive_c": 74, "total_usag": 38, "total_vot": [144, 188], "totalallocationunit": 54, "totaldiskspac": [74, 117], "totalel": 117, "totaleventcount": 108, "totalitem": 116, "totallink": 187, "totalmemori": 116, "totalpag": 117, "totalphysicalmemori": 74, "totalrecord": 92, "totalreport": 7, "totalunacknowledgedmessag": 117, "totalvot": 153, "touch": 78, "tower": 156, "toxic": [102, 186], "toxic_combin": 152, "toxic_count": 102, "tp": [72, 106], "tpmdevic": 117, "tqtqz7xbqo": 98, "tr": [88, 91, 122, 147], "trace": [10, 12, 16, 29, 30, 43, 52, 61, 68, 78, 83, 95, 100, 101, 111, 115, 123, 128, 132, 141, 143, 161, 187], "trace_id": 33, "traceabl": 38, "traceback": 30, "tracehead": 17, "traceid": 59, "tracepath": 85, "tracerout": [85, 165, 192], "traceroute_windows_cmd": 85, "traceroute_windows_p": 85, "tracert": [85, 117], "track": [43, 57, 64, 78, 80, 88, 98, 119, 133, 137, 183, 190], "tracker": 72, "trade": [57, 185], "trader": [57, 185], "tradestyl": 113, "tradit": [86, 111, 147], "traffic": [21, 24, 25, 43, 79, 110, 117], "traffic_change_request_bodi": 8, "traffic_change_request_id": 8, "traffic_change_request_original_traff": 8, "traffic_change_request_planned_traff": 8, "traffic_change_request_url": 8, "traffic_simulation_final_result": 8, "traffic_simulation_fip_result": 8, "traffictypediagnost": 91, "trail": [77, 100, 182], "trailer": [88, 91], "train": 70, "traineddata": 86, "transact": [43, 137], "transactionid": 42, "transfer": [1, 21, 35, 43, 183, 186], "transfersitelistsid": 74, "transform": 107, "transit": [16, 183], "transition_id": 64, "translat": [156, 182], "translatedcategori": 159, "transmiss": [66, 188], "transmit": [133, 183], "transpar": [51, 137], "transparencyreport": 51, "transport": [85, 91, 143], "trap": [156, 179], "trash": 41, "travers": 43, "treck": 43, "tree": [13, 18, 25, 41, 46, 70, 74, 79, 91, 102, 116, 117, 130, 131, 146, 162, 167, 182, 192], "trees_url": 46, "trend": 103, "tresourceid": 19, "tri": 167, "triag": [24, 46, 91, 124], "trial": 117, "tricki": 49, "trickli": 183, "trigger": [7, 9, 10, 13, 15, 16, 17, 20, 22, 24, 28, 30, 31, 32, 33, 34, 35, 37, 38, 39, 40, 43, 47, 48, 49, 50, 51, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 69, 75, 76, 77, 79, 82, 84, 86, 87, 88, 90, 92, 93, 94, 96, 97, 98, 102, 107, 109, 110, 111, 114, 119, 122, 124, 127, 130, 131, 135, 136, 137, 138, 139, 140, 145, 147, 149, 150, 151, 154, 155, 164, 168, 174, 176, 191], "trigger_log_entry_refer": 90, "triggercondit": 108, "triggercondition_lookup": 108, "triggerdid": 35, "triggered_job": 114, "triggeredcompon": 35, "triggeredfilt": 35, "triggerev": 108, "trim": [11, 68, 80], "trinidad": 137, "tristan": 137, "trivial": 179, "troj": 122, "trojan": [122, 146], "troubleshoot": [35, 167], "troubleshootinfo": 78, "troup": 96, "troyhunt": [57, 185], "true": [7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 31, 33, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 48, 49, 50, 51, 53, 54, 55, 56, 57, 59, 60, 62, 63, 64, 65, 66, 67, 69, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 118, 119, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 139, 142, 144, 146, 148, 149, 150, 152, 153, 154, 155, 159, 162, 167, 168, 169, 178, 180, 181, 182, 183, 184, 185, 186, 187, 189, 191, 192], "true_posit": [116, 146], "trueposit": [66, 78, 80], "truncat": 182, "trust": [43, 76, 77, 88, 108, 111, 137, 143, 188], "trust_cert": 73, "trust_level": [76, 77], "trustboard": 137, "trusted_white_list": 146, "trusteer": 156, "trusteer_endpoint_protection_device_id": 137, "trusteer_ppd_application_id": 137, "trusteer_ppd_classif": 137, "trusteer_ppd_device_id": 137, "trusteer_ppd_dt_act": 137, "trusteer_ppd_dt_c": 137, "trusteer_ppd_dt_classif": 137, "trusteer_ppd_dt_countri": 137, "trusteer_ppd_dt_date_ad": 137, "trusteer_ppd_dt_device_id_and_link": 137, "trusteer_ppd_dt_event_received_at": 137, "trusteer_ppd_dt_new_device_ind": 137, "trusteer_ppd_dt_organ": 137, "trusteer_ppd_dt_reason": 137, "trusteer_ppd_dt_recommend": 137, "trusteer_ppd_dt_risk_scor": 137, "trusteer_ppd_dt_session_id": 137, "trusteer_ppd_dt_trusteer_alert": 137, "trusteer_ppd_dt_user_ip_address": 137, "trusteer_ppd_feed_item_type_support": 137, "trusteer_ppd_feedback": 137, "trusteer_ppd_fraud_mo": 137, "trusteer_ppd_link_to_puid": 137, "trusteer_ppd_puid": 137, "trusteer_ppd_result": 137, "trusteer_ppd_session_id": 137, "trustlevel": 77, "trustout": 88, "trustwav": [144, 188], "trustworthi": 191, "try": [13, 16, 18, 24, 25, 38, 43, 46, 47, 57, 59, 71, 79, 80, 81, 82, 87, 88, 91, 102, 116, 120, 125, 130, 131, 137, 145, 146, 150, 155, 182, 186, 192], "tserver": 117, "tsl": [55, 56], "ttl": [27, 144], "tto": 137, "ttp": 146, "tu": [133, 148, 157], "tue": 13, "tun": 137, "tunisia": 137, "tunnel": [41, 43], "tupl": [98, 106, 107, 113, 146, 183], "tuple_list": 98, "tur": 137, "turk": 137, "turkei": 137, "turkish": 147, "turkmenistan": 137, "turn": [41, 76, 79, 100, 106, 107, 113, 116, 130, 131, 146, 152], "tutori": [38, 192], "tuv": 137, "tuvalu": 137, "tvfuc51lhg6dgjcl": 98, "tvq": 78, "tw": 147, "twc": 15, "tweet": 139, "twice": [103, 192], "twilio": 156, "twilio_account_sid": 138, "twilio_account_sid1": 138, "twilio_after_d": 138, "twilio_after_date_t": 138, "twilio_auth_token": 138, "twilio_date_s": 138, "twilio_date_sent_t": 138, "twilio_phone_numb": 138, "twilio_sms_destin": 138, "twilio_sms_log": 138, "twilio_sms_messag": 138, "twilio_src_address": 138, "twilio_statu": 138, "twilio_wait_timeout": 138, "twitter": [141, 156], "twitter_api_kei": 139, "twitter_api_secret": 139, "twitter_search_tweet_count": 139, "twitter_search_tweet_str": 139, "twn": 137, "two": [1, 4, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 33, 35, 36, 38, 39, 41, 42, 43, 44, 45, 46, 47, 49, 51, 53, 55, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 69, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 143, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 167, 168, 179, 183, 185, 186, 190, 191, 192], "two_text_inputs_in_a_form": 13, "twython": 139, "txt": [0, 28, 35, 46, 47, 83, 88, 107, 113, 117, 127, 131, 144, 153, 182, 184, 185], "tyler": 91, "type": [5, 7, 8, 9, 10, 11, 13, 17, 18, 19, 20, 21, 22, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 45, 46, 47, 48, 49, 50, 51, 53, 54, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 72, 74, 76, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 100, 102, 104, 106, 107, 108, 110, 111, 114, 115, 116, 117, 119, 120, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 138, 139, 140, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 159, 162, 166, 167, 168, 174, 176, 178, 179, 180, 181, 183, 184, 185, 186, 187, 188, 190, 191, 192], "type_": 49, "type_dict": 182, "type_distribut": 18, "type_filt": 99, "type_id": [36, 59, 74, 98, 104, 109, 127], "type_lookup": [78, 113, 114], "type_map": [35, 43], "type_nam": [74, 98, 104, 183], "type_of_threat": 99, "typeerror": 155, "typeid": 74, "typelabel": 35, "typelookup": [144, 188], "typenam": [35, 74], "typic": [13, 15, 18, 25, 38, 46, 79, 80, 86, 90, 91, 103, 111, 114, 116, 127, 130, 131, 146, 165, 168, 178, 180, 181, 182, 184, 189], "typo": 104, "tz": [41, 106, 187], "tza": 137, "tzlocal": 42, "u": [1, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 22, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 34, 36, 37, 38, 41, 42, 43, 44, 45, 46, 47, 49, 52, 53, 54, 55, 56, 57, 59, 60, 62, 63, 64, 67, 69, 70, 71, 72, 73, 74, 76, 77, 78, 79, 80, 82, 83, 84, 85, 88, 90, 91, 94, 95, 96, 98, 99, 100, 101, 104, 105, 106, 107, 108, 110, 111, 112, 114, 115, 116, 117, 121, 123, 125, 127, 128, 129, 130, 131, 132, 133, 134, 135, 137, 138, 139, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 155, 159, 160, 161, 162, 167, 169, 172, 173, 174, 175, 176, 177, 178, 180, 181, 182, 184, 185, 186, 187, 188, 189, 191, 192], "u001b": 11, "u001duid": 130, "u0026": [67, 109, 117], "u0026amp": 88, "u0026appid": 117, "u0026exvsurl": 42, "u0026format": 117, "u0026gt": [98, 117], "u0026interval_typ": 43, "u0026languag": 117, "u0026lt": [98, 117], "u0026orgkei": 146, "u0026path": 42, "u0026quot": [103, 117, 185], "u0026show_form": 150, "u0026tabnam": 109, "u0026until": 43, "u0026valu": 131, "u0026viewmodel": 42, "u0027": [11, 19, 35, 36, 42, 67, 79, 80, 88, 89, 91, 98, 102, 103, 104, 117, 124, 130], "u002702e188239c4a7761c2f4c63964b6a754e15a388980f4050ac8c327d1fa30255f": 117, "u0027048e17562a6c601d3eaff05ff62318944c9e7083825f587ad0f5c1c2c26cbd71": 117, "u002705c2fb7565d2953d46e458d96000cd589ac14c4e4c33e718e38be4739a9f7504": 117, "u00270d43d4d40c9854eb158dde164699d02f47b21d68ceacafeb2f469587b861c356": 117, "u00271f83ef7d0548828f101a6c760f1d208e2b220186ed71e38942d6cf6ef95ff756": 117, "u00272022": 124, "u00272638443927": 67, "u00272a0746a7876c1a430f9c9a5be4be28caa2ff4f73477651ae5cc74462278f333b": 117, "u00272c6dcf143c41a5780dd24b48ca08efc96595d86f4db1fcd10d59e28ec1dbb0e2": 117, "u00276d36feb1167103bfe37251d1b049c449466a21590710f1e7f20c9b0c69511f7b": 117, "u00276e46434daccded82fa235fa14a019c20cf3aafdaab3f8eb81ebd0195c8f1d909": 117, "u0027847075616325894144": 124, "u002789": 102, "u00278c6a42fc8d9262a7e84c39566ab25931fbd77a7f9b5f1806db69b297adc87f3c": 117, "u00278d9fe0851d4d35d312f35e83618f63dfcbb4a045b5348468e04ae3ca61782f74": 117, "u0027924d3456b5d72f6792cae92895cfa9c0feba74616d92c8cd63639f77646b6b05": 117, "u002795a9cb94ccb3f30029e1c977b63a845fe129c02e6caf26ad234ab66aa9af1c6c": 117, "u00279a4e26d0c4ab855d5346bae28272bbeeb1ab713b29a4aab030770655f05acc25": 117, "u0027_blank": 88, "u0027a": 36, "u0027acea65301d759f922bdb1ab8dd52b57828ff4d64106a93c3eeaf89553466ea58": 117, "u0027ad49d17f25670cf54b14dc7fe3ec086d9fcb92deb4375b598ab95eccd676cdbc": 117, "u0027ae17f31cbeec0471392a42e85cb8b258351351212ab028c0b6b5c101c76083d9": 117, "u0027al": 11, "u0027autotester24": 19, "u0027b": 36, "u0027bas": 19, "u0027bb": 104, "u0027bc56124b126d2a2f468125c38789ff19c9655fdd3a84990a1b90e2f91bca1fd9": 117, "u0027blacklist": 117, "u0027blacklist2": 117, "u0027blocked_us": 89, "u0027c": 91, "u0027california": 91, "u0027canada": 19, "u0027cloudflar": 91, "u0027cmd": 103, "u0027cn": [67, 91], "u0027context": 104, "u0027custom": 98, "u0027cv": 98, "u0027defend": 98, "u0027descript": 19, "u0027destin": 104, "u0027df1ae05c349a5c4e9d3187d0d85bd6172fb131bd5b826a1ffc947db9a09f3dcf": 117, "u0027disablelocalauth": 19, "u0027dynam": 103, "u0027ec": 104, "u0027ecbb": 104, "u0027ecdsa": 91, "u0027endpointid": 124, "u0027exampl": 79, "u0027fbd7f130718c6a73e0afd15d1f8d843426604a866ec63624357f8a952b484ad1": 117, "u0027fd8862560ffa44b8177f1b1e053c1e820f2e19636f28e75a9ac427dba0e15534": 117, "u0027ff8c053969c0a52ff267d25138c71553": 117, "u0027ff8d7335a370d17a1379a949af595f78": 117, "u0027ff8d847f4173dbfcaf0a25c6c17c7b99": 117, "u0027ff8f37fecfb4f7a56531e413883e03f5": 117, "u0027ff8ffea7310d9a4a642cc8018227b91b": 117, "u0027ff9171426d5a9490d548b08a5ca9c805": 117, "u0027ff91fa115ba27cd56716623dc6933946": 117, "u0027ff92b0ea7579e691c1ff669fab5ac186": 117, "u0027ff93c7959f24921381b8338686b0509c": 117, "u0027ff95b2b128eb6b0bdddf39cd05c78a0f": 117, "u0027ff9932c30f72b19e57d9b07f230487e7": 117, "u0027ff995a3411623293f7e3fd72143d04ab": 117, "u0027ff9cd8f4947ad1474d29187220bc3972": 117, "u0027ff9cf495023dd6d5bce4187214b1469b": 117, "u0027ff9d51fb459cf535f33003fabb0e7fd9": 117, "u0027ff9e058dac27fcc739884d3dbe43d81f": 117, "u0027ff9e1e7e499d8c6336fa697c7142fa0c": 117, "u0027ff9e62ecb2bfd5b9ca608a40a96deb04": 117, "u0027ffa44fd7feda32632e8ce84ad0f9101b": 117, "u0027ffa6335553397f28ca47adc34343ca62": 117, "u0027frequ": 19, "u0027get_all_runbook": 19, "u0027http": 88, "u0027id": 152, "u0027javascript": 103, "u0027keynam": 19, "u0027l": 91, "u0027lastseenat": 124, "u0027ldap": 98, "u0027load": 104, "u0027loc": 19, "u0027manu": 124, "u0027md5": 117, "u0027nam": 19, "u0027o": 91, "u0027onetim": 19, "u0027op": 130, "u0027password": 19, "u0027playbook": 98, "u0027primari": 19, "u0027properti": 19, "u0027publicnetworkaccess": 19, "u0027qr": 98, "u0027qradar": 98, "u0027reaqta": 98, "u0027runbook_nam": 19, "u0027san": 91, "u0027sha256": 117, "u0027sku": 19, "u0027slack": 98, "u0027sni": 91, "u0027soartest": 42, "u0027someth": 19, "u0027sourc": 104, "u0027sql": 98, "u0027st": 91, "u0027starttim": 19, "u0027symantec": 98, "u0027t": [79, 80, 117, 185], "u0027tag": 19, "u0027tes43": 19, "u0027tester1324": 19, "u0027u": 91, "u0027us": 152, "u0027user2": 42, "u0027usernam": 19, "u0027watson": 98, "u0027winword": 103, "u0027yyyi": 104, "u003": [8, 35, 41, 42, 43, 46, 64, 85, 88, 89, 91, 98, 102, 103, 106, 107, 108, 109, 116, 117, 124, 127, 130, 131, 146, 152, 185, 186], "u003c": [41, 42, 43, 46, 64, 88, 89, 91, 98, 102, 103, 106, 107, 108, 109, 116, 117, 124, 127, 130, 131, 146, 152, 185, 186], "u003c2022": 91, "u003c3e563564e5cc44a6aebb26f41da9d570": 41, "u003c3e563564exxxxxxxxxxxxxxxx570": 41, "u003c53fe9fb07c4b48218c611b835c1e9603": 41, "u003c6c7f6d14acca4dc8ab34fd78de50e9da": 41, "u003c6c7f6d14axxxxxxxxxxxxxxxx9da": 41, "u003c8a9cc4cff1414ae38fa9b3fa85674f04": 41, "u003ca": [64, 88, 103, 109, 117, 185], "u003cadmin": 8, "u003cassess": 127, "u003cb": [43, 116, 130, 131, 146], "u003cbodi": [41, 42, 91], "u003cbpmndi": 98, "u003cbr": [41, 88, 109, 116, 117, 131, 146], "u003cdacfdd29ab69473b8c7dad28366ca4d9": 41, "u003cdacfdd29axxxxxxxxxxxxxxxx4d9": 41, "u003cdefinit": 98, "u003cdir": 85, "u003cdiv": [41, 64, 106, 107, 108, 109, 124, 152], "u003cdm6pr08mb60609aba5a1c0455aff7c26c954b9": 42, "u003cdocument": 98, "u003cem": 185, "u003cendev": 98, "u003centri": 89, "u003cextensionel": 98, "u003cf2ff33ff93104e74b33f0371b655ace8": 41, "u003cf2ff33ff9xxxxxxxxxxxxxxxxce8": 41, "u003ch2": [88, 91], "u003chead": [41, 42], "u003chtml": [41, 42, 91], "u003cimg": [102, 186], "u003cincom": 98, "u003cli": [102, 186], "u003cmemb": 89, "u003cmeta": [41, 42], "u003cmsg": 89, "u003cn": 35, "u003comgdc": 98, "u003comgdi": 98, "u003copt": 127, "u003coutgo": 98, "u003cp": [41, 46, 102, 131, 152, 186], "u003cprocess": 98, "u003cresili": 98, "u003cresilienthighlight": 127, "u003crespons": 89, "u003cresult": 89, "u003crollup": 127, "u003cscript": 98, "u003cscripttask": 98, "u003csequenceflow": 98, "u003cservicetask": 98, "u003cspan": 41, "u003cstartev": 98, "u003cstyl": 41, "u003ctabl": 91, "u003ctd": 91, "u003cth": 91, "u003ctr": 91, "u003cul": [102, 186], "u003cus": 89, "u003e0": 116, "u003e000webhost": 185, "u003e1": 103, "u003e100": 103, "u003e13477": 127, "u003e1641df58c1027a00f670d41491a2eecff931604c": 116, "u003e2": [103, 127, 146], "u003e2796": 109, "u003e2799": 109, "u003e2802": 109, "u003e404": 64, "u003e8": 8, "u003e8fit": 185, "u003e8track": 185, "u003ea": 185, "u003ead": 131, "u003eadmin": 107, "u003eadministr": 131, "u003eani": 103, "u003eapp": 127, "u003eartist": 91, "u003ebi": 109, "u003eblocked_us": 89, "u003eblocked_user_2": 89, "u003ebob": 91, "u003ebonni": 91, "u003ecisco": 103, "u003eclos": 108, "u003ecommand": 89, "u003edefault": 117, "u003edehash": 185, "u003edidn": 185, "u003edolli": 91, "u003eec": 103, "u003eempir": 91, "u003eexperi": 103, "u003eextrahop": 43, "u003eflow_6b7udwv": 98, "u003eflow_9af41ea": 98, "u003eflow_gvkozkt": 98, "u003eflow_hbegkz1": 98, "u003eflow_qgvwubw": 98, "u003eflow_y10ymbl": 98, "u003efn_slack": 127, "u003efor": 117, "u003efrom": 131, "u003egari": 91, "u003egreatest": 91, "u003ehid": 91, "u003ehour": 103, "u003eincid": 88, "u003ejeff": 89, "u003ejohndo": 41, "u003ejra": 64, "u003elog": 103, "u003emark": 106, "u003emi": [91, 131], "u003emicrosoft": 103, "u003eminut": 103, "u003enot": [109, 124, 131], "u003enotifi": 88, "u003eon": 109, "u003epassword": 117, "u003ereleas": 46, "u003erepli": 109, "u003es": 41, "u003escript": 98, "u003esend": 41, "u003esentinelon": 116, "u003esom": 46, "u003esourc": 103, "u003estil": 91, "u003esumo": 130, "u003esur": 109, "u003esymantec": 131, "u003etask": 109, "u003etest": [42, 152], "u003ether": [102, 127, 186], "u003ethi": 109, "u003etitl": 91, "u003eus": 131, "u003eusernam": 103, "u003evmwar": 146, "u003ex": [102, 186], "u003ezip": 127, "u00a0": 80, "u00a0and": 144, "u00a0assign": 144, "u00a0corpor": 144, "u00a0for": 144, "u00a0nam": 144, "u00a0numb": 144, "u00e4chtig": 159, "u0414": 153, "u041b": 153, "u043": 153, "u0430": 153, "u0433": 153, "u0438": 153, "u043d": 153, "u043f": 153, "u0440": 153, "u044c": 153, "u044f": 153, "u0i": 98, "u1oglu6m": 98, "u200cdescript": 124, "u2019": [57, 185], "u3044": 159, "u3057": 159, "u308f": 159, "u30b9": 159, "u30d1": 159, "u30e0": 159, "u3t46nen": 98, "u4ef6": 159, "u53ef": 159, "u573": 159, "u5783": 159, "u7591": 159, "u90a": 159, "u90f5": 159, "u_ibm_resilient_incident_id": 120, "ua": 15, "uax01": 108, "ubi": 4, "ubi8": 85, "ubuntu": [59, 117], "uc": 187, "ucf": 91, "udid": 69, "udp": 43, "udp_port_scan": 43, "ue": 187, "uesdbbqacagiabakifuaaaaaaaaaaaaaaaakaaaazxhwb3j0lnjlc80z227bopz9v4lwc2rlsmzlqtaz7syfiu0nkw6wi81aoetkziujgljkyhtz73ti6kbjsz10go1lg5pnfufrt78hnmnjxxghz": 98, "uesdbbqacagiabowifuaaaaaaaaaaaaaaaakaaaazxhwb3j0lnjlc80z227bopz9v4lwc2trastbnrptjgwk7q2tdrclzucgrmpmk4kauupifppve0jqrsljnxsa7usbk": 98, "ufeffssn": 47, "ufoakqrxarcjakabf7ui7pv6v7": 98, "uga": 137, "uganda": 137, "ui": [4, 8, 19, 41, 46, 49, 64, 73, 74, 79, 95, 103, 110, 115, 119, 120, 161, 180, 183, 186, 187], "ui_them": [60, 127], "uid": [0, 35, 67, 87, 103, 117, 130, 160, 182, 192], "uihbvitfyuwfttbjc1": 187, "uk": [147, 150, 187], "ukljorzdz5llpr": 98, "ukr": 137, "ukrain": 137, "ukrainian": 147, "ul": [13, 18, 25, 46, 79, 91, 102, 116, 130, 131, 146, 186], "ulimit": 192, "ultim": 102, "ultra": 43, "umbinv_dns_typ": 27, "umbinv_resourc": 27, "umbrella": [144, 156, 187], "umbrella_classifi": 27, "umbrella_dns_rr_hist": 27, "umbrella_domain_co_occurr": 27, "umbrella_domain_related_domain": 27, "umbrella_domain_security_info": 27, "umbrella_domain_status_and_categori": 27, "umbrella_domain_volum": 27, "umbrella_domain_whois_info": 27, "umbrella_ip_as_info": 27, "umbrella_ip_latest_malicious_domain": 27, "umbrella_pattern_search": 27, "umbrella_threat_grid_sampl": 27, "umbrella_timelin": 27, "umfd": 108, "umi": 137, "ump0ga": 98, "umqlqjsqfdoabyz3eucmgghx1x82jy5dhoqmedh6l9n5juudr87jpwp": 98, "un": [35, 78, 117, 133], "unabl": [24, 31, 41, 66, 71, 88, 106, 107, 110, 113, 130, 133, 137, 138, 146, 148, 152, 157, 183], "unack_output": 35, "unapprov": 43, "unapproved_saa": 43, "unarchiv": 133, "unari": 53, "unassign": [43, 60, 103, 127], "unauthent": [43, 88], "unauthor": [15, 43, 107], "unauthoris": 37, "unauthorized_caller_error": 43, "unauthorizedaccess": 15, "unavail": [42, 43, 100], "unblock": 89, "uncategoris": 37, "unchang": [4, 124], "uncom": [3, 4, 11, 26, 27, 31, 36, 38, 45, 70, 88, 89, 91, 111, 113, 114, 130, 144, 148, 181, 191], "uncompress": [30, 134], "unconvent": 43, "unconventional_data_transf": 43, "unconventional_new_external_host": 43, "unconventional_new_internal_host": 43, "unconventional_new_protocol": 43, "unconventional_rdp_behavior": 43, "unconventional_rdp_data_transf": 43, "unconventional_rfb_behavior": 43, "unconventional_rfb_data_transf": 43, "unconventional_smb_cifs_data_transf": 43, "unconventional_ssh_behavior": 43, "unconventional_ssh_data_transf": 43, "unconventional_telnet_data_transf": 43, "unconvertedcont": 153, "undecid": 107, "undefin": [49, 116, 131], "under": [3, 10, 11, 12, 15, 16, 26, 29, 30, 33, 35, 41, 43, 46, 47, 48, 52, 56, 61, 64, 67, 68, 70, 72, 80, 87, 88, 89, 95, 101, 103, 104, 111, 113, 114, 115, 121, 123, 128, 129, 132, 133, 135, 141, 143, 157, 161, 162, 168, 178, 179, 180, 181, 182, 183, 184, 192], "underli": 119, "underscor": [97, 125, 182], "understand": [120, 151], "undesir": 133, "undetect": [144, 188], "undetermin": [80, 137], "undo": 117, "unencrypt": [0, 43, 111], "unencrypted_zoom": 43, "unexpect": [15, 16, 43, 49, 117, 155, 183], "unexpected_dropped_connect": 43, "unexpected_service_access": 43, "unfilt": 16, "unfortun": [88, 183], "unfoundus": 133, "unicod": [10, 11, 13, 16, 18, 20, 25, 33, 43, 46, 53, 64, 67, 79, 91, 116, 130, 131, 144, 146, 155, 182, 191], "unifi": [88, 107, 133], "unifiedtravelerdeviceid": 69, "unimport": 137, "uninstal": [7, 8, 9, 11, 13, 14, 15, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 31, 32, 34, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 56, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 73, 74, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 134, 136, 137, 140, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 159, 162, 169, 183, 187], "uninstall_cod": 146, "unintend": 38, "uniq_countries_int": 187, "uniq_url": 91, "uniqcountri": 187, "uniqu": [1, 15, 18, 24, 25, 33, 35, 41, 43, 57, 59, 61, 69, 72, 82, 96, 97, 99, 114, 117, 119, 120, 133, 148, 167, 185, 191], "unique_ip": 91, "unique_item": 18, "unique_kei": [72, 167], "unique_list_items_to_csv_str": 18, "uniqueid": 117, "uniqueidtyp": 42, "unisol": 78, "unit": [7, 13, 56, 62, 67, 85, 96, 131, 136, 137, 143, 146, 148, 152, 168, 184], "univers": [4, 96, 117], "universal_avatar": 64, "university_domain": 72, "unixodbc": 182, "unixvolum": 54, "unknown": [7, 8, 10, 24, 42, 43, 49, 63, 65, 78, 79, 80, 103, 104, 106, 107, 113, 116, 130, 138, 145, 146, 155, 185, 187], "unknown_app": 146, "unknown_md5_str": 155, "unknown_public_dns_serv": 43, "unknown_s3_bucket_upload": 43, "unlaw": 188, "unless": [59, 103, 178, 179, 180, 181, 182, 183, 184, 191], "unlimit": [111, 167], "unlist": 93, "unlock": 88, "unlock_cod": 24, "unlockedmeetingjoinsecur": 148, "unmanag": 117, "unnecessari": [43, 97, 183], "unoffici": 183, "unpack": 159, "unprivileg": [178, 180, 181, 182, 184], "unrat": [144, 159, 188], "unreach": 8, "unread": 41, "unresolv": [43, 78, 80, 104, 107, 108, 116, 124, 130, 146, 152], "unrestrict": 78, "unrestrictcodeexecut": 78, "unsaf": [43, 51], "unsafe_ldap_auth": 43, "unset": 130, "unsign": [46, 116], "unsolicit": 188, "unsort": [36, 59], "unspecifi": [85, 107, 184], "unspecified_xpn_project_statu": 49, "unstyl": 153, "unsuccess": [20, 24, 67, 77, 78, 108, 117, 129], "unsupport": [10, 30, 34, 81, 102], "unsupportedalerttyp": 78, "untag": 46, "until": [11, 41, 74, 80, 121, 145, 180], "untrust": 85, "unus": [30, 49, 111, 180, 184, 192], "unusu": [15, 35, 43], "unusual_iot_protocol": 43, "unusual_kerberos_fingerprint": 43, "unusual_protocol_for_enterprise_softwar": 43, "unusual_s3_download": 43, "unusual_user_login_tim": 43, "unusual_working_hour": 56, "unusualapisaccountprofil": 15, "unusualapisuseridentityprofil": 15, "unusualasnsaccountprofil": 15, "unusualasnsuseridentityprofil": 15, "unusualbehavior": 15, "unusualuseragentsaccountprofil": 15, "unusualuseragentsuseridentityprofil": 15, "unusualusernamesaccountprofil": 15, "unusualusertypesaccountprofil": 15, "unverifi": 185, "unwant": [100, 107], "unwanted_valu": 70, "unwantedsoftwar": 78, "unwieldi": 18, "unzip": [10, 11, 12, 16, 29, 30, 45, 52, 55, 61, 68, 81, 95, 100, 101, 115, 121, 123, 128, 132, 134, 138, 141, 142, 143, 145, 157, 161, 167, 168, 169, 171, 172, 174, 175, 176, 178, 180, 181, 182, 184, 185, 186, 187, 188, 192], "up": [10, 11, 12, 13, 16, 18, 25, 29, 34, 39, 46, 48, 49, 51, 52, 53, 57, 61, 68, 69, 75, 76, 78, 79, 82, 88, 91, 95, 96, 100, 101, 103, 106, 114, 115, 116, 117, 118, 121, 123, 128, 129, 130, 131, 132, 135, 137, 140, 141, 143, 145, 146, 151, 155, 157, 161, 178, 180, 181, 182, 183, 184, 185, 192], "up_to_d": 117, "upd_det_datetim": 43, "updat": [3, 4, 7, 8, 9, 10, 11, 14, 15, 19, 20, 21, 22, 23, 24, 25, 27, 29, 32, 33, 34, 35, 39, 41, 42, 53, 56, 57, 59, 60, 61, 64, 65, 70, 71, 73, 75, 76, 81, 82, 83, 87, 88, 89, 90, 91, 95, 99, 100, 102, 105, 107, 108, 109, 110, 111, 112, 115, 118, 120, 121, 123, 127, 128, 132, 135, 136, 141, 142, 144, 146, 150, 152, 153, 154, 155, 159, 160, 162, 167, 170, 173, 175, 177, 178, 179, 180, 181, 182, 183, 184, 185, 188, 189, 190, 191, 192], "update_agent_result": 116, "update_alert_data_t": 137, "update_cas": [35, 49, 64, 107, 113, 116, 130, 146], "update_case_templ": 131, "update_datat": 15, "update_defender_alert_templ": 78, "update_defender_incident_templ": 78, "update_detection_ok": 43, "update_detection_result": 43, "update_ev": 129, "update_field": 15, "update_fingerprintlist_result": 117, "update_incident_templ": [78, 80], "update_insight_status_result": 130, "update_kei": 49, "update_object_stat": 98, "update_result": 67, "update_sentinel_incident_templ": 80, "update_statu": 113, "update_status_result": 116, "update_task": 64, "update_tim": [43, 49], "update_watchlist_result": 43, "update_workflow_stat": 98, "updateauthor": 64, "updated_allowlist": 155, "updated_allowlist_url": 155, "updated_at": [15, 46, 90, 107], "updated_customlist": 155, "updated_d": 102, "updated_kei": 49, "updated_mark": 49, "updated_valu": 49, "updatedat": [15, 116, 152], "updateddatetim": 37, "updatedon": 78, "updatetim": 77, "upgrad": [11, 15, 25, 36, 42, 43, 45, 53, 56, 57, 64, 66, 67, 74, 78, 80, 81, 85, 87, 88, 89, 90, 91, 99, 103, 104, 108, 114, 117, 118, 119, 125, 129, 133, 142, 144, 153, 157, 178, 180, 181, 182, 183, 184, 187, 190, 191], "uphfynnfimjgtg6ynou81a5o9xokisdbhdphpmnd9wti": 98, "upload": [46, 47, 49, 64, 73, 116, 125, 127, 167], "upload_commandid": 117, "upload_file_result": 117, "upload_result": 131, "upload_url": 46, "uploadd": 16, "upnp": [43, 117], "upon": [41, 65, 72, 111, 112, 119, 121, 133, 143, 148], "upper": [9, 35, 49, 113, 117, 137, 146], "uppercas": 16, "upsellopportunity__c": 113, "upsert": 181, "upstream": 152, "upto": 34, "upward": 59, "ur": 147, "urdu": 147, "urgenc": [21, 90, 110, 119], "urgency_chang": 90, "uri": [37, 43, 51, 58, 65, 72, 81, 92, 111, 119, 121, 129, 133, 137, 148, 154, 155, 157, 167, 173, 174, 176, 187, 188], "uri_frag": 144, "uriclicksecurityst": 79, "urilookup": 144, "url": [7, 8, 9, 10, 12, 13, 14, 18, 19, 20, 24, 25, 26, 29, 31, 32, 34, 35, 37, 38, 39, 41, 42, 43, 45, 46, 48, 51, 52, 55, 58, 61, 64, 65, 68, 69, 72, 73, 74, 75, 78, 79, 80, 81, 82, 83, 86, 88, 89, 91, 92, 96, 99, 100, 101, 102, 103, 106, 107, 108, 111, 113, 114, 115, 116, 117, 120, 121, 122, 123, 124, 125, 128, 129, 130, 131, 132, 133, 134, 135, 139, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 152, 153, 154, 156, 157, 159, 161, 167, 169, 173, 174, 176, 180, 186, 187, 188, 189], "url_analysi": 72, "url_artifact__c": 113, "url_bas": 168, "url_count": 155, "url_encod": 146, "url_filt": 155, "url_formatt": 35, "url_frag": 188, "url_html": [82, 186], "url_list": 9, "url_lookup": 168, "url_map": 98, "url_of_your_jira_serv": 64, "url_part": 13, "urlhau": [13, 72, 144, 156, 188], "urllib": 146, "urllib3": 157, "urllist": 85, "urlparamet": 79, "urlqueri": [144, 188], "urlscan": [72, 127, 156], "urlscan_phish": 72, "urlscanio": [142, 176, 187], "urlscanio_api_kei": 142, "urlscanio_publ": 187, "urlscanio_refer": 187, "urlscanio_report_url": 142, "urlscanio_screenshot_url": 142, "urlscanio_url": [142, 187], "urlscanio_userag": 187, "urlss": 155, "urltodns_url": 140, "urlvir": 13, "urlvoid": 13, "urn": 54, "uruguai": 137, "us": [0, 1, 2, 4, 5, 6, 7, 8, 10, 11, 12, 13, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 44, 45, 46, 48, 49, 51, 52, 53, 54, 55, 57, 58, 59, 60, 61, 63, 65, 66, 68, 69, 70, 71, 72, 74, 75, 76, 77, 79, 80, 81, 84, 85, 86, 90, 91, 92, 93, 94, 95, 96, 98, 99, 100, 101, 106, 107, 109, 110, 112, 113, 114, 115, 116, 117, 118, 119, 121, 122, 123, 124, 125, 126, 127, 128, 130, 131, 132, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 170, 171, 172, 174, 175, 176, 178, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191], "us05web": 32, "us1": 152, "us12": 107, "us2": [107, 152], "us3": 107, "usa": 137, "usabl": 4, "usag": [34, 44, 88, 102, 156], "usage_in_kernelmod": 38, "usage_in_usermod": 38, "usagetyp": 7, "usb": 117, "usc2": 149, "usc3": 149, "use_cas": 21, "use_commit": 84, "use_private_secret": 88, "use_ssl": [160, 184], "use_support_hour": 90, "use_textfsm_templ": 84, "used_in_group": 24, "user": [8, 9, 11, 12, 14, 15, 18, 19, 20, 21, 22, 23, 24, 25, 29, 30, 31, 32, 35, 37, 39, 40, 41, 43, 46, 47, 49, 53, 54, 57, 59, 60, 61, 64, 67, 69, 70, 71, 72, 73, 75, 78, 79, 80, 82, 85, 87, 88, 90, 94, 95, 98, 101, 102, 103, 104, 106, 107, 108, 111, 115, 116, 117, 119, 120, 123, 124, 125, 127, 128, 129, 130, 131, 133, 136, 137, 142, 143, 146, 148, 152, 153, 154, 155, 157, 160, 163, 166, 168, 173, 174, 176, 178, 180, 181, 182, 183, 184, 185, 186, 187, 190, 191], "user1": [41, 42, 67, 89, 111, 133], "user1686331325735812": 113, "user2": [41, 42, 67, 89, 111, 133], "user_ag": 94, "user_agent_str": 137, "user_delet": 74, "user_dn": 67, "user_email": [59, 94], "user_fnam": [60, 127], "user_id": [59, 60, 96, 127], "user_imperson": 19, "user_info": 125, "user_ip_address": 137, "user_list": 89, "user_lnam": [60, 127], "user_login": 130, "user_messag": 133, "user_mod_tim": 43, "user_nam": [15, 16, 59, 60, 74, 127], "user_overrid": [102, 103, 186], "user_refer": 90, "user_st": 79, "user_statu": 67, "user_tag": 106, "user_typ": 15, "user_update_timestamp": 146, "user_usernam": 130, "user_username_raw": 130, "user_workflow_upd": 146, "usera": 88, "useraccount": 78, "useraccountcontrol": 67, "useraccounttyp": 79, "useractionsneed": 116, "userag": 15, "useragentcategori": 15, "userassignedident": 19, "userb": 88, "userd": [102, 186], "userdomain": 69, "userid": [16, 113, 153], "useridentitytyp": 133, "usermod": 192, "usernam": [8, 12, 15, 16, 19, 20, 21, 25, 29, 35, 38, 39, 41, 43, 56, 59, 63, 64, 66, 67, 69, 74, 84, 85, 88, 89, 96, 99, 102, 103, 104, 110, 111, 113, 114, 115, 117, 119, 121, 125, 129, 130, 131, 146, 154, 155, 162, 166, 173, 189, 191, 192], "username_count": 104, "userpassword": 67, "userpermissionscallcenterautologin": 113, "userpermissionsinteractionus": 113, "userpermissionsjigsawprospectingus": 113, "userpermissionsknowledgeus": 113, "userpermissionsliveagentus": 113, "userpermissionsmarketingus": 113, "userpermissionsofflineus": 113, "userpermissionssfcontentus": 113, "userpermissionssiteforcecontributorus": 113, "userpermissionssiteforcepublisherus": 113, "userpermissionssupportus": 113, "userpermissionsworkdotcomuserfeatur": 113, "userpreferencesactivityreminderspopup": 113, "userpreferencesapexpagesdevelopermod": 113, "userpreferencescachediagnost": 113, "userpreferencescontentemailasandwhen": 113, "userpreferencescontentnoemail": 113, "userpreferencescreatelexappswtshown": 113, "userpreferencesdisableallfeedsemail": 113, "userpreferenceseventreminderscheckboxdefault": 113, "userpreferencesexcludemailappattach": 113, "userpreferencesfavoritesshowtopfavorit": 113, "userpreferencesfavoriteswtshown": 113, "userpreferencesglobalnavbarwtshown": 113, "userpreferencesglobalnavgridmenuwtshown": 113, "userpreferenceshascelebrationbadg": 113, "userpreferenceshassentwarningemail": 113, "userpreferenceshassentwarningemail238": 113, "userpreferenceshassentwarningemail240": 113, "userpreferenceshidebiggerphotocallout": 113, "userpreferenceshidechatteronboardingsplash": 113, "userpreferenceshidecsndesktoptask": 113, "userpreferenceshidecsngetchattermobiletask": 113, "userpreferenceshideenduseronboardingassistantmod": 113, "userpreferenceshidelightningmigrationmod": 113, "userpreferenceshides1browserui": 113, "userpreferenceshidesecondchatteronboardingsplash": 113, "userpreferenceshidesfxwelcomemat": 113, "userpreferencesjigsawlistus": 113, "userpreferenceslightningexperiencepref": 113, "userpreferencesnativeemailcli": 113, "userpreferencesnewlightningreportrunpageen": 113, "userpreferencespathassistantcollaps": 113, "userpreferencespreviewcustomthem": 113, "userpreferencespreviewlightn": 113, "userpreferencesreceivenonotificationsasapprov": 113, "userpreferencesreceivenotificationsasdelegatedapprov": 113, "userpreferencesrecordhomereservedwtshown": 113, "userpreferencesrecordhomesectioncollapsewtshown": 113, "userpreferencesremindersoundoff": 113, "userpreferencesreverseopenactivitiesview": 113, "userpreferencesshowcitytoexternalus": 113, "userpreferencesshowcitytoguestus": 113, "userpreferencesshowcountrytoexternalus": 113, "userpreferencesshowcountrytoguestus": 113, "userpreferencesshowemailtoexternalus": 113, "userpreferencesshowemailtoguestus": 113, "userpreferencesshowfaxtoexternalus": 113, "userpreferencesshowfaxtoguestus": 113, "userpreferencesshowforecastingchangesign": 113, "userpreferencesshowmanagertoexternalus": 113, "userpreferencesshowmanagertoguestus": 113, "userpreferencesshowmobilephonetoexternalus": 113, "userpreferencesshowmobilephonetoguestus": 113, "userpreferencesshowpostalcodetoexternalus": 113, "userpreferencesshowpostalcodetoguestus": 113, "userpreferencesshowprofilepictoguestus": 113, "userpreferencesshowstatetoexternalus": 113, "userpreferencesshowstatetoguestus": 113, "userpreferencesshowstreetaddresstoexternalus": 113, "userpreferencesshowstreetaddresstoguestus": 113, "userpreferencesshowtitletoexternalus": 113, "userpreferencesshowtitletoguestus": 113, "userpreferencesshowworkphonetoexternalus": 113, "userpreferencesshowworkphonetoguestus": 113, "userpreferencessrhoverrideact": 113, "userpreferencessuppresseventsfxremind": 113, "userpreferencessuppresstasksfxremind": 113, "userpreferencestaskreminderscheckboxdefault": 113, "userpreferencesuserdebugmodepref": 113, "userprincipalnam": [67, 78, 79, 80], "userproperty1": 74, "userproperty2": 74, "userproperty3": 74, "userproperty4": 74, "userproperty5": 74, "userproperty6": 74, "userproperty7": 74, "userproperty8": 74, "userroleid": 113, "users_dn": 67, "users_list": 89, "usersid": [78, 108], "userslist": 74, "userst": 79, "usertrigg": 35, "usertyp": [15, 113], "useruniqnam": 124, "userworkflowdto": 146, "usio": 176, "usnchang": 67, "usncreat": 67, "usr": [10, 12, 16, 23, 29, 52, 56, 61, 68, 86, 95, 100, 101, 115, 123, 128, 130, 132, 141, 143, 161, 182], "usr1": 85, "usr2": 85, "usual": [58, 72, 78, 85, 111, 120, 121], "usw2": 149, "usxx": 107, "utah": 118, "utc": [19, 79, 91, 106, 114, 130, 137, 148, 182], "utc_tim": [106, 137], "utcnow": 79, "utf": [13, 41, 42, 60, 91, 98, 111, 113, 127, 167, 182, 192], "util": [4, 11, 30, 33, 58, 59, 64, 69, 77, 78, 84, 87, 102, 105, 117, 119, 131, 133, 138, 148, 152, 156, 162, 165, 184, 190], "utilities_artifact_hash": 143, "utilities_attachment_to_base64": 30, "utilities_base64_to_attach": 48, "utilities_call_rest_api": 30, "utilities_expand_url": 30, "utilities_json2html": 30, "utilities_pdfid": 143, "utl": 78, "utleywrrbuv4shbacstvqukvchvpqt09": 32, "utuxaixy5vo0cmi2digm7mq0h9sbf0vdjydor6h2oapubuhddcui01r1ubp": 98, "uuid": [5, 27, 33, 35, 43, 54, 59, 60, 81, 98, 108, 116, 117, 121, 127, 153, 187], "uuid_hash": 88, "uunet": 15, "uw": 187, "uwf": 117, "uwz": 122, "ux": [117, 157], "uxjycnksimc": 111, "uz5dii8mpssxwwe0eu8jkpzbn5mn0g": 85, "uzb": 137, "uzbekistan": 137, "v": [4, 13, 18, 21, 25, 32, 43, 46, 55, 74, 78, 79, 80, 91, 98, 116, 119, 130, 131, 144, 146, 157, 168, 182, 187], "v0": [24, 35], "v1": [9, 11, 12, 15, 21, 24, 27, 33, 36, 41, 43, 49, 53, 58, 66, 79, 83, 87, 88, 89, 90, 96, 99, 102, 103, 106, 107, 108, 117, 120, 121, 124, 129, 133, 141, 142, 144, 148, 152, 153, 155, 169, 182, 184, 187, 189, 191], "v2": [7, 18, 19, 32, 36, 41, 42, 52, 57, 61, 63, 64, 67, 74, 79, 90, 92, 99, 102, 103, 104, 107, 116, 119, 121, 125, 131, 133, 134, 144, 146, 152, 157, 169], "v3": [46, 57, 81, 115, 144, 188, 192], "v30": [9, 34], "v31": [9, 34, 52, 59, 75, 95, 120, 132, 161], "v32": [68, 100], "v33": 52, "v3333333laalt": 19, "v34": 56, "v35": [10, 56, 61, 69, 76, 101, 115, 123, 128, 142, 145], "v36": [12, 29, 140, 151], "v37": [4, 183], "v39": 182, "v391ac8zxajydao6oyrndwwk8cosdrt5aykiy66innwcyswjwjgdqqg5nlxe6j8goxprgzwp54makmxfvhgo6ymi4vwn5fgiqpjae52a6hccwaobsorq": 98, "v3lqfkmx": 93, "v4": [43, 51, 72, 143, 150, 191], "v40": [3, 182], "v42": 143, "v43": [97, 127], "v45": [74, 97, 188], "v46": 114, "v47": 190, "v48": 183, "v5": 35, "v50": [11, 90], "v51": [118, 121, 141, 150, 168], "v58": 113, "v5vnr": 98, "v6": [43, 72, 146, 191], "v7": [146, 187], "v9": 89, "v_info": 15, "vade": 63, "vagrant": 35, "vaku": 43, "val": 102, "valid": [4, 16, 24, 38, 43, 46, 72, 80, 85, 88, 89, 90, 91, 95, 97, 102, 103, 104, 111, 118, 120, 121, 129, 131, 138, 144, 155, 156, 167, 186, 188, 190], "valid_from": 102, "valid_sinc": 96, "validate_field": [24, 43, 117], "validatedinruntim": 152, "validationerror": 16, "validationset": 19, "validfrom": 187, "validto": 187, "valu": [3, 7, 8, 9, 10, 11, 12, 13, 15, 16, 18, 19, 20, 21, 23, 24, 25, 26, 27, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 48, 49, 51, 53, 54, 55, 56, 57, 59, 60, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 85, 86, 87, 88, 89, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 119, 120, 122, 124, 125, 126, 127, 129, 130, 131, 135, 136, 137, 138, 140, 142, 143, 144, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 159, 160, 161, 162, 163, 167, 168, 169, 178, 180, 182, 183, 184, 185, 186, 187, 188, 189, 191, 192], "value1": [67, 81, 114], "value2": [67, 81, 114], "value3": 67, "value_data": [9, 34], "value_playbook": 98, "value_typ": 102, "value_workflow": 98, "valueerror": [16, 24, 43, 117, 155], "valuefrompipelin": 19, "valuefrompipelinebypropertynam": 19, "valuefromremainingargu": 19, "van": 18, "vancouv": 118, "vanuatu": 137, "var": [10, 11, 12, 16, 29, 30, 35, 43, 47, 49, 52, 53, 61, 64, 68, 77, 80, 90, 91, 95, 100, 101, 106, 107, 113, 115, 116, 120, 123, 125, 128, 130, 132, 141, 143, 146, 152, 161, 182, 190, 192], "varbinari": 182, "varchar": 182, "vari": [41, 72, 111, 157, 167, 182], "variabl": [1, 11, 18, 32, 44, 46, 47, 105, 120, 130, 137, 142, 152, 182, 191, 192], "variable_1": 131, "variant": [99, 102, 129, 137], "varieti": [111, 164, 191], "variou": [29, 38, 72, 111, 127, 157], "vat": 137, "vatican": 137, "vault": [144, 188], "vazsyk8r9y3idc7bt5llq2qjspsntyh": 98, "vc": [34, 122], "vc2": 34, "vc_collect": 34, "vcenter": [43, 106], "vcenter_host_url": 146, "vcenter_nam": 146, "vcenter_serv": 106, "vcenter_uuid": 146, "vct": 137, "vd": 108, "vdi": 74, "vdi_base_devic": 146, "vdi_provid": 146, "ve": 64, "vector": [57, 133, 185, 191], "ven": 137, "vendor": [21, 34, 43, 79, 99, 106, 113, 122, 152], "vendor_sever": 152, "vendorinform": 79, "vendornam": 80, "vendorsever": 152, "venezuela": 137, "venu": 41, "venv_3": 157, "ver": [60, 64, 108, 127], "verbos": [84, 121, 157, 188], "verbose_msg": 188, "verd": [137, 159], "verdict": [72, 78, 94, 116, 144, 187, 188], "verdict_nam": 72, "veri": [11, 18, 47, 53, 85, 91, 102, 114, 127, 136, 182, 186, 192], "verif": [12, 39, 46, 64, 74, 78, 88, 108, 109, 111, 157], "verifi": [4, 8, 10, 12, 13, 16, 21, 23, 29, 37, 46, 52, 56, 61, 64, 66, 68, 78, 80, 81, 83, 88, 95, 100, 101, 106, 110, 111, 113, 115, 116, 118, 121, 123, 128, 132, 141, 143, 153, 157, 161, 167, 168, 185, 187, 189, 190, 191, 192], "verify_cert": [23, 41, 54, 64, 75, 81, 102, 103, 104, 129, 192], "verify_for_scan_failed_flag": 187, "verifyflag": [90, 162], "verisign": 78, "verita": 117, "versa": 16, "version": [0, 1, 3, 4, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 27, 28, 29, 30, 31, 33, 34, 36, 37, 38, 39, 42, 43, 44, 45, 47, 48, 49, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 63, 65, 67, 68, 69, 70, 71, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 100, 101, 102, 104, 109, 110, 111, 112, 114, 115, 116, 117, 118, 119, 121, 122, 123, 125, 126, 127, 128, 129, 131, 132, 133, 134, 136, 138, 140, 141, 142, 143, 147, 148, 149, 150, 151, 153, 154, 157, 159, 161, 162, 163, 167, 168, 169, 172, 178, 179, 180, 181, 183, 184, 185, 186, 187, 188, 189, 190, 191], "version_info": 182, "versionedrepresent": 64, "versionid": 108, "vertic": [86, 187], "verydarkmod": [60, 127], "veryhigh": 187, "vgauth": 108, "vgauthservic": 108, "vgb": 137, "vi": [45, 115, 147], "via": [18, 21, 22, 24, 33, 40, 42, 43, 55, 64, 65, 78, 81, 82, 85, 88, 89, 100, 106, 108, 110, 113, 116, 117, 119, 125, 130, 134, 137, 138, 150, 153, 161, 162, 168, 182, 183, 184, 190], "viabl": 111, "vice": 16, "victim": [35, 43, 78], "video": 85, "viet": 137, "vietnames": 147, "viettel": [144, 188], "view": [10, 12, 13, 15, 16, 28, 29, 32, 37, 38, 43, 52, 61, 62, 64, 68, 74, 78, 95, 100, 101, 103, 104, 106, 113, 115, 121, 123, 124, 126, 128, 130, 132, 140, 141, 143, 146, 151, 155, 161, 168, 183, 189, 190, 191], "view_item": 98, "vignette1": 96, "vignette3": 96, "vim": 192, "vincent": 137, "violat": [16, 56, 103, 104], "vip": [21, 27], "vipr": [144, 188], "vir": 137, "virgin": 137, "viriback": [72, 144, 188], "virilist": 72, "virtual": [2, 3, 41, 54, 59, 79, 80, 104, 111], "virtual_machin": [146, 152], "virtual_private_cloud_id": 146, "virtualbox": [33, 192], "virtualenv": 3, "virtualization_provid": 146, "virtualizationplatform": 117, "virtualmachin": [78, 79, 80], "viru": [28, 117, 122, 127, 146], "virus": 28, "virustot": [127, 156], "virustotal_gui_url": 144, "visibl": [35, 46, 103, 107, 115, 126, 133, 187, 192], "visit": [27, 150, 154, 160, 177, 188], "vista": 43, "visual": [4, 35, 136], "vivisect": 44, "viz": 52, "vl1oaaaaaaaaaapaaigalajaaabqaaaagaaaaaaaaaaaaaaagaaaaaabaaqaaaaagaaaaagaabaaaaaaaaaagaaaaaaaaaabgaaaaagaaaaaaaamayiuaaeaaaaaaaabaaaaaaaaaaaaqaaaaaaaaiaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaabaaadmbaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaajdiaabwaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa": 78, "vl8olqvjcjiagesiwe231vleelxf39": 98, "vlanid": 43, "vm": [108, 192], "vm3dservic": 108, "vm_bruteforc": 80, "vm_ip": 146, "vm_name": 146, "vm_profile_list": 73, "vm_uuid": 146, "vmem": 38, "vmid": 78, "vmmetadata": 78, "vmrai": 156, "vmray_analyzer_report_request_timeout": 145, "vmray_analyzer_url": 145, "vmray_api_kei": 145, "vmsa": 106, "vmtoolsd": 108, "vmware": [43, 54, 106, 108, 117, 130, 156], "vmware_cbc_alert_id": 146, "vmware_cbc_alert_link": 146, "vmware_cbc_alert_note_text": 146, "vmware_cbc_alert_reason_cod": 146, "vmware_cbc_alert_typ": 146, "vmware_cbc_attack_tact": 146, "vmware_cbc_closure_reason": 146, "vmware_cbc_descript": 146, "vmware_cbc_determin": 146, "vmware_cbc_determination_valu": 146, "vmware_cbc_device_act": 146, "vmware_cbc_device_dt": 146, "vmware_cbc_device_id": 146, "vmware_cbc_device_toggl": 146, "vmware_cbc_id": 146, "vmware_cbc_incident_id": 146, "vmware_cbc_note_text": 146, "vmware_cbc_note_typ": 146, "vmware_cbc_observ": 146, "vmware_cbc_observations_dt": 146, "vmware_cbc_override_list": 146, "vmware_cbc_process_id": 146, "vmware_cbc_processes_dt": 146, "vmware_cbc_reputation_overrid": 146, "vmware_cbc_statu": 146, "vmware_cbc_tag": 146, "vmware_cbc_threat_id": 146, "vmware_cbc_workflow_closure_reason": 146, "vmware_cbc_workflow_statu": 146, "vn": 159, "vnc": 43, "vnc_unusual_loc": 43, "vnm": 137, "vnyqebod5gmevzh8sg": 98, "vodafon": 15, "voic": 150, "void": 13, "voip": [7, 43], "voip_call_failur": 43, "voip_unavailability_error": 43, "vol": [38, 85], "volatil": 85, "volatility_loc": 85, "volum": [4, 27, 38, 43, 54, 85, 127, 170, 188], "voluntari": 111, "vote": 64, "votesbenign": 187, "votesmalici": 187, "votestot": 187, "vp2so1rbhgcyeoz9nfzbmfrogryw2mmlc9anepctqfbnkbiozeh": 85, "vpc_id": 43, "vpn": [7, 43, 72, 117, 168], "vpn_gateway_unusual_loc": 43, "vpnthplupv8dougaxumusacyqxhx8g004mj": 98, "vr": 187, "vr683nzzsule1nteli4urq6vpy8pkaaimjif3": 187, "vrgxswcjqftp6zs1nf4qep8dhysehemi76": 187, "vrsn": 144, "vsa": 43, "vscode": 192, "vsicstatu": 117, "vsphere": 106, "vsy": 89, "vsys1": 89, "vt_data": [144, 188], "vt_id": 144, "vt_scan_result": 144, "vt_type": [144, 188], "vti": 145, "vti_scor": 145, "vu": 13, "vul": 153, "vuln": 152, "vuln_scann": 130, "vulner": [20, 34, 43, 49, 81, 103, 106, 115, 123, 150, 173], "vulnerability_configur": 34, "vulnerability_count": 103, "vulnerability_descript": 152, "vulnerability_nam": 152, "vulnerability_result": 152, "vulnerability_scor": 146, "vulnerability_sever": 146, "vulnerabilityst": 79, "vulnerable_asset_id": 152, "vulnerable_asset_o": 152, "vulnerable_asset_typ": 152, "vulnerable_configur": 34, "vulnerable_configuration_cpe_2_2": 34, "vulnerable_obj_outli": 56, "vulnerableasset": 152, "vuner": 78, "vut": 137, "vv": 76, "vvv": 192, "vw": 43, "vx": [144, 188], "vxvault": 72, "vxvault_virilist": 72, "vz8": 187, "vzgkpzwo2340y78na1ns4azjcpzkufshq": 98, "w": [26, 42, 43, 46, 63, 78, 84, 111, 157, 162, 192], "w3": 98, "w32": 122, "w7x64": 65, "wa": [11, 13, 15, 16, 18, 19, 21, 24, 25, 26, 33, 35, 38, 41, 42, 43, 47, 57, 59, 64, 69, 74, 76, 77, 78, 79, 80, 81, 82, 85, 87, 88, 89, 96, 98, 99, 102, 103, 106, 107, 110, 113, 116, 117, 118, 119, 121, 125, 130, 131, 133, 136, 137, 145, 146, 150, 152, 155, 159, 162, 168, 179, 185, 186, 192], "wa_impact_lik": [60, 127], "wai": [10, 12, 16, 19, 21, 29, 30, 34, 35, 38, 49, 52, 61, 64, 67, 68, 77, 81, 87, 88, 89, 91, 95, 97, 100, 101, 103, 104, 106, 107, 108, 111, 113, 114, 115, 117, 123, 126, 127, 128, 129, 132, 133, 136, 141, 143, 146, 148, 150, 161, 165, 183, 190, 191], "wait": [17, 19, 20, 33, 42, 43, 56, 64, 65, 73, 74, 76, 80, 88, 90, 98, 103, 107, 108, 111, 117, 121, 124, 136, 138, 144, 145, 168, 192], "wait_sec": 168, "wake_ag": 74, "wakeup": 74, "walk": [13, 18, 21, 25, 43, 46, 79, 91, 116, 130, 131, 146], "walk_dict": 150, "walldata": 124, "walli": 137, "walltim": 187, "want": [8, 18, 33, 43, 47, 49, 59, 64, 67, 70, 74, 89, 98, 102, 113, 119, 120, 121, 127, 133, 136, 163, 179, 182, 184, 191], "wappa": 187, "warn": [11, 16, 59, 68, 85, 88, 98, 129, 137, 153, 183], "wascrack": 131, "washington": 118, "watch": [64, 125], "watchcount": 64, "watched_us": [102, 186], "watcher": [46, 64], "watchers_count": 46, "watchlist": 146, "watchlist_upd": 43, "watso": 102, "watson": [156, 186], "watson_translate_not": 147, "wave": 37, "waypoint": 98, "wbem": 108, "wdvpivalqefqwzrcufpyntqouf4pn0ndktd9jevjq0fslvnuqu5eqvjelufovelwsvjvuy1urvnuluzjteuhjegrsco": 117, "we": [4, 9, 13, 14, 18, 21, 25, 33, 34, 38, 41, 42, 47, 49, 53, 59, 79, 82, 83, 86, 91, 96, 98, 102, 116, 117, 119, 120, 121, 127, 130, 131, 133, 137, 142, 146, 149, 152, 156, 157, 162, 179, 184, 186, 192], "we9b": 99, "weak": 43, "weak_ciph": 43, "weak_kerberos_encryption_attempt": 43, "weasyprint": 58, "web": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 57, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 139, 144, 146, 147, 148, 150, 152, 153, 154, 155, 157, 162, 167, 168, 185, 188], "web_directory_scan": 43, "web_issu": 43, "web_pag": [13, 37], "web_service_issu": 43, "webdomain": 117, "webernet": 106, "webesit": 148, "webex": 156, "webex_add_all_memb": 148, "webex_email": 31, "webex_incident_id": 148, "webex_meeting_agenda": [31, 148], "webex_meeting_attende": 148, "webex_meeting_dur": 148, "webex_meeting_end_tim": [31, 148], "webex_meeting_nam": [31, 148], "webex_meeting_password": [31, 148], "webex_meeting_start_tim": [31, 148], "webex_password": 31, "webex_room_id": 148, "webex_room_nam": 148, "webex_sit": 31, "webex_site_url": [31, 148], "webex_task_id": 148, "webex_team_id": 148, "webex_team_nam": 148, "webex_timezon": [31, 148], "webexapi": 148, "webgoat": 152, "webhookb2": 133, "weblink": [42, 148], "weblog": [43, 167], "weblogic_admin_console_handle_rc": 43, "weblogic_xml_deseri": 43, "webmail": 99, "webpag": 58, "webpuls": 159, "webroot": [144, 188], "webroot_ip": 37, "webserv": [171, 173, 174, 176], "webservic": [63, 108, 131], "websit": [7, 8, 11, 13, 15, 16, 18, 19, 20, 21, 24, 25, 32, 34, 35, 36, 39, 41, 42, 43, 46, 49, 51, 58, 59, 64, 65, 66, 67, 72, 74, 78, 79, 80, 81, 82, 85, 86, 87, 89, 90, 91, 92, 97, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 142, 144, 146, 148, 150, 152, 153, 154, 155, 167, 183], "weburl": 133, "wed": 187, "weed": 107, "week": [19, 43, 70, 71, 136], "weekdai": 19, "weekli": [41, 43], "weight": [21, 35, 43, 88, 102, 103, 104], "weightedcomponentlist": 35, "welcom": 156, "welcomeemaildis": 133, "weli8vz1g": 85, "well": [42, 49, 64, 65, 70, 77, 80, 86, 88, 91, 102, 109, 119, 121, 133, 138, 142, 156, 157, 159, 179, 182, 183], "welsh": 147, "were": [15, 16, 20, 21, 24, 33, 36, 43, 47, 49, 57, 77, 80, 85, 99, 102, 103, 110, 116, 117, 133, 155, 183, 185, 186], "weren": 35, "werkzeug": 157, "west": [15, 64], "western": 137, "wet": 82, "wf": 98, "wf_amp_add_artifact_from_act": 24, "wf_amp_add_artifact_from_ev": 24, "wf_amp_add_artifact_from_trajectori": 24, "wf_amp_delete_file_list_fil": 24, "wf_amp_get_act": 24, "wf_amp_get_computer_by_guid": 24, "wf_amp_get_computer_by_nam": 24, "wf_amp_get_computer_refresh": 24, "wf_amp_get_computer_trajectori": 24, "wf_amp_get_computer_trajectory_by_act": 24, "wf_amp_get_ev": 24, "wf_amp_get_event_typ": 24, "wf_amp_get_events_by_typ": 24, "wf_amp_get_file_list": 24, "wf_amp_get_file_list_fil": 24, "wf_amp_get_group": 24, "wf_amp_get_group_name_by_guid": 24, "wf_amp_move_comput": 24, "wf_amp_set_file_list_fil": 24, "wf_aws_guardduty_refresh_find": 15, "wf_aws_iam_add_user_to_group": 16, "wf_aws_iam_attach_user_polici": 16, "wf_aws_iam_change_profile_password": 16, "wf_aws_iam_deactivate_access_kei": 16, "wf_aws_iam_delete_access_kei": 16, "wf_aws_iam_delete_access_key_for_artifact": 16, "wf_aws_iam_delete_login_profil": 16, "wf_aws_iam_delete_us": 16, "wf_aws_iam_delete_user_for_artifact": 16, "wf_aws_iam_detach_all_user_polici": 16, "wf_aws_iam_get_access_kei": 16, "wf_aws_iam_get_access_key_for_artifact": 16, "wf_aws_iam_get_us": 16, "wf_aws_iam_get_user_for_artifact": 16, "wf_aws_iam_list_access_kei": 16, "wf_aws_iam_list_us": 16, "wf_aws_iam_refresh_access_kei": 16, "wf_aws_iam_refresh_us": 16, "wf_aws_iam_remove_user_from_all_group": 16, "wf_extrahop_rx_create_tag": 43, "wf_extrahop_rx_search_detect": 43, "wf_get_workflow_data": 98, "wf_get_workflow_frequ": 98, "wf_list": 98, "wf_name": [15, 16, 117, 155], "wf_stat": 98, "wf_zia_add_artifact_to_allowlist": 155, "wf_zia_add_artifact_to_blocklist": 155, "wf_zia_add_artifact_to_customlist": 155, "wf_zia_add_custom_categori": 155, "wf_zia_add_to_customlist": 155, "wf_zia_add_url_categori": 155, "wf_zia_add_urls_to_allowlist": 155, "wf_zia_add_urls_to_blocklist": 155, "wf_zia_add_urls_to_customlist": 155, "wf_zia_get_allowlist": 155, "wf_zia_get_blocklist": 155, "wf_zia_get_customlist": 155, "wf_zia_get_sandbox_report": 155, "wf_zia_get_url_categori": 155, "wf_zia_remove_artifact_from_allowlist": 155, "wf_zia_remove_artifact_from_blocklist": 155, "wf_zia_remove_artifact_from_customlist": 155, "wf_zia_remove_from_allowlist": 155, "wf_zia_remove_from_blocklist": 155, "wf_zia_remove_from_customlist": 155, "wf_zia_url_lookup": 155, "wgcgl": 43, "wgyf8z8cgvm2qmxpnbnldrcltvk4xqfn": 144, "what": [9, 10, 12, 13, 16, 21, 29, 48, 52, 55, 59, 61, 64, 68, 72, 86, 88, 95, 97, 98, 100, 101, 102, 115, 119, 120, 123, 128, 132, 141, 143, 161, 183], "whatev": [47, 121], "whatever_name_you_w": 47, "whatid": 113, "whatif": 19, "when": [1, 5, 8, 10, 11, 12, 13, 15, 16, 18, 20, 21, 22, 23, 24, 25, 29, 30, 33, 35, 36, 38, 39, 41, 42, 43, 45, 46, 47, 49, 52, 55, 56, 58, 59, 61, 65, 66, 68, 69, 71, 72, 74, 75, 76, 77, 78, 79, 80, 85, 86, 88, 90, 91, 95, 97, 98, 99, 100, 101, 102, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 120, 121, 123, 124, 125, 126, 128, 130, 131, 132, 133, 136, 137, 141, 142, 143, 145, 146, 148, 150, 152, 155, 157, 161, 162, 164, 168, 169, 174, 176, 180, 181, 182, 183, 184, 187, 189, 190, 191, 192], "whenchang": 67, "whencreat": 67, "where": [1, 4, 15, 25, 30, 38, 39, 42, 48, 49, 53, 55, 56, 59, 64, 66, 67, 69, 70, 74, 75, 76, 78, 80, 82, 86, 87, 89, 98, 100, 103, 104, 106, 107, 109, 111, 113, 114, 117, 118, 119, 120, 121, 127, 129, 130, 136, 140, 143, 146, 151, 152, 157, 160, 168, 178, 179, 182, 183, 191, 192], "wherea": [111, 114], "wherewew": 117, "whether": [15, 16, 17, 18, 24, 35, 42, 49, 59, 66, 69, 74, 76, 80, 82, 96, 97, 98, 102, 104, 106, 107, 111, 113, 117, 130, 155, 168, 183], "which": [1, 4, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 30, 31, 32, 35, 36, 38, 39, 41, 42, 43, 46, 47, 48, 49, 50, 51, 53, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 69, 70, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 118, 119, 121, 122, 123, 124, 125, 126, 127, 129, 130, 131, 132, 133, 136, 137, 138, 139, 140, 142, 144, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 161, 167, 168, 170, 172, 178, 179, 180, 181, 182, 183, 184, 185, 186, 190, 191], "while": [33, 43, 49, 72, 79, 80, 103, 111, 133, 148, 155], "whilst": [185, 192], "white": [81, 96, 102, 153], "white_list": 146, "whitehat": [57, 185], "whitelist": [24, 72, 145], "whitelisturl": 155, "whiteningopt": 116, "whl": 182, "who": [8, 16, 22, 33, 55, 56, 57, 59, 72, 113, 119, 127, 133, 137, 148, 157, 185, 190, 191], "whoi": [9, 27, 60, 83, 85, 102, 127, 134, 144, 156, 173, 188], "whois_dat": [144, 188], "whois_https_proxi": 149, "whois_queri": [149, 150], "whole": [35, 42], "whom": 103, "whose": [16, 42, 106, 107, 191], "why": [33, 48, 55, 119, 146], "wicf": 188, "wide": [127, 136], "wider": 127, "widget": 36, "width": [88, 98, 102, 117, 186], "wifi": 43, "wifi_auth_issu": 43, "wifimacaddress": 69, "wiki": [13, 153, 156, 182, 183], "wiki_bodi": 151, "wiki_contents_as_json": 151, "wiki_create_if_miss": 151, "wiki_path": 151, "wiki_search_term": 151, "wikia": 96, "wikimedia": 72, "wikipedia": [114, 153], "wild": [81, 117], "wildcard": [43, 46, 67, 98, 106, 155, 182, 184, 191], "williballenthin": 44, "win": [24, 74, 117, 122], "win10": [35, 72, 117], "win1234": 192, "win221": 146, "win2345": 192, "win2k": 117, "win2k3": 117, "win2k8": 117, "win2k8r2": 117, "win32": [78, 122], "win64": 187, "win7": 117, "win7sp0x64": 85, "win8": 117, "windomain": 35, "window": [10, 12, 18, 20, 24, 29, 33, 35, 43, 45, 52, 55, 61, 67, 68, 69, 74, 78, 80, 88, 95, 101, 103, 104, 108, 115, 117, 122, 123, 128, 130, 132, 141, 143, 145, 146, 157, 161, 173, 187, 192], "windows10": [78, 79, 131], "windows20": 124, "windows_event_account": 108, "windows_event_descript": 108, "windows_event_ipport": 108, "windows_event_workst": 108, "windows_firewal": 117, "windows_firewall_notif": 117, "windows_platform": 146, "windows_processor_id": 24, "windowsdefenderatp": 78, "windowspowershel": [78, 108], "windowsvmo": [78, 79], "windowsvmos2": [78, 109], "winemb7": 117, "winemb8": 117, "winemb81": 117, "winfundament": 117, "wininit": 108, "winlogon": 108, "winnt": 117, "wino": 24, "winrm": 85, "winserv": 117, "winserver2022": 146, "winserver221": 146, "winvista": 117, "winword": 78, "winxp": 117, "winxpemb": 117, "winxpprof64": 117, "wireless": 117, "wish": [35, 38, 64, 67, 87, 89, 97, 133, 137, 138, 149, 184], "withgoogl": 187, "within": [2, 4, 11, 15, 21, 28, 30, 34, 35, 36, 39, 41, 46, 53, 59, 60, 64, 72, 73, 76, 77, 78, 82, 85, 88, 89, 98, 103, 109, 110, 111, 117, 120, 124, 127, 133, 140, 148, 151, 155, 167, 179, 180, 182, 183, 184, 190, 191, 192], "without": [24, 36, 38, 48, 49, 78, 86, 102, 111, 125, 131, 133, 136, 137, 157, 182, 188, 191, 192], "withyoutub": 187, "wiz": 156, "wiz_descript": 152, "wiz_issue_id": 152, "wiz_issue_statu": 152, "wiz_num_result": 152, "wiz_project_id": 152, "wiz_projects_t": 152, "wiz_query_filt": 152, "wiz_resolution_reason": 152, "wiz_resolution_summari": 152, "wiz_soar_not": 152, "wiz_vulnerabilities_t": 152, "wizard": 18, "wjby4zta6umo4afsh5vudf6agvidumz1fdmbzrjul5lu": 98, "wksf": 85, "wl": 187, "wlf": 137, "wm": 187, "wmhp8bpqem5q": 98, "wmi": 43, "wmi_act": 43, "wmi_create_process": 43, "wmi_enumeration_queri": 43, "wmiprvs": 108, "wn": 187, "wocquhzhyq3kv9zdc": 98, "wokflow": 50, "won": 179, "wont_fix": 152, "woqtqvtuy4poqwwn6ijunuomqe8ahjjgqewbun18jsuuu24t9s3xccuurgmpd5v8diqawzuxez5sjixmhyi1hvtvmzkznczxxw64krvoc7": 117, "word": [35, 86, 103, 119, 183], "word2vec": 71, "wordpress": 43, "wordpress_brute_forc": 43, "worflow": 98, "work": [1, 7, 8, 33, 39, 41, 46, 48, 59, 61, 64, 73, 77, 81, 85, 88, 89, 92, 96, 97, 101, 103, 111, 113, 115, 119, 120, 121, 123, 128, 142, 143, 148, 169, 191, 192], "work_not": [119, 120], "workerfetchstart": 187, "workerreadi": 187, "workerrespondwithsettl": 187, "workerstart": 187, "workflow": [2, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 20, 22, 24, 25, 28, 29, 31, 32, 33, 34, 36, 37, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 53, 54, 55, 57, 58, 59, 60, 61, 62, 63, 66, 67, 69, 70, 71, 73, 74, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 88, 89, 90, 91, 92, 93, 94, 96, 97, 99, 100, 101, 102, 104, 105, 110, 114, 116, 117, 118, 122, 123, 124, 125, 129, 130, 131, 132, 133, 135, 136, 138, 139, 140, 142, 143, 144, 145, 147, 148, 149, 150, 151, 153, 154, 155, 158, 159, 160, 168, 182, 183, 186, 188, 189, 190], "workflow_cont": 98, "workflow_data": 98, "workflow_guardium_insights_block_us": 55, "workflow_guardium_insights_classification_report": 55, "workflow_id": 98, "workflow_instance_id": 98, "workflow_nam": 98, "workflow_statu": 146, "workflow_typ": 98, "workflow_usag": 98, "workflowsstatu": 124, "workgroup": 117, "workload": 116, "worklog": [64, 115], "worknot": 120, "worknotessplit": 120, "workratio": 64, "workspac": [60, 80, 125, 127, 180, 181, 183, 184, 190], "workspace_nam": 80, "workspaceid": 80, "workstat": [24, 43, 74, 108], "world": [11, 21, 74, 93, 115, 133, 139], "worstinfectionidx": 117, "worth": 79, "would": [4, 19, 21, 33, 35, 38, 41, 66, 77, 80, 86, 88, 91, 106, 107, 108, 111, 113, 114, 119, 120, 121, 130, 133, 137, 146, 148, 152, 170, 179, 191], "wqcmaawhqydvr0obby": 85, "wrap": [41, 85, 112, 143], "wrapper": [29, 53, 167], "wri4x0k7x0lleowhquw2957i4tq2": 98, "writabl": 153, "write": [13, 18, 21, 24, 31, 35, 41, 43, 60, 69, 91, 94, 104, 107, 109, 110, 111, 113, 114, 116, 127, 130, 131, 133, 144, 146, 166, 168, 178, 179, 180, 182, 183, 191], "write_file_attach": 142, "write_to_artifact": 41, "writeabl": 153, "writefiltersstatu": 117, "written": [11, 18, 25, 35, 36, 41, 42, 91, 93, 107, 130, 131, 146, 163, 178, 179], "wrong": 43, "wrote": [18, 64], "wsm": 137, "wsman_act": 43, "wssstatu": 117, "wsymqyv90": 24, "www": [1, 7, 13, 24, 25, 27, 39, 49, 50, 51, 56, 57, 63, 65, 69, 72, 85, 88, 91, 95, 96, 98, 102, 106, 111, 123, 134, 144, 147, 149, 150, 153, 162, 169, 183, 185, 188], "x": [1, 10, 11, 12, 13, 16, 21, 22, 29, 30, 32, 33, 34, 35, 36, 45, 52, 55, 59, 61, 68, 72, 74, 76, 85, 88, 89, 91, 95, 98, 100, 101, 102, 106, 108, 111, 112, 115, 116, 117, 118, 121, 123, 124, 128, 132, 133, 137, 141, 142, 143, 145, 157, 161, 168, 171, 172, 173, 174, 175, 176, 180, 182, 186, 187, 192], "x03": 104, "x11": 94, "x1b": 84, "x1b5cfyivdyumz0uhj5bhpw5p5bijdcxiy644tft": 98, "x25519": 187, "x509": [85, 88, 91, 157, 173], "x53vezc3rqdhherrlzb123456mwhub": 19, "x64": [78, 108, 117, 146, 187], "x86": [78, 108], "x86_64": [15, 54, 74, 85, 94, 116], "x_": 137, "x_ibm_security_relev": [102, 186], "x_ibm_security_tox": [102, 186], "x_ibmrt_resili": [119, 121], "x_ibmrt_resilient_ibm_resilient_reference_id": 120, "x_ibmrt_resilient_ibm_resilient_reference_link": 120, "x_ibmrt_resilient_ibm_resilient_typ": 120, "x_ibmrt_resilient_ibm_soar_reference_id": 120, "x_ibmrt_resilient_ibm_soar_reference_link": 120, "x_ibmrt_resilient_ibm_soar_typ": 120, "x_mitre_detect": [82, 186], "xcitium": [144, 188], "xcv": 10, "xdr": [107, 108, 146], "xe4chtig": 159, "xeon": 108, "xfa": 91, "xfe": [102, 186], "xforc": [34, 103, 156, 190, 192], "xforce_apikei": 153, "xforce_baseurl": 153, "xforce_collection_id": 153, "xforce_collection_typ": 153, "xforce_password": 153, "xforce_queri": 153, "xfta": 153, "xgno7g": 111, "xhbqaaaafzukdcak7ohokaaamauexurundq2qot": 187, "xjx": 98, "xlarg": 15, "xlmwfayfpv": 98, "xma": 43, "xml": [20, 24, 60, 89, 98, 127, 167], "xml_respons": 89, "xml_stylesheet_dir": 91, "xml_transform": 91, "xmln": 98, "xmlschema": 98, "xmltodict": 89, "xmltransform": 91, "xmode": 73, "xoxb": 125, "xp": [18, 43], "xpath": 89, "xpnprojectstatu": 49, "xref": 91, "xs2vr": 126, "xsd": 98, "xsi": 98, "xsl": 91, "xslt": 91, "xslx": 41, "xsmall": 64, "xss": [13, 43], "xss_attack": 43, "xtrnnqe": 111, "xvc8xxvlogrlr83vn7hrd1lyhogkkmhaqaiz7mwajhc34": 98, "xvcxoku62cfnqudzi": 98, "xvf": 186, "xwr": 38, "xx": [24, 133, 167, 182], "xxk": 137, "xxx": [13, 18, 21, 24, 25, 37, 42, 46, 50, 67, 79, 88, 91, 94, 106, 108, 110, 113, 116, 130, 131, 137, 142, 146, 152, 183, 189, 192], "xxx3aef168e8aeadfb606bf2637cxxx": 137, "xxxx": [22, 23, 26, 54, 69, 80, 99, 106, 119, 146], "xxxxx": [23, 26, 96], "xxxxxx": [26, 107, 116], "xxxxxxx": [26, 162], "xxxxxxxx": 80, "xxxxxxxxx": [107, 125], "xxxxxxxxxxx": [125, 141, 148], "xxxxxxxxxxxx": [80, 103, 125], "xxxxxxxxxxxxx": 125, "xxxxxxxxxxxxxxxxxx": 123, "xxxxyyyi": 146, "xymzsqflu": 98, "xytozv8txb9j0rsenxxpknkzir3j8l1lnhok8uoa5nk96rmgtuwyxoxrhnugk6yyp1elj1oswpv6jhj4hmshpvlwfa3bavdb0rokvdvceyzx4jai5pbu6pmdgrd9dltu6v3xbkravk0j9okcoejkf2yfan0d4akyi3q": 98, "xyz": 155, "y": [4, 9, 10, 11, 12, 16, 29, 36, 41, 43, 45, 52, 55, 56, 61, 64, 68, 90, 95, 96, 98, 100, 101, 104, 106, 112, 114, 115, 121, 123, 128, 132, 137, 141, 143, 144, 145, 152, 192], "y20a9hexgkyhns4hw5kgva": 111, "y2lzy29zcgfyazovl3vybjpurufnonvzlxdlc3qtml9yl1jpt00vzmu4zjfmntatmwewmy0xmwvklwjizdktmzcwmdcyntiymgjl": 148, "y2lzy29zcgfyazovl3vybjpurufnonvzlxdlc3qtml9yl1rfqu0vzmu4zjfmntatmwewmy0xmwvklwjizdktmzcwmdcyntiymgjl": 148, "y2lzy29zcgfyazovl3vzl1bft1bmrs85odm0yjblyi1mzmy1ltrjy2ytytcwoc04nzk1ymfjyjq3nzu": 148, "ya": 153, "yallahomsa": 99, "yaml": 11, "yandex": [144, 188], "yara": 65, "ybufnwte4yi12eyprtdmfhvj": 19, "ydca551c7dxxxd54b971xxxxxxxxx": 148, "ydca551c7dxxxx930aexxxx509cda551c7ddxxxx930ae68d54b971xxxxxxxxx": 148, "ydl83ap8pkx3gyw2llumhsgtbeccauxafdcuu9mw6axlw60tqh9is6op36lhorkezrev": 98, "ydtc98ujfqxxwpiaa": 117, "ye": [7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 33, 35, 36, 37, 38, 39, 41, 42, 43, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 138, 139, 141, 142, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 161, 163, 167, 168, 186, 187, 188, 190, 192], "year": [36, 96, 104, 130], "yearstart": 113, "yellow": [120, 145, 192], "yem": 137, "yemen": 137, "yesterdai": 113, "yet": [155, 186], "yeti": [127, 156], "yeti_artifact_typ": 154, "yeti_artifact_valu": 154, "yeti_instance_usernam": 154, "yeti_observables_queri": 154, "yeti_threat_servic": 177, "yfcxg4ggrkazxu": 111, "yfrujyo": 108, "yfwpc": 98, "yield": [85, 192], "yiwo": 78, "yml": 11, "york": [50, 118], "you": [1, 3, 4, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 45, 46, 47, 48, 49, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 138, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 161, 163, 166, 167, 168, 178, 180, 181, 182, 183, 184, 188, 189, 190, 191, 192], "your": [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 45, 46, 47, 48, 49, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 76, 77, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 159, 161, 162, 163, 164, 166, 167, 168, 169, 172, 173, 174, 175, 176, 178, 179, 180, 181, 182, 183, 184, 188, 189, 190, 191], "your_api_kei": [29, 153], "your_api_password": 153, "your_ca": 88, "your_ca_priv": 88, "your_compani": 4, "your_custom_app": 4, "your_custom_field": 130, "your_epo_password": 74, "your_epo_serv": 74, "your_epo_usernam": 74, "your_google_project_id": 47, "your_proxi": 142, "your_resilient_serv": 70, "your_smime_us": 88, "yourcompani": 99, "yourdb": 183, "yourorg": [180, 184], "ypp5dh7zztwl4cunxjqmkeuy4": 117, "yq": 19, "yqojqr1mxgmesti0hualy79dgw1qbn2wwshnem3kdmfq8zbmqrymedr": 98, "yum": [4, 11, 86, 91, 192], "yuo_vc": 159, "ywucamgwvkci6dib7wvobcdy8gapy6mero5posdiuut8trzmbdpttttlxbasgu4zqf": 98, "yy": 133, "yyqffmcbqjaptkuhd8xr": 98, "yyyi": [33, 36, 70, 81, 104, 114], "z": [13, 18, 25, 36, 37, 42, 46, 57, 79, 91, 116, 130, 131, 146], "z1d": 21, "z1d_activity_typ": 21, "z1d_activitydate_tab": 21, "z1d_associationdescript": 21, "z1d_char02": 21, "z1d_ci_formnam": 21, "z1d_cog_autosuppgrppredrul": 21, "z1d_cog_suppgrpworkinfotag": 21, "z1d_command": 21, "z1d_communicationsourc": 21, "z1d_confirmgroup": 21, "z1d_createdfrombackendsynchwi": 21, "z1d_detail": 21, "z1d_formnam": 21, "z1d_interfaceact": 21, "z1d_secure_log": 21, "z1d_sr_instanceid": 21, "z1d_summari": 21, "z1d_view_access": 21, "z1d_workinfosubmitt": 21, "z1d_worklogdetail": 21, "z2af_act_attachment_1": 21, "z4e": 19, "za": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146], "zabbix": 90, "zaf": 137, "zak": 32, "zambia": 137, "zatoxp": 122, "zbot": 146, "zdn": 188, "zealand": 137, "zealous_chaplygin": 38, "zendesk": 185, "zero": [43, 79, 98, 106, 107, 113, 116, 130, 131, 146], "zerocert": [144, 188], "zerologon": 43, "zfqg91qkwvnnjciyhleojzjgqljl": 98, "zgy8hwh7brvr2oatez1wviwsdnmzpd27c": 187, "zh": [147, 159], "zh_tw": 159, "zheng": 153, "zia_activ": 155, "zia_add_artifact_to_allowlist": 155, "zia_allowlist": 155, "zia_allowlisturl": 155, "zia_api_base_url": 155, "zia_api_kei": 155, "zia_blocklist": 155, "zia_blocklisturl": 155, "zia_category_id": 155, "zia_cloud_nam": 155, "zia_configured_nam": 155, "zia_configured_name_input": 155, "zia_custom_categori": 155, "zia_custom_onli": 155, "zia_customlist": 155, "zia_full_report": 155, "zia_keyword": 155, "zia_keyword_filt": 155, "zia_md5": 155, "zia_name_filt": 155, "zia_password": 155, "zia_report_typ": 155, "zia_sandbox_report_summari": 155, "zia_super_categori": 155, "zia_url": 155, "zia_url_categori": 155, "zia_url_filt": 155, "zia_usernam": 155, "zijrpphpjv": 98, "zimbabw": 137, "zimbra": 43, "zip": [4, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 34, 35, 36, 39, 41, 42, 43, 45, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 126, 128, 129, 130, 131, 132, 133, 134, 136, 137, 138, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 152, 153, 154, 155, 157, 159, 161, 167, 168, 169, 171, 172, 174, 175, 176, 178, 180, 181, 182, 184, 192], "zip_cod": 96, "zipbal": [44, 46], "zipball_url": 46, "zipfil": 127, "zipfile_password": 127, "zmb": 137, "zmfvuo9zlvnjbsgna9o5dcsebwjt9": 98, "zoho": 43, "zone": [8, 19, 21, 43, 64, 103, 150], "zoom": [43, 156], "zoom_account_id": 32, "zoom_adapt": 18, "zoom_agenda": 32, "zoom_api_timezon": 32, "zoom_api_url": 32, "zoom_client_id": 32, "zoom_client_secret": 32, "zoom_marketplace_account_email": 32, "zoom_password": 32, "zoom_record_meet": 32, "zoom_top": 32, "zpa": 98, "zqiut1xe9g4": 98, "zraef3fw0gvw4a": 85, "zsapi": 155, "zscaler": 156, "zscalerbeta": 155, "zstb6ilbvcdqcnajvjfql": 85, "ztmpeventguid": 21, "zvelo": [144, 188], "zwe": 137, "zwm0xjs6acvtdocqrqgo2i": 98, "zxhhbxbszqo": 86, "zz": 133, "zznuzkxu4usabj4": 98, "\u00e5land": 137}, "titles": ["Setup", "Repository Mirror Scripts", "History", "Utility scripts for automatic app refreshment", "App Host Conversion Files", "Base Input Fields for Function Development", "IBM SOAR Python Documentation", "AbuseIPDB", "IBM SOAR integration for AlgoSec", "AlienVault OTX", "Anomali Staxx", "Ansible for SOAR", "Ansible Tower", "APIVoid Threat Analysis APIs", "About Apility.IO", "fn_aws_guardduty", "AWS IAM", "AWS Utilities", "Axonius", "Azure Automation Utilities", "BigFix", "BMC Helix", "Calendar Invite", "CarbonBlack Protection", "Cisco Secure Endpoint", "Cisco ASA", "Cisco Umbrella Enforcement", "Cisco Umbrella Investigate", "ClamAV", "Cloud Foundry", "App Host Components", "Cisco WebEx", "Zoom", "CrowdStrike Falcon", "CVE Search", "Darktrace <!-- omit in toc -->", "Datatable Utilities", "Digital Shadows Search", "Docker", "ElasticSearch", "Email Header Validation", "Microsoft Exchange", "Microsoft Exchange Online", "ExtraHop", "Floss", "Google Geocoding", "GitHub", "Google Cloud DLP", "Google Cloud Functions", "Google Cloud Security Command Center", "Google Maps", "Google Safe Browsing", "GreyNoise", "gRPC Interface", "GRR", "Guardium Insights Integration", "Guardium Integration Application for IBM Resilient.", "Have I Been Pwned", "HTML to PDF", "Symantec ICDx", "Incident Utilities", "IOC Parser", "IPInfo", "IsItPhishing", "Jira", "Joe Sandbox Analysis", "Kafka", "IBM SOAR LDAP Utilities", "Log Capture", "MaaS360", "Machine Learning", "NLP Search", "Mandiant Threat Intelligence", "McAfee ATD", "McAfee ePO", "McAfee ESM", "McAfee OpenDXL", "McAfee TIE", "Microsoft Defender", "Microsoft Security Graph Integration for SOAR", "Microsoft Sentinel", "MISP", "MITRE ATT&amp;CK", "About MxToolBox", "netMiko", "Network Utilities", "Image OCR", "ODBC Query", "Outbound Email", "Palo Alto Panorama", "PagerDuty", "Parse Utilities", "PassiveTotal", "PasteBin Creator", "Phish.AI", "PhishTank Lookup", "Pipl", "Playbook Maker", "Playbook Utils", "Proofpoint TAP", "Proofpoint TRAP", "Pulsedive", "QRadar Advisor Functions", "QRadar Enhanced Data Migration", "QRadar Integration", "TOR", "Randori", "Rapid7 InsightIDR", "QRadar EDR", "Parent/Child Relationships", "Remedy", "REST API Functions for SOAR", "RSA NetWitness", "Salesforce", "Scheduler", "Secureworks CTP", "SentinelOne", "Symantec Endpoint Protection", "ServiceNow", "SOAR Customization Guide", "ServiceNow Customization Guide", "ServiceNow Installation Guide", "Shadowserver", "Shodan", "Siemplify", "Slack", "Snapshot URL", "SOAR Utilities", "Spamhaus Lookup", "Splunk", "Sumo Logic Cloud SIEM", "Symantec DLP", "Task Utilities", "Microsoft Teams", "ThreatMiner", "Thug", "Timer Function", "Trusteer Pinpoint Detect", "Twilio SMS", "Twitter Search API", "URL to DNS", "URLhaus", "URLScan.io", "Utilities (Deprecated)", "VirusTotal", "VMRay Sandbox Analyzer", "VMware Carbon Black Cloud", "Watson Translate", "Cisco Webex", "Whois", "fn_whois_rdap", "SOAR Wiki", "Wiz", "IBM XForce Collections", "Yeti", "Zscaler Internet Access Functions for IBM SOAR", "IBM Security QRadar SOAR Apps", "OAuth Utilities", "Older integration applications", "Bluecoat Site Review", "LDAP Search", "SOAR to ICD", "Risk Fabric", "Query CSV Files From Resilient", "Query-Runner Component", "Shell-Runner", "&lt;no title&gt;", "ISC SANS", "CriminalIP Threat Enrichment for IP Address and URL Artifacts", "AbuseIPDB Threat Service", "Google Safe Browsing Threat Searcher", "Have I Been Pwned Threat Searcher", "McAfee TIE Threat Searcher", "MISP Threat Searcher", "RiskIQ PassiveTotal", "ShadowServer Threat Service", "URLScan IO Threat Searcher", "YETI Threat Service", "Data Feed FileFeed Plugin", "Data Feed Extension", "Data Feed Elasticsearch Plugin", "Data Feed KafkaFeed Plugin", "Data Feeder for ODBC Databases", "Data Feeder for SOAR", "Data Feed plugin for Splunk", "SOAR Content Package for Have I Been Pwned", "QRadar SOAR Content Package for QRadar Advisor and MITRE ATT&amp;CK<sup>TM</sup>", "SOAR Content Package for URLScan.io", "SOAR Content Package for VirusTotal v1.1", "Convert JSON to Rich Text Script", "IBM SOAR Email Approval Process Content Pack", "IBM SOAR example email message parsing script", "Technical Workshop Guide: <em>resilient-circuits</em>"], "titleterms": {"": [67, 82, 190], "0": [10, 11, 15, 25, 29, 36, 42, 45, 52, 63, 64, 66, 67, 68, 69, 74, 75, 76, 78, 80, 81, 87, 88, 89, 90, 91, 95, 100, 101, 103, 104, 108, 111, 114, 115, 117, 118, 123, 125, 128, 129, 133, 134, 137, 140, 144, 145, 153, 157, 161, 180, 182, 183, 184, 191], "1": [10, 11, 15, 25, 29, 36, 38, 42, 43, 52, 56, 63, 64, 66, 67, 69, 74, 75, 76, 78, 80, 87, 88, 89, 90, 91, 95, 99, 100, 101, 103, 108, 111, 114, 117, 118, 120, 121, 125, 128, 129, 131, 133, 134, 140, 144, 145, 146, 153, 173, 180, 182, 184, 188, 192], "10": [103, 192], "11": 192, "12": 192, "13": 192, "14": 192, "15": 192, "16": 192, "17": 192, "18": 192, "19": 192, "2": [11, 25, 36, 38, 42, 45, 52, 56, 66, 67, 69, 74, 75, 76, 78, 81, 88, 89, 100, 103, 104, 108, 111, 114, 117, 118, 120, 121, 125, 133, 146, 157, 184, 192], "20": 192, "21": 192, "22": 192, "23": 192, "24": 192, "25": 192, "26": 192, "27": 192, "28": 192, "29": 192, "3": [13, 18, 25, 42, 46, 56, 64, 81, 89, 91, 100, 103, 104, 108, 111, 116, 118, 120, 121, 130, 146, 168, 191, 192], "30": 192, "365": 157, "4": [42, 89, 103, 118, 121, 129, 192], "4a": 56, "4b": 56, "5": [56, 103, 118, 121, 146, 182, 192], "6": [121, 192], "7": [121, 192], "8": [121, 192], "9": [118, 121, 192], "A": 119, "But": 108, "By": [18, 56, 130, 146], "For": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 167, 168], "If": 109, "No": 67, "On": 33, "The": [16, 127, 135, 137, 191], "To": [16, 38, 40, 135, 155], "With": [7, 41, 43, 49, 51, 86, 92, 117, 122, 125, 131, 133], "abil": 14, "abort": 116, "about": [1, 2, 9, 14, 30, 34, 38, 56, 83], "abuseipdb": [7, 169], "access": [15, 16, 56, 67, 130, 155, 179], "access_token": 111, "account": [19, 113, 192], "acknowledg": 35, "act": 127, "action": [10, 12, 15, 16, 20, 29, 33, 52, 61, 68, 69, 95, 100, 101, 115, 123, 128, 132, 141, 143, 146, 161, 162], "activ": [19, 21, 24, 25, 56, 97, 127], "activitymap": 43, "actor": 15, "ad": [30, 78, 98, 145], "add": [16, 25, 35, 36, 43, 56, 67, 74, 80, 104, 107, 113, 117, 119, 121, 124, 129, 130, 135, 155, 192], "addit": [30, 182, 184], "addnot": 120, "address": [89, 168, 191], "adit": 135, "adject": 190, "advanc": 4, "advisor": [102, 186], "affect": 15, "after": 30, "agent": [19, 25, 74, 116], "ai": 94, "alert": [78, 79, 80, 107, 108, 137, 146], "alert_filt": 78, "algosec": 8, "alien": 9, "alienvault": 9, "all": [1, 36, 56, 74, 82, 104, 156], "allowlist": [155, 191], "along": 108, "alto": 89, "amass": 38, "amongst": 192, "amp": 24, "an": [33, 34, 37, 38, 47, 74, 107, 113, 121, 127, 130], "analysi": [13, 65, 102, 186], "analyt": 130, "analyz": 145, "anomali": 10, "anoth": 192, "ansibl": [11, 12], "api": [8, 13, 15, 16, 18, 19, 20, 21, 24, 25, 30, 33, 35, 36, 37, 38, 41, 42, 43, 49, 55, 59, 64, 67, 69, 74, 77, 78, 80, 82, 87, 88, 89, 96, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 114, 116, 117, 119, 120, 121, 124, 125, 129, 130, 133, 137, 139, 146, 152, 155, 157, 167, 168], "apikey_permiss": 4, "apil": 14, "apivoid": 13, "app": [1, 3, 4, 7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38, 39, 41, 43, 45, 46, 47, 48, 49, 50, 51, 53, 54, 55, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 84, 85, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 119, 121, 122, 123, 124, 125, 126, 128, 129, 130, 131, 133, 136, 137, 138, 139, 140, 141, 142, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 167, 168, 180, 182, 183, 184, 192], "appendix": [60, 78, 127, 131], "apphost": 16, "applianc": 179, "applic": [56, 120, 133, 158], "approv": 190, "ar": [64, 67, 87, 89, 103, 104, 126, 129, 192], "architectur": 120, "archiv": [15, 59, 125, 133], "argument": 157, "artifact": [15, 16, 20, 25, 35, 38, 41, 42, 43, 69, 72, 77, 78, 96, 99, 102, 103, 108, 109, 114, 119, 124, 127, 130, 137, 168, 173, 190], "asa": 25, "asset": [20, 49, 74, 103], "assign": [43, 74, 109, 117, 121], "associ": 35, "atd": 73, "att": [82, 186], "attach": [16, 38, 42, 48, 88, 107, 108, 111, 113, 119, 124, 125, 127], "attribut": [81, 131], "authent": [47, 88, 111, 148, 157], "author": 88, "auto": 109, "autom": 19, "automat": [3, 103, 121, 188], "aw": [15, 16, 17], "axoniu": 18, "azur": [19, 78, 133], "b": 145, "backoff": 111, "base": [5, 91], "base64": [48, 117, 127], "basic": [69, 88], "been": [23, 27, 57, 171, 185], "behavior": 183, "between": 113, "bidirect": [64, 183], "bigfix": 20, "binari": 131, "black": 146, "block": [55, 56], "blocklist": [124, 155], "bluecoat": 159, "bmc": 21, "bodi": 111, "both": 133, "br": 145, "branch": 46, "breach": [35, 55, 57, 185], "broker": 66, "brows": [34, 51, 170], "bucket": 15, "bug": 108, "build": [4, 70, 71], "bundl": 111, "byte": 86, "c": 33, "calendar": 22, "call": [167, 168], "campaign": [99, 191], "can": [108, 127, 135, 146, 179], "cancel": 117, "captur": 68, "carbon": 146, "carbonblack": 23, "case": [35, 43, 49, 56, 64, 102, 106, 107, 113, 124, 130, 131, 137, 146, 152], "casenam": 120, "categori": [103, 155], "cbc": 146, "cbprotect": 23, "center": 49, "cento": 91, "cert": 85, "certif": [16, 88, 91, 111], "chang": [4, 8, 11, 15, 25, 34, 36, 43, 64, 66, 67, 74, 78, 87, 88, 89, 90, 91, 99, 103, 104, 117, 118, 125, 129, 133, 144, 153, 180, 182, 183, 184, 191], "changelog": 142, "channel": [125, 133], "check": 192, "child": 109, "circuit": [10, 12, 16, 29, 52, 61, 68, 95, 100, 101, 115, 123, 128, 132, 141, 143, 161, 192], "cisco": [24, 25, 26, 27, 31, 148], "ck": [82, 186], "clamav": 28, "class": [178, 180, 181, 182, 183, 184], "classif": [55, 137], "clear": [35, 36, 106], "client": [25, 56, 74, 111, 113, 133, 157], "client_auth_cert": 111, "client_auth_kei": 111, "client_auth_pem": 111, "close": [21, 60, 66, 108, 109, 110, 115, 119, 124, 127, 131], "cloud": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 48, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167], "cmdb": 192, "code": [111, 192], "collect": [78, 153], "column": [8, 15, 16, 18, 19, 20, 21, 24, 25, 33, 35, 36, 37, 38, 41, 42, 43, 49, 55, 59, 64, 67, 69, 74, 77, 78, 80, 82, 87, 88, 96, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 114, 116, 117, 119, 124, 125, 129, 130, 137, 146, 152, 155], "command": [49, 85, 117, 192], "comment": [64, 80, 106, 107, 113, 124, 130], "commit": [46, 89], "common": 88, "compat": [180, 184], "compil": 111, "compliant": 117, "compon": [30, 45, 127, 159, 164, 178, 180, 181, 182, 184], "comput": [24, 117], "config": [33, 37, 38, 48, 50, 54, 57, 62, 64, 67, 78, 85, 87, 89, 103, 104, 119, 129, 135, 138, 139, 142, 149, 184, 192], "configur": [1, 7, 8, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 30, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 113, 114, 116, 117, 121, 122, 124, 125, 126, 129, 130, 131, 133, 135, 136, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 162, 183, 184, 190, 191, 192], "connect": [8, 38, 88, 113, 116, 137, 179, 182], "consent": 157, "consider": [11, 35, 64, 78, 106, 107, 108, 111, 113, 114, 125, 130, 146, 152, 180, 182, 183, 184], "contact": [113, 127], "contain": [4, 16, 30, 38], "content": [1, 7, 8, 9, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 140, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157, 185, 186, 187, 188, 190], "context": 102, "continu": 108, "convers": [4, 88, 125], "convert": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 167, 168, 189, 192], "copi": [109, 120], "correct": [120, 121], "count": 18, "creat": [19, 21, 25, 31, 32, 36, 41, 42, 43, 46, 60, 64, 67, 69, 74, 78, 81, 87, 89, 90, 93, 96, 99, 102, 103, 104, 108, 110, 113, 114, 119, 120, 121, 127, 129, 133, 137, 148, 151, 157, 162, 179, 192], "creation": 78, "creator": 93, "credenti": [16, 19, 113, 157, 192], "criminalip": 168, "criteria": 146, "critic": 117, "crowdstrik": 33, "csv": [36, 163], "ctp": 115, "custom": [8, 12, 15, 16, 18, 19, 20, 21, 24, 25, 35, 41, 42, 43, 44, 49, 55, 56, 64, 67, 69, 70, 71, 73, 74, 75, 77, 78, 79, 80, 81, 82, 87, 88, 96, 98, 99, 100, 102, 103, 104, 106, 107, 108, 109, 110, 113, 114, 115, 116, 117, 118, 119, 120, 121, 124, 129, 130, 131, 137, 146, 152, 155, 191, 192], "customize_and_reload": 3, "cve": 34, "darktrac": 35, "data": [8, 15, 16, 18, 19, 20, 21, 24, 25, 33, 34, 35, 36, 38, 41, 42, 43, 49, 55, 56, 59, 60, 64, 67, 69, 74, 77, 78, 80, 82, 87, 88, 96, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 114, 116, 117, 119, 124, 125, 127, 129, 130, 137, 146, 152, 155, 178, 179, 180, 181, 182, 183, 184], "databas": [87, 179, 182, 183], "datat": [36, 37, 38, 69, 98, 109, 114, 137], "datetim": 182, "db": [56, 179, 183], "de": 47, "deactiv": 16, "deal": 191, "debian": 86, "debug": 192, "decis": 127, "defend": 78, "defin": 120, "deisol": 108, "delai": 111, "deleg": 133, "delet": [16, 19, 24, 36, 41, 42, 46, 69, 74, 78, 104, 117, 129, 133, 148], "depend": [44, 48, 70, 71, 185, 186, 187, 188], "deploy": 30, "deprec": 143, "descript": [70, 71, 167, 168, 185, 186, 187, 188], "destin": [30, 103, 112, 163, 179, 192], "detach": 16, "detail": [8, 15, 25, 35, 56, 79, 99, 116, 117, 131, 135, 146], "detect": [24, 43, 106, 137], "determin": 107, "develop": [5, 7, 18, 24, 25, 32, 35, 40, 41, 43, 46, 49, 51, 66, 72, 86, 92, 99, 102, 106, 107, 108, 113, 117, 122, 124, 125, 127, 130, 131, 133, 135, 137, 144, 146, 152, 155, 156, 192], "devic": [16, 18, 33, 35, 43, 69, 146], "diagram": 120, "dialect": 182, "dialog": 130, "digit": 37, "directli": 179, "directori": 46, "disconnect": 116, "discoveri": 106, "disk": 116, "displai": [9, 33, 34, 37, 38, 98], "distanc": 85, "distribut": [40, 69, 135], "dlp": [47, 131], "dn": 140, "do": 103, "docker": [38, 192], "dockerfil": 4, "document": [6, 63, 118, 184], "doe": 179, "domain": [85, 117, 191], "download": [70, 121], "driver": 87, "dxl": 76, "dynam": 127, "each": [127, 146], "edit": 89, "edr": 108, "elasticfe": 180, "elasticsearch": [39, 180], "email": [40, 41, 88, 91, 137, 190, 191], "enabl": [133, 137], "encod": 182, "encrypt": 88, "endpoint": [7, 24, 39, 41, 43, 49, 51, 72, 86, 92, 99, 102, 108, 111, 117, 122, 125, 131, 133, 157], "enforc": [18, 26], "enhanc": [88, 103, 108], "enrich": 168, "ensur": 192, "enter": 121, "entiti": [80, 124, 130], "entitl": 56, "entri": 124, "entrypoint": 4, "environ": [7, 8, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 25, 27, 28, 30, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 64, 65, 66, 67, 72, 74, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 157, 160, 167, 169, 177], "eoc": 117, "epo": 74, "escal": [15, 43], "esm": 75, "etc": 127, "event": [24, 35, 59, 81, 103, 104, 108, 117, 129], "evid": 107, "exampl": [1, 2, 27, 36, 56, 67, 69, 85, 99, 103, 111, 130, 138, 145, 160, 162, 185, 186, 187, 189, 191], "except": 117, "exchang": [41, 42], "exclus": 146, "execut": [17, 19, 74, 78, 113], "exist": 120, "expand": 85, "export": [98, 167, 168], "extend": 191, "extens": [179, 191], "extern": [77, 127], "extract": [85, 127], "extrahop": 43, "fabric": 162, "falcon": 33, "faq": 179, "featur": [7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 39, 41, 42, 43, 46, 47, 49, 51, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 116, 117, 118, 122, 124, 125, 126, 129, 130, 131, 132, 133, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 168, 183, 189, 190], "feed": [137, 178, 179, 180, 181, 184], "feeder": [182, 183], "fetch": 88, "field": [5, 15, 18, 19, 21, 35, 43, 49, 55, 56, 64, 67, 78, 79, 80, 81, 82, 88, 97, 99, 102, 103, 104, 106, 107, 108, 109, 113, 116, 119, 124, 130, 131, 137, 146, 152, 182], "file": [0, 4, 24, 30, 46, 77, 78, 91, 108, 111, 117, 135, 163, 184, 192], "filefe": 178, "filter": [49, 78, 80, 106, 107, 113, 130, 146], "find": [15, 41, 49, 59, 74, 78, 104], "fingerprint": 117, "firewal": [25, 117], "first": 103, "fix": 108, "floss": 44, "flow": [103, 113], "fn": [66, 97, 130, 146, 192], "fn_aws_guardduti": 15, "fn_cisco_umbrella_inv": 27, "fn_kafka": 66, "fn_netdevice_config": 84, "fn_netdevice_queri": 84, "fn_odbc_queri": 87, "fn_qradar_enhanced_data": 103, "fn_reaqta": 108, "fn_service_now": 121, "fn_slack": 125, "fn_util": 127, "fn_whois_rdap": 150, "folder": [41, 42], "follow": 16, "forc": 153, "forens": 99, "form": [25, 111], "format": [111, 145, 189], "foundri": 29, "from": [16, 24, 25, 42, 43, 56, 67, 74, 78, 85, 86, 96, 106, 107, 113, 116, 127, 130, 137, 145, 146, 155, 163], "full": 126, "function": [5, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 46, 47, 48, 49, 50, 51, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 134, 135, 136, 137, 138, 139, 140, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 167, 168, 185, 187, 188, 192], "functions_2": 16, "futur": 108, "gcp": 48, "gener": [56, 107, 130], "geocod": 45, "get": [17, 18, 19, 24, 25, 33, 35, 36, 41, 42, 43, 46, 49, 57, 59, 69, 74, 78, 79, 80, 82, 89, 94, 98, 99, 103, 104, 106, 107, 108, 113, 116, 117, 124, 127, 130, 131, 137, 138, 146, 151, 153, 155, 162, 185], "getresilientreferenceid": 120, "getresilientreferencelink": 120, "getresilienttyp": 120, "github": 46, "give": 121, "given": 82, "gliderecord": 120, "global": 97, "gmail": 157, "googl": [45, 47, 48, 49, 50, 51, 157, 170], "graph": 79, "greater": 108, "greynois": 52, "group": [16, 24, 25, 35, 67, 74, 82, 89, 117, 121, 133], "grpc": 53, "grr": [54, 192], "guardduti": 15, "guardium": [55, 56], "guid": [119, 120, 121, 192], "gz": 135, "hash": [77, 116, 127], "have": [23, 27, 57, 103, 171, 185], "header": 40, "helix": 21, "helper": [43, 119], "hint": 111, "histor": 179, "histori": [1, 2, 30, 42, 45, 57, 61, 108, 112, 143, 149, 151, 168, 169, 180, 181, 183, 189, 190, 191], "hit": [167, 185, 187, 188], "hive_label": 108, "host": [1, 4, 10, 11, 12, 29, 30, 45, 47, 55, 61, 77, 91, 115, 121, 123, 128, 141, 142, 145, 162, 180, 182, 183, 184], "how": [26, 40, 64, 67, 87, 89, 103, 104, 129, 135, 179], "html": [58, 63], "i": [57, 109, 171, 179, 185, 192], "iam": 16, "ibm": [6, 8, 56, 60, 67, 98, 102, 121, 137, 153, 155, 156, 179, 190, 191], "icd": 161, "icdx": 59, "icon": 4, "id": [16, 18, 69, 130, 146, 153], "identifi": [47, 191], "imag": [1, 38, 86, 126], "impact": 106, "import": [0, 10, 30, 98, 168, 185, 186, 187, 188], "inbound": 137, "incid": [9, 21, 33, 34, 35, 37, 38, 56, 60, 66, 70, 78, 80, 88, 90, 103, 109, 110, 115, 121, 127, 131, 137, 145, 162, 191], "incident_close_templ": 80, "incident_create_templ": 80, "incident_update_templ": 80, "includ": [167, 168, 190], "inclus": 88, "incom": 133, "indic": 78, "individu": 127, "info": [38, 41, 117, 127], "inform": [19, 39, 41, 78, 82, 108, 111, 167], "initi": [1, 2, 116], "input": [5, 9, 33, 34, 37, 38, 48, 50, 54, 57, 62, 97, 111, 138, 139, 145, 149], "insid": 162, "insight": [55, 130], "insightidr": 107, "inspect": 47, "instal": [7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 28, 29, 30, 31, 32, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 49, 51, 52, 53, 55, 56, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 159, 161, 162, 167, 168, 171, 172, 173, 174, 175, 176, 178, 180, 181, 182, 183, 184, 185, 187, 188, 189, 190, 191, 192], "instanc": [15, 192], "instruct": [168, 169, 189, 191], "integr": [8, 10, 11, 12, 16, 29, 38, 45, 47, 55, 56, 61, 79, 86, 91, 104, 114, 115, 121, 123, 126, 127, 128, 141, 142, 145, 158, 180, 181, 182, 183, 184], "intel": 129, "intellig": 72, "interfac": 53, "intern": 78, "internet": [8, 155], "introduct": [4, 159, 178, 179, 180, 181, 182, 184], "inventory_apps_server_vers": 3, "investig": [27, 78, 107], "invit": 22, "invoc": 38, "invok": 17, "io": [14, 142, 176, 187], "ioc": [33, 61], "ip": [78, 103, 162, 168, 191], "ipinfo": 62, "isc": 167, "isitphish": 63, "isn": 179, "isol": [8, 24, 78, 108], "issu": [38, 49, 64, 74, 88, 103, 152], "item": [104, 129], "jinja": [43, 80, 106, 107, 113, 146], "jira": 64, "job": [19, 114, 146], "joe": 65, "json": [13, 18, 25, 46, 79, 91, 111, 116, 130, 131, 146, 167, 168, 189], "just": 179, "jwt": 111, "kafka": 66, "kafkafe": 181, "kei": [0, 7, 8, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 30, 31, 32, 35, 39, 41, 42, 43, 46, 47, 49, 51, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 116, 117, 118, 121, 122, 124, 125, 126, 129, 130, 131, 132, 133, 137, 140, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 190], "kill": [108, 146], "known": [38, 49], "label": [64, 66, 67, 87, 89, 103, 104, 129], "lambda": 17, "languag": 147, "last": 103, "latest": 46, "layout": [8, 9, 12, 15, 18, 19, 20, 21, 24, 25, 34, 35, 41, 42, 43, 49, 55, 64, 69, 74, 75, 77, 78, 80, 82, 87, 96, 98, 99, 100, 102, 103, 104, 106, 107, 108, 109, 110, 113, 114, 115, 116, 117, 121, 124, 129, 130, 137, 146, 152, 155], "ldap": [67, 160, 192], "ldap_search": 160, "learn": 70, "legaci": 111, "level": 109, "licens": [178, 179, 180, 181, 182, 183, 184, 192], "limit": [11, 18, 113, 183], "line": 111, "link": [88, 110, 119, 120, 121, 137], "linux": 85, "list": [16, 19, 24, 35, 46, 49, 56, 59, 74, 78, 81, 90, 107, 108, 114, 117, 124, 127, 133, 155], "listen": 66, "local": [85, 97, 102], "locat": 69, "lock": 69, "log": [10, 12, 16, 29, 34, 52, 61, 68, 95, 100, 101, 115, 123, 128, 130, 132, 141, 143, 161, 182], "logic": 130, "login": 16, "lookup": [95, 119, 128, 151, 155], "m": 133, "maas360": 69, "machin": [70, 78, 108], "maco": 86, "mailbox": 41, "main": [31, 36], "maintain": [179, 192], "make": [97, 192], "maker": 97, "manag": 102, "mandiant": 72, "manual": [78, 103], "map": [50, 102, 182, 186], "mark": 49, "mask": 49, "matching_incident_field": 183, "mcafe": [73, 74, 75, 76, 77, 172], "mechan": 111, "meet": [31, 32, 41, 42, 148], "messag": [30, 42, 88, 112, 125, 133, 138, 163, 190, 191, 192], "method": [111, 183], "mfa": 16, "microsoft": [41, 42, 78, 79, 80, 133, 157], "mid": 121, "migrat": [45, 103, 108, 114], "mirror": 1, "misp": [81, 173], "mitig": 162, "mitr": [82, 103, 186], "mode": [40, 135], "model": [35, 60, 70, 71, 127, 162], "modif": 182, "modifi": [114, 120, 182], "modul": [11, 19], "move": [24, 41, 42, 117], "msg": 91, "msgconvert": 91, "mssp": 103, "multi": 64, "multipart": 111, "multipl": [88, 103], "must": 78, "mxtoolbox": 83, "my": 179, "name": [8, 15, 16, 18, 19, 20, 21, 24, 25, 30, 33, 35, 36, 37, 38, 41, 42, 43, 49, 55, 56, 59, 64, 67, 69, 74, 77, 78, 80, 82, 87, 88, 96, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 114, 116, 117, 119, 124, 125, 129, 130, 137, 146, 152, 155], "need": 121, "netmiko": 84, "netwit": 112, "network": [25, 85, 116], "new": [71, 78, 111, 133, 156, 157, 179, 192], "nlp": 71, "node": 19, "non": 117, "notabl": 129, "note": [7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 135, 136, 137, 140, 141, 142, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 167, 173, 179, 182, 184], "noteformat": 120, "notetext": 120, "now": 114, "nsrl": 38, "oauth": [64, 88, 111, 148, 157], "oauth2_generate_refresh_token": 157, "object": [25, 56, 99, 120], "observ": [102, 146], "ocr": 86, "odbc": [87, 182], "odbcfe": 182, "offens": [102, 103, 104, 186], "older": 158, "omit": [22, 35, 47, 49, 53, 72, 106, 108, 111, 118], "one": 192, "onli": 121, "onlin": 42, "open": [64, 179], "opendxl": 76, "openldap": 192, "oper": [190, 191], "option": [38, 120, 192], "orchestr": 127, "order": 78, "org": 192, "organ": [107, 192], "other": 142, "otx": 9, "our": 192, "outbound": 88, "outlier": 56, "outlook": [91, 157], "output": [9, 33, 34, 37, 38, 48, 50, 54, 57, 62, 138, 139, 145, 149, 189], "overrid": 146, "overview": [3, 7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 118, 119, 120, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 136, 137, 140, 141, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 167, 173], "own": 120, "owner": [137, 191], "p12": 88, "pack": 190, "packag": [1, 2, 9, 30, 34, 40, 44, 56, 70, 71, 78, 88, 135, 157, 185, 186, 187, 188, 192], "packet": 43, "page": 151, "pagerduti": 90, "pair": 25, "pak": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167], "palo": 89, "panorama": 89, "paramet": [56, 111, 120], "parent": 109, "pars": [35, 91, 137, 191], "parser": 61, "partial": 95, "passivetot": [92, 174], "password": 67, "past": [57, 185], "pastebin": 93, "path": [41, 106], "paus": 114, "pb": [98, 188], "pdf": 58, "pdfid": 91, "pem": 111, "perform": [103, 179], "permiss": [24, 30, 42, 43, 74, 88, 89, 116, 131, 133, 137, 146, 152, 155, 157], "persist": [114, 162], "person": 96, "phish": [94, 191], "phishtank": 95, "picklist": 113, "pinpoint": 137, "pipl": 96, "plan": 162, "platform": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167], "playbook": [8, 11, 15, 18, 19, 21, 24, 25, 35, 36, 41, 42, 43, 46, 64, 65, 66, 67, 72, 74, 78, 80, 81, 85, 89, 90, 91, 97, 98, 99, 103, 104, 106, 107, 108, 111, 113, 114, 116, 117, 119, 124, 125, 126, 127, 129, 130, 131, 133, 137, 144, 146, 152, 153, 167, 168, 188, 190], "plugin": [103, 178, 180, 181, 184], "point": 127, "polici": [16, 74, 108, 117], "poll": 130, "poller": [15, 35, 43, 64, 78, 80, 90, 103, 106, 107, 108, 113, 130, 146, 152], "poller_filters_templ": 80, "polling_filter_criteria_": 146, "popul": [18, 55, 130, 146], "portal": 133, "post": [9, 33, 34, 37, 38, 50, 54, 57, 62, 97, 107, 113, 125, 133, 138, 139, 142, 145, 146, 149], "postgresql": [179, 183], "powershel": 85, "ppd": 137, "pre": [9, 33, 34, 37, 38, 48, 50, 54, 57, 62, 120, 138, 139, 142, 145, 149], "prerequisit": [7, 9, 11, 16, 18, 24, 27, 34, 35, 42, 43, 46, 49, 51, 56, 66, 88, 90, 92, 102, 106, 107, 116, 120, 121, 125, 130, 131, 134, 137, 138, 144, 146, 152, 155, 157, 172, 185, 187, 188, 192], "prioriti": 107, "privat": 111, "procedur": 191, "process": [9, 33, 34, 37, 38, 48, 50, 54, 57, 62, 97, 108, 138, 139, 142, 145, 146, 149, 190], "product": 192, "profil": [16, 42], "programmat": 136, "project": [152, 157], "proofpoint": [99, 100], "properti": [35, 43, 49], "protect": [23, 117], "provid": [23, 27, 38, 108, 111], "proxi": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 167], "public": 16, "publish": 76, "pull": [38, 152], "pulsed": 101, "pwned": [57, 171, 185], "py": [2, 3], "python": [6, 7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 24, 25, 28, 30, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 64, 65, 66, 67, 72, 74, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 157, 167, 178, 180, 181, 182, 184, 192], "python2": 2, "qr": 103, "qradar": [102, 103, 104, 108, 156, 179, 186], "quarantin": [78, 117], "queri": [8, 10, 18, 20, 39, 42, 59, 67, 74, 87, 104, 113, 150, 152, 153, 163, 164, 179], "ran": 33, "randori": 106, "rapid7": 107, "rdap": 150, "re": 120, "read": [86, 133], "real": 103, "rebuild": [3, 70, 71], "rebuild_image_nam": 3, "receiv": 138, "recent": 156, "record": [113, 119, 120], "refer": [64, 103, 104, 110, 192], "refresh": [3, 15, 103], "refresh_token": 111, "regard": 114, "regener": 19, "region": 107, "regist": 133, "registr": [19, 157], "relat": [78, 103, 109], "relationship": 109, "releas": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 134, 136, 137, 140, 141, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 167, 173, 179, 182, 184], "remedi": [20, 110], "remot": 85, "remov": [16, 25, 67, 74, 109, 114, 124, 155], "report": [19, 55, 56, 94, 155, 191], "repositori": [1, 46], "reput": [77, 116, 146], "request": [8, 13, 111], "requir": [4, 7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 122, 123, 124, 125, 126, 128, 129, 130, 131, 132, 133, 137, 140, 141, 143, 144, 145, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 167, 177, 181, 182, 183, 190], "requisit": 38, "res_reference_id": 120, "reserv": 182, "resili": [4, 10, 12, 14, 16, 17, 23, 27, 28, 29, 31, 47, 52, 53, 55, 56, 58, 61, 63, 68, 77, 78, 83, 84, 93, 94, 95, 100, 101, 105, 115, 123, 128, 132, 136, 141, 143, 147, 161, 163, 192], "resilientfe": 183, "resilienthelp": 120, "resolv": 116, "resourc": 15, "respons": [121, 127, 138], "rest": [25, 111, 167, 168], "rest_retry_backoff": 111, "rest_retry_delai": 111, "rest_retry_tri": 111, "restart": [30, 116], "result": [20, 33, 42, 56, 67, 77, 87, 88, 102, 117, 127, 129, 135, 159, 189, 191, 192], "resum": 114, "retri": 111, "return": [113, 120, 127], "reveal": 43, "review": 159, "revis": [30, 169], "rf": 162, "rhel": 91, "rich": [13, 18, 25, 46, 79, 91, 116, 130, 131, 146, 168, 189], "risk": [56, 162], "riski": 56, "riskiq": 174, "role": 121, "room": 148, "row": [36, 104, 146], "rsa": 112, "rule": [7, 9, 10, 13, 16, 17, 20, 22, 23, 24, 28, 31, 32, 33, 34, 37, 38, 39, 47, 48, 49, 50, 51, 53, 54, 55, 56, 57, 58, 59, 60, 62, 63, 69, 76, 77, 79, 82, 84, 86, 87, 88, 92, 93, 94, 96, 97, 102, 103, 108, 109, 110, 112, 114, 122, 124, 127, 131, 134, 136, 137, 138, 139, 140, 145, 147, 149, 150, 151, 154, 155, 163, 186, 192], "run": [18, 38, 56, 74, 85, 103, 114, 120, 192], "runbook": 19, "runner": [164, 165], "s3": 15, "safe": [51, 170], "salesforc": 113, "sampl": [9, 27, 159], "san": 167, "sandbox": [48, 65, 145, 155], "save": [70, 88], "scan": [28, 78, 94, 116, 117, 187, 188], "scc": 49, "schedul": [19, 114], "scope": 120, "score": [56, 106], "scr_amp_add_artifact_from_act": 24, "scr_amp_add_artifact_from_ev": 24, "scr_amp_add_artifact_from_trajectori": 24, "scr_sep_add_artifact_from_scan_result": 117, "scr_sep_parse_email_notif": 117, "screen": [126, 157], "screenshot": [16, 31, 36, 48, 66, 97, 130, 140, 145, 146], "script": [1, 3, 9, 10, 12, 13, 16, 18, 24, 25, 29, 33, 34, 35, 37, 38, 42, 43, 46, 48, 50, 52, 54, 57, 61, 62, 67, 68, 69, 78, 79, 85, 88, 91, 95, 96, 97, 98, 99, 100, 101, 102, 103, 115, 116, 117, 120, 123, 127, 128, 130, 131, 132, 137, 138, 139, 141, 142, 143, 145, 146, 149, 161, 162, 167, 168, 189, 191, 192], "sdk": 4, "search": [2, 33, 34, 37, 43, 56, 60, 67, 69, 71, 77, 78, 79, 81, 96, 102, 103, 104, 127, 129, 139, 146, 160, 192], "searcher": [170, 171, 172, 173, 176], "secret": [18, 56, 111, 130, 133, 157], "section": [9, 38, 78, 136], "secur": [7, 8, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 58, 59, 60, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 144, 146, 147, 148, 150, 152, 153, 154, 155, 156, 167], "securework": 115, "see": 78, "select": 113, "send": [17, 38, 41, 42, 66, 88, 106, 116, 119, 127, 131, 152], "sensit": [56, 111], "sensor": 43, "sentinel": 80, "sentinel_close_incident_templ": 80, "sentinel_update_incident_templ": 80, "sentinelon": 116, "sep": 117, "separ": 111, "sepm": 117, "server": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 45, 46, 47, 49, 51, 53, 55, 59, 60, 61, 63, 64, 65, 66, 67, 72, 74, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 110, 111, 113, 114, 115, 116, 117, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 133, 136, 137, 141, 142, 144, 145, 146, 147, 148, 150, 152, 153, 154, 155, 163, 167, 180, 181, 182, 183, 184], "servic": [16, 43, 90, 169, 175, 177], "servicenow": [118, 119, 120, 121], "servicenowallowedtablenam": 121, "set": [18, 24, 33, 37, 38, 48, 50, 54, 57, 62, 67, 74, 77, 78, 103, 104, 107, 119, 133, 136, 138, 139, 142, 149, 157], "setup": [0, 30, 36, 38, 44, 61, 70, 71, 142, 163, 169, 177, 183, 192], "sh": [1, 3, 4], "shadow": 37, "shadowserv": [122, 175], "share": 192, "shell": [85, 165, 192], "shodan": 123, "shutdown": 116, "side": 111, "siem": [99, 104, 130], "siemplifi": 124, "sight": 81, "sign": [16, 88], "signal": 130, "similar": [35, 146], "simpl": 24, "simplifi": 127, "simul": 8, "singl": [64, 67, 87, 89, 103, 104, 129], "sir": 121, "site": 159, "slack": 125, "sm": [17, 138], "smtp": 157, "sn": 17, "sn_table_nam": 119, "snapshot": 126, "snow": 119, "snrecordid": 120, "snticketst": 120, "snticketstatecolor": 120, "soar": [2, 6, 7, 8, 11, 13, 15, 16, 18, 19, 20, 21, 22, 24, 25, 32, 35, 36, 39, 41, 42, 43, 46, 49, 51, 59, 60, 64, 65, 66, 67, 72, 74, 79, 80, 81, 82, 85, 86, 87, 88, 89, 90, 91, 92, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 121, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 143, 144, 146, 148, 150, 151, 152, 153, 154, 155, 156, 161, 167, 179, 183, 185, 186, 187, 188, 190, 191], "soar_close_cas": [106, 107, 113, 146], "soar_close_incid": 43, "soar_create_cas": [106, 107, 113, 146], "soar_create_case_with_artifact": 113, "soar_create_incid": 43, "soar_ticketid_incid": 43, "soar_update_cas": [106, 107, 113, 146], "soar_update_incid": 43, "softwar": [69, 82], "solut": 191, "sourc": [49, 56, 103], "spamhau": 128, "specif": [16, 38], "specifi": [99, 146], "splunk": [129, 184], "splunkhecfe": 184, "spotter": 56, "sql": 87, "sqlite": 183, "sqlitefe": 182, "sqlserver": 87, "ssh": [16, 38], "sshpass": 11, "ssl": [85, 91], "standalon": 43, "start": [44, 70, 71, 192], "statement": 30, "statist": 19, "statu": [10, 12, 16, 20, 29, 52, 61, 68, 95, 100, 101, 106, 107, 108, 113, 115, 116, 117, 123, 128, 130, 132, 141, 143, 152, 161], "staxx": 10, "step": [3, 17, 38, 120, 121, 168, 183, 189, 192], "stop": 69, "storag": 107, "store": 192, "stream": 28, "string": [120, 127, 182], "structur": 0, "subscrib": 76, "summari": [103, 117, 155], "sumo": 130, "sup": 186, "support": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 27, 28, 29, 31, 32, 35, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 140, 141, 143, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 167, 168, 173, 179, 183], "sure": 192, "symantec": [59, 117, 131], "sync": [64, 109, 113, 121, 124, 152], "synchron": 183, "sys_id": 119, "system": [70, 71, 74, 91], "t": 179, "tab": [115, 121], "tabl": [1, 7, 8, 9, 10, 11, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 41, 42, 43, 46, 47, 49, 51, 53, 55, 56, 58, 59, 60, 63, 64, 65, 66, 67, 69, 72, 74, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 96, 97, 98, 99, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 116, 117, 119, 122, 124, 125, 126, 127, 129, 130, 131, 133, 136, 137, 138, 140, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 157], "tactic": [82, 103, 186], "tag": [35, 43, 74, 81, 130, 146], "taken": 127, "tap": 99, "tar": 135, "target": 106, "task": [64, 74, 88, 109, 113, 124, 132, 190], "team": [133, 148], "technic": 192, "techniqu": [82, 103], "templat": [35, 43, 49, 64, 66, 78, 80, 88, 90, 106, 107, 113, 130, 131, 146, 152, 190], "tenanc": 64, "test": [121, 163, 192], "text": [13, 18, 25, 46, 79, 86, 91, 116, 130, 131, 146, 168, 189], "thi": [1, 2, 9, 30, 34, 56, 78, 179, 192], "threat": [13, 72, 99, 116, 129, 162, 168, 169, 170, 171, 172, 173, 175, 176, 177], "threatmin": 134, "thug": 135, "tie": [77, 172], "time": 103, "timeout": 101, "timer": [136, 168], "timer_epoch": 136, "timezon": [41, 182], "tip": 183, "tl": 88, "tm": 186, "toc": [22, 35, 47, 49, 53, 72, 106, 108, 111, 118], "toggl": 67, "token": [88, 111], "tool": 179, "top": 103, "tor": 105, "tower": 12, "traffic": 8, "trajectori": 24, "transfer": 192, "transform": 91, "transit": [64, 90], "translat": 147, "trap": 100, "tri": 111, "trigger": [103, 108], "troubleshoot": [7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 28, 29, 30, 31, 32, 36, 39, 41, 42, 43, 46, 47, 49, 51, 52, 53, 55, 58, 59, 60, 61, 63, 64, 65, 66, 67, 68, 69, 71, 72, 74, 75, 76, 77, 78, 79, 80, 81, 82, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 106, 107, 108, 109, 110, 111, 113, 114, 115, 116, 117, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 136, 137, 140, 141, 143, 144, 146, 147, 148, 150, 151, 152, 153, 154, 155, 157, 161, 168, 183, 190], "trusteer": 137, "twilio": 138, "twilio_send_sm": 138, "twitter": 139, "txt": [3, 4], "type": [15, 16, 24, 55, 69, 77, 99, 103, 109, 113, 137, 173, 182], "ubuntu": 86, "ui": [121, 192], "umbrella": [26, 27], "unacknowledg": 35, "unencrypt": 88, "uninstal": [10, 12, 29, 40, 44, 45, 52, 61, 68, 70, 71, 75, 95, 100, 101, 115, 123, 128, 132, 135, 141, 143, 161, 173, 185, 186, 188], "up": [4, 74, 133, 179], "updat": [16, 36, 43, 46, 49, 66, 67, 74, 78, 79, 80, 103, 104, 106, 113, 116, 117, 119, 124, 129, 130, 131, 137, 151, 156], "updatestateinresili": 120, "upgrad": [10, 169], "upload": [117, 131], "upon": 127, "url": [63, 85, 94, 95, 126, 137, 140, 155, 168, 191], "urlhau": 141, "urlscan": [142, 176, 187], "us": [3, 9, 14, 17, 26, 40, 47, 56, 64, 67, 73, 78, 82, 83, 87, 88, 89, 97, 102, 103, 104, 105, 108, 111, 120, 129, 133, 135, 179, 192], "usag": [0, 1, 2, 56, 68, 98, 157, 168, 185, 186, 187, 188, 189], "usecas": 38, "user": [16, 42, 55, 56, 74, 89, 99, 113, 121, 162, 192], "util": [3, 17, 19, 34, 36, 39, 48, 60, 67, 85, 88, 91, 98, 127, 132, 143, 153, 157, 192], "v": 192, "v1": [10, 13, 18, 25, 29, 42, 45, 46, 52, 63, 68, 69, 75, 76, 78, 91, 95, 100, 101, 114, 115, 116, 118, 123, 128, 130, 131, 134, 137, 140, 145, 146, 161, 168, 173, 188], "v2": [80, 88, 114, 118, 123, 183, 191], "valid": [40, 192], "valu": 133, "vault": 9, "version": [18, 24, 25, 32, 35, 41, 46, 64, 66, 72, 99, 103, 106, 107, 108, 113, 124, 130, 137, 144, 146, 152, 155, 182, 192], "view": [70, 192], "viewabl": 126, "virtual": 16, "virustot": [144, 188], "vmrai": 145, "vmware": 146, "volatil": 38, "vulner": [78, 152], "wake": 74, "watchlist": 43, "watson": [102, 147], "web": 111, "webex": [31, 148], "webhook": 133, "webpag": 48, "what": 190, "when": [64, 67, 87, 89, 103, 104, 129], "which": 192, "whitelist": 38, "who": 103, "whoi": [149, 150], "why": 179, "wiki": 151, "window": [85, 86], "wipe": 69, "within": 126, "without": 97, "wiz": 152, "word": 182, "workflow": [23, 27, 38, 56, 64, 87, 98, 103, 108, 112, 120, 127, 134, 146, 162, 185, 187, 192], "workshop": 192, "wrap": [4, 127], "write": [25, 42], "x": [43, 153, 179], "xforc": 153, "xml": 91, "yeti": [154, 177], "you": [108, 179], "your": [4, 78, 121, 192], "zia": 155, "zip": 127, "zoom": 32, "zscaler": 155}})
\ No newline at end of file
diff --git a/workshop-guide/README.html b/workshop-guide/README.html
index aac315eab..f6a8a92d6 100644
--- a/workshop-guide/README.html
+++ b/workshop-guide/README.html
@@ -227,6 +227,7 @@
 </ul>
 <p class="caption" role="heading"><span class="caption-text">All Apps</span></p>
 <ul>
+<li class="toctree-l1"><a class="reference internal" href="../fn_algosec/README.html">IBM SOAR integration for AlgoSec</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_abuseipdb/README.html">AbuseIPDB</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_alienvault_otx/README.html">AlienVault OTX</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_anomali_staxx/README.html">Anomali Staxx</a></li>
@@ -342,6 +343,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_snapshot_url/README.html">Snapshot URL</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_spamhaus_query/README.html">Spamhaus Lookup</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_splunk_integration/README.html">Splunk</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_sumo_logic/README.html">Sumo Logic Cloud SIEM</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_task_utils/README.html">Task Utilities</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_teams/README.html">Microsoft Teams</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_threatminer/README.html">ThreatMiner</a></li>
@@ -358,7 +360,7 @@
 <li class="toctree-l1"><a class="reference internal" href="../fn_watson_translate/README.html">Watson Translate</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_webex/README.html">Cisco Webex</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_whois/README.html">Whois</a></li>
-<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">Whois RDAP</a></li>
+<li class="toctree-l1"><a class="reference internal" href="../fn_whois_rdap/README.html">fn_whois_rdap</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_wiki/README.html">SOAR Wiki</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_xforce/README.html">IBM XForce Collections</a></li>
 <li class="toctree-l1"><a class="reference internal" href="../fn_yeti/README.html">Yeti</a></li>